Slashdot Mirror
20 Years of Virii
DenOfEarth writes "News.com has an article outlining that it was around twenty years ago that a computer security reasearcher coined the term 'virus', and how the things have been running amok. Interestingly enough, when said researcher applyed for research funding to look into a blanket solution to this possible 'virus' problem, he was turned down."
Viruses were much cooler in the early nineties. They didn't spread as wildfire on the internet, but at least they did cool thing as code morphing to foil antivirus programs.
And why is this guy surprised that he doesn't get a grant for a "blanket solution" for viruses? I've got a blanket solution for world hunger and cancer, but I'm not getting any reasearch funding either.
How small a thought it takes to fill a whole life
While reading the live memory, I found a message stating "Tequilla and Beer forever" along with an address in Switserland if I recall correctly. Ah, those where the days.... Where viruses were no lame email worms but appended themselves to executables.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
When he asked for funding from the National Science Foundation three years later to further explore countermeasures, the agency rebuffed him.
A typical problem with getting research funded (or published) is that the gatekeepers, the people who decide what gets funded/published, often choose what is worthy based on their own research interests. One generally has to have established a track record to become a gatekeeper, which means that new ideas are often shut out, while researchers pursue what they think are the current "fashions."
James Gleick (author of Chaos) tells how he was warned by professors that he'd ruin his career wasting his time with this "chaos" nonsense. (Fortunately, he ignored them.)
English isn't Latin -- there's nothing wrong with 'viruses'. There's no reason to out of our way to make English even more irregular than it already is -- particular when 'virii' wouldn't be correct Latin anyway (it would have to be 'virius', not 'virus', for 'virii' to work).
-- Help Digitise the Public Domain at DP.
Here's the company which created the first computer virus for the PC architecture. Interesting story on this page.
Banu
"Do you remember the VIRUS program?" ....etc. etc.
"Vaguely. Wasn't it some kind of computer disease or malfunction?"
"Disease is closer. There was a science-fiction writer once who wrote a story about it--but the thing had been around a long time before that.
(p. 175, in the 1975 Ballantine paperback reprint: I think I have the 1972 serialization in Galaxy somewhere in a box upstairs, but I can't be arsed to dig it out)
Actually, as described in the succeeding pages, VIRUS was more of a worm (a term coined by John Brunner in "The Shockwave Rider", but you knew that already); but the idea of malware called a virus was around in the early 70s at least.
Any time you read an article and see Fred Cohen's name, you can stop reading right there, because you know another so called "journalist" has fallen hook, line, and sinker for this guy's self-aggrandizing line of bullshit. Note that you'll never find an article quoting X as saying Fred Cohen is the father of computer viruses, unless X is Fred Cohen. He's shilling for his security consulting firm, plain and simple. He no more "invented" the computer virus than Al Gore invented the Internet. Please, Slashdot, stop feeding this buttplug's enormous ego!
Cantankerous old coot since 1957.
17 people jump into the discussion to say that "virii" should be "viruses".
Yet no one complains that "applyed" should be written "applied".
Strange.
I was having a red wine fuelled conversation with some friends on the subject of viruses, worms and Internet security the other day. We were discussing how connectivity has changed the landscape with regards to the impact of viruses, bugs and worms. In the eighties and early nineties there was less connectivity than we have with the modern Internet. The obvious analogue to human viral pathogens and the rise of jet aircraft travel between countries shows how this will only get worse as more devices are connected to Internet and how inoculation and prevention together with secure coding practices (something which has no human virus equivalent at the moment, but who knows where DNS techniques will take us) are becoming mandatory. Should all devices connecting to the network be licensed and approved as cars travelling on roads today must be?
The most interesting point raised was when (if?) we reach the point where viruses are classifiable as sentient beings. Do we then have the right to arbitrarily exterminate them? I could in my stupidest dreams foresee a court case where the latest Internet Explorer 99 bug is arguing for it's continued existence, social welfare and the right to bear children.
What would you suggest? People will write viruses for every platform. People just write more for Windows since it is the most prevalent environment.
Greater security in the operating system will help, but there will always be people who are willing to find ways to break the system, some maliciously, others not so much. There is no perfect solution.
Sadly, as spammers become interested in exploited open relays for their "business", writing viruses is slowly but surely becoming lucrative. And we're not talking about some random 13 year olds with a 1997 OE exploit, here, either. While most professionals would never write a virus for fun, money is always a very good, very valid and very strong argument.
Such is life. Get Grisoft AVG while you can, free and good virus scanner. Norton sans bloat and anual subscriptions.
Hate me!
In theory, a capability system can be used to prevent many types of viruses; however, they are still vulnerable to at least two kinds of attacks.
First, if a program is capable of causing damage with rights it legitimately possesses, the capability system will be unable to prevent it from doing whatever it chooses. This would typically require some sort of manual intervention (exploiting a backdoor, rooting the system, spoofing a distribution site) to compromise a trusted component, but there are many programs which run with enough rights to spread themselves. For instance, if the file system manager is a trojan, it can copy itself or delete a user's files without overstepping the security mechanism.
Second, capability systems are just as susceptible to social engineering as any other security device: if a user naively grants the "cool new game" he just received in an email full rights to his system, the rest of the security policy is pretty much useless. The danger lessens if only administrators can grant rights to programs, but in general no security mechanism can protect a system if it is not used as it was intended
You're always going to get people who are looking for any excuse to bring another down.
Then you have those who are seeing a common mistake and pointing it out, either through their own superiority or in an attempt to help others mend their ways.
And there are others who find that basic mistakes diminish the credibility of the text. If the author can't even get the obvious things right, how much of the rest is correct?
I personally get annoyed with people who make common mistakes like using they're, there and their interchangably. Why? It slows my reading down as I pause and translate. Too many mistakes and I just move on... that person's voice unheard by me. Sure, I can understand it if I read it for long enough, but why should I make the effort when the author could've tried a bit harder. Oh, and at the risk of sounding hypocritical, I can't abide laziness either.
Speaking of virus it has always been somewhat mysterious. I remember when I compiled my first dos virus in assembling it was such a painful task. From the initial assumption to the final accomplishment it took me more than 3 months, but what I had compiled was still at mess. Recently I come up with the idea that virus ultimately is something that affects other files and spreads itself, so it would not be too complicated to compile a virus by shell. Then I conveniently compiled the following script. Its functionality is to affect other shell programs.
This program is of little practical significance, but it is helpful to visually understand the virus spread mechanism. Therefore, its instructive significance is more important than the practical one.
Read the rest here.
IIRC, it wouldn't have been medical: the Romans used a health model based upon the "four humours" (blood, mucus, etc) where illnesses that we today would attribute to a virus were then seen in terms of surpluses or shortages within the body of a particular humour. At that point, I don't believe Romans had the technology to see microscopic organisms, let alone associate them with illness and disease.
So what did "virus" mean?
You are not alone. This is not normal. None of this is normal.
By 1982, there were mutant versions of Apple ][ DOS that were called viruses.
By 1986, the DoD was soliciting RFPs through the SBIR program for people to write viruses.
Cohen and News.com are completely and totally **WRONG** about the coinage of the term. An academic and a news outlet: nobody should be surpised they're full of sh!t.
I was told to hand it off to our sysadmin group, and gave it to someone I'd never met before, named David Smith. The day later when I got it back, I was driving home when I heard that someone in NJ named David Smith had been arrested for releasing the worm. While I laughed about the coincidence, and assumed it was someone else since his town in NJ was many miles from my employer, sure enough a few hours later I got mail at work saying a contractor there had been accused of it.
The epilogue is that in the last day he was working there, he worked on at least two computers: mine and that of the head of the lab. And while I was a bit nervous, I'm pretty sure he just did a fine job, and didn't leave any surprises in the systems he was tinkering with at the time.
Robert T. Morris (of the 1988 worm fame) is now a professor at MIT. I wonder what Mr. Smith will be doing a few years from now? (And please avoid the one-liner.... "time" :)
We make new words out of old ones all the time;
we verb anything;
we create words like "tintinabulation" just because of how they sound, or add words just to have another one that means the same thing;
we create euphemisms for euphemisms;
there is even a word or two with roots that come from two different languages;
we have only a few words to describe the qualities of sounds (mostly only distinguishing good sounds from bad ones), and between the qualities of smells (mostly only distinguishing good smells from bad ones);
we can make gramatically correct sentences that are difficult to parse - in fact, it has been proven that we can make such sentences that are impossible to parse.
All these things are, of course, ridiculous.
Why not add one more thing to the list of ridiculii?
Mod me down and I will become more powerful than you can possibly imagine!
For many people in the UNIX community, the Morris worm was the great wakeup call that the 'net was no longer a safe space where you could trust all the other sysadmins (( as was especially the case when your 'net was really only a LAN )).
As a result of the Morris worm, people started to lock down their systems and software, including simple things like using fgets(3) instead of gets(3).
(This lesson was also available to Microsoft, but they chose to ignore it until very recently.)
Free Software: Like love, it grows best when given away.