20 Years of Computer Viruses

Tuxedo Jack writes "The Register reports that twenty years ago today (19 January 1986), the first computer virus, Brain, was discovered. By modern standards, this was a minor virus, and it spread by floppy disks, which is a far cry from the network-aware worms of today. Still, though, it was the first noted virus, and we've had twenty years of pain and annoyance from it and its successors. Happy birthday, Brain, you and all your little virus friends - just know we're doing our damndest to keep you from having more."

Yay for viruses!

[Jailbrekr]

Thanks to the Blaster virus, I'm getting married in 2 days. See, viruses aren't all bad.

Re:Yay for viruses!

[Terminal+Saint]

Bitter much?

Re:Yay for viruses!

[caffeinemessiah]

...far cry from the network-aware worms of today... And so the worms of yesteryear were NOT network-aware, and still 'worms' huh?

Re:Yay for viruses!

[bazald]

Yeah, of course /all/ mac users are /completely/ safe and will /never/ need protection against viruses /ever/...

Re:Yay for viruses!

[macadamia_harold]

Thanks to the Blaster virus, I'm getting married in 2 days.

I don't get it. what does blaster have to do with you getting married?

Re:Yay for viruses!

[jayloden]

Funny coincidence! I'm getting married in November, and I met my fiancee because of my work with AIMFix antivirus tool for IM viruses. If she hadn't gotten an IM virus, we would never have met and I wouldn't be getting married in Hawaii :)

Re:Yay for viruses!

[msormune]

Well, maybe you should wait a few years and recheck your opinion on that...

Re:Yay for viruses!

[MegaFur]

You make a good point. But then this is slashdot where stuff like actually using the correct word (e.g. than/then) matters little.

Re:Yay for viruses!

[ByteGuerrilla]

That statement wasn't saying network-aware worms vs. network-unaware worms - it was comparing twenty year old viruses spread by floppy disks with modern network-aware equivalents... worms. Nothing wrong with how the phrased was structured, althought I personally would have single-quoted the word worms to clarify.

Re:Yay for viruses!

[dorkygeek]

Except that the first worm was out in 1988...

Re:Yay for viruses!

[Marthirial]

Are you getting married to an antivirus?

Re:Yay for viruses!

[lars_boegild_thomsen]

Let's discuss that in 6-7 years :)

Re:Yay for viruses!

[danpsmith]

Thanks to the Blaster virus, I'm getting married in 2 days. See, viruses aren't all bad.

That's hardly proof that viruses aren't all bad...

Re:Yay for viruses!

[Burz]

Yeah, of course /all/ mac users are /completely/ safe and will /never/ need protection against viruses /ever/...

As I recall, viruses were not terribly uncommon for Mac OS before OS X. Now there are none.

Re:Yay for viruses!

Thats because there is no market share for apple and hackers dont waste time writting viruses for it.

Re:Yay for viruses!

[kadathseeker]

How did that happen? Did you meet at a Linux class? Are you marrying antivirus software?

Re:Yay for viruses!

[operagost]

Looks like you're infected with the "InappropriateSlashUse.a" virus.

Re:Yay for viruses!

[Burz]

Thats because there is no market share for apple and hackers dont waste time writting viruses for it.

There were about 40 viruses for earlier versions of the "no market share" platform.

Also virus writers are not in it for money, nor do relatively advanced coders think much about using different platforms. The pre-OS X viruses prove this.

So keep repeating the myth that large marketshare is the determining factor for infestation. It won't change the fact that OS X is more secure than Windows by design.

Re:Yay for viruses!

[h2oliu]

There were far more than 40 viruses for Mac OS in the late 80's. I believe I used Virex, having to clean up one of my room mate's computers. Then there were the cross platform word Macro viruses.

Thankfully, Mac tightened up its security in the move to OS X. Windows tightened up security in.....?

Re:Yay for viruses!

[Software]

>And so the worms of yesteryear were NOT network-aware, and still 'worms' huh?

The original sentence does not say that there were worms years ago. You misunderstand its meaning. Let's look at the original sentence again:

By modern standards, this was a minor virus, and it spread by floppy disks, which is a far cry from the network-aware worms of today.

This could be reworded as:

Today, we have worms, which are network-aware. In years gone past, we had viruses. The first virus, "Brain", spread by floppy disks.

Re:Yay for viruses!

[Burz]

I ran into a site that claimed most Mac viruses were actually MS Office macros, but they didn't show any data.

This site shows that as of 2000, there were about 40 and were mostly Mac system-specific:
http://www.faqs.org/faqs/computer-virus/macintosh- faq/

Sigh...

[ryanr]

Not the first virus. It's the first PC virus, meaning IBM PC running DOS.

Re:Sigh...

[slashdotnickname]

Not the first virus. It's the first PC virus, meaning IBM PC running DOS.

The article calls it a PC virus, maybe you should read them sometimes.

Re:Sigh...

Silly Ryanr!

Did no one inform you that all computers are X86 based PCs, all operating systems Microsoft Windows, and all web browsers Internet Explorer?

I guess you didn't get the memo.

Re:Sigh...

[aarku]

Indeed. At least back to 1981 on the Apple II. Or "Elk Cloner" in 1982 according to wikipedia.

Re:Sigh...

[Nivoset]

i like the sunday virus mainly for the name and what it was supposed to do.. still got a copy of it somewhere.. hee hee

Re:Sigh...

[ryanr]

I'm aware of what the linked article says. My comment is in relation to the Slashdot headline, which is incorrect about it being the first virus, and hence this is not the 20th anniversary of viruses.

I did mail daddypants before the article went live, too. Didn't seem to help.

Re:Sigh...

[nemski]

Silly rabbit, Wikipedia is not for research. ;-)

Re:Sigh...

You must have the most pathetic life to get bothered by things like this.

Get out more. Be happy.

yes but

...Did it run on linux..?

Correction

[Lithgon]

20 years and 1 day.

Re:Correction

[JorgeDeLaCancha]

Technicality. One day is a little over .01% of the total.

Re:Correction

[Obsidian+Dagger]

How is the parent offtopic? A smartass yes but offtopic?

Message in the virus?

[pvt_medic]

Welcome to the Dungeon
(c) 1986 Basit & Amjad (pvt) Ltd.
BRAIN COMPUTER SERVICES
730 NIZAB BLOCK ALLAMA IQBAL TOWN
LAHORE-PAKISTAN
PHONE :430791,443248,280530.
Beware of this VIRUS....
Contact us for vaccination.

I wonder if anyone ever tried to look up these guys. Kind of blatent calling card if you ask me.

Re:Message in the virus?

[dotpavan]

people did take them seriously, so seriously that they were interviewed by TIME, for more story, over to this link, but alas I think it was short-lived.. now they are kinda reduced to ISP and stuff

Re:Message in the virus?

[yeruki]

I wonder why nobody ever looked them up at the time. That's weird. If I was computer companies, I woulda kicked the hell out of them.

Re:Message in the virus?

These two Brothers who created this virus are now millionries, have built Pakistan's largest ISP Brain Net and are also WLL service providers. See.. http://brain.net.pk/

Re:Message in the virus?

At the time they weren't seen as a threat - an interesting annoyance at best. The first ones weren't damaging, they were more done as an academic exercise to show that you could get a program to propogate itself. So no-one bothered at the time, because it wasn't a problem yet and no-one cared.

They only became a threat when people got bored with that and made damaging ones.

Re:Message in the virus?

[objwiz]

I *thought*, but I certainly could be wrong, that the guys that wrote it, wrote the virus as a means of trying to get a programming job. Hence, the calling card. And when people called to get instructions about removing the virus, they would also give them their resume. I tried searching the net but my meager attempts found nothing to confirm it. Any one got any info?

This is year 12 of me using Linux

[cyber_rigger]

....virus free.

Re:This is year 12 of me using Linux

[Joel+from+Sydney]

I've had and maintained Windows boxes fairly constantly for the last 15 years, and to date the only Windows virus I've had problems with was CIH (aka Chernobyl). That was pretty bad though, a completely busted hard drive.

The only other virus to penetrate my defences was stoned.angelina, back in the DOS days. Don't think I even had a virus scanner back then.

Re:This is year 12 of me using Linux

[audacity242]

This is year 10 of me using Windows virus free.

Plus 4 years of DOS before that.

Re:This is year 12 of me using Linux

[JymmyZ]

I remember my PC getting stoned from a game being passed around, what an annoyance that was (relatively speaking). From that point on I swore never to let my computers near drugs again.

Re:This is year 12 of me using Linux

[davmoo]

So the fuck what.

This is year 22 of me using a Microsoft OS...virus free.

The most important component for virus protection is the one sitting between the chair and the keyboard. Everything else (including OS choice) is largely irrelevant.

Re:This is year 12 of me using Linux

[everphilski]

The most important component for virus protection is the one sitting between the chair and the keyboard.

Seconded. An idiot will have as many problems with Linux - even a Mac as he will with Windows (I have seen this firsthand, both the mac and linux case). A little education goes a long way.

Re:This is year 12 of me using Linux

[Gax]

>This is year 22 of me using a Microsoft OS...virus free.
>The most important component for virus protection is the one sitting between the chair and the >keyboard. Everything else (including OS choice) is largely irrelevant.

You fell for Microsoft's viral marketing.

I'd like to mention that a virus checker is no protection if it doesn't recognise the virus. I was using some crappy virus software in 1999. My machine was infected with the WinCIH virus. It destroyed my BIOS and overwrote sections of my hard disk four days before my final paper was due. Fortunately, the paper was only 2500 words and I had a printed copy I could retype. I managed to retrieve the data a few months later, but I had to quickly buy a new motherboard to resurrect the machine. Nowadays I use a decent well-known virus checker and disable BIOS updates.
--
Avoid miner viruses by covering the shaft.

Re:This is year 12 of me using Linux

[MikeFM]

You know you don't have to just play Minesweeper. You could plug into the network or at least install some new programs from disc. Many of us think of Windows as the virus so I have doubts about your claims anyway. ;)

Re:This is year 12 of me using Linux

[vettemph]

>>> This is year 10 of me using Windows virus free.

Very good What would you like us to do with this single data point?

or

How does if feel to be all alone? :)

"Network aware" worms

[BadAnalogyGuy]

Requiring the user to execute an email attachment is to spreading invisibly via floppy disk

as

a) Slashdot is to news
b) Bush is to Clinton
c) Moth is to butterfly
d) Suicide is to STD

Re:"Network aware" worms

[jofi]

Requiring the user to execute an email attachment is to spreading invisibly via floppy disk

You mean it required user interaction to get infected?

D'oh! Nevermind, seems 99.99999999999999999999999999999999999999% of Windows viruses/malware are still like that.

Re:"Network aware" worms

I do not think you know how to properly use analogies.

Re:"Network aware" worms

[PenisLands]

Well, you're certainly living up to your name, Mr BadAnalogyGuy.
(Just joking, no offense meant.)

Re:"Network aware" worms

The difference was that to run a virus today, you often have to click on a disguised attachment (say, sexypicture.jpg.exe) to execute it. The viruses of old would begin their nasty without the user even noticing. (Inserting disks is more or less routine activity before the days of ubiquitous lan and internet).

Re:"Network aware" worms

[Diag]

+1 Insightful to the parent.

The only virus I ever caught was Byte Bandit on the Amiga 500. It spread via floppy disk and got onto just about all my "backup" games, rendering most of them useless.

Stupid Byte Bandit. I still have the A500 and the floppies, and they're still infected :(

Re:"Network aware" worms

[paulzeye]

For the love of God, please don't live up to your name

first PC virus

[dotpavan]

quoting wikipedia: "A program called "Elk Cloner" is credited with being the first computer virus to appear "in the wild" -- that is, outside the single computer or lab where it was created. Written in 1982 by Rich Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread by floppy disk."

And, "The first PC virus was a boot sector virus called (c)Brain, created in 1986 by two brothers, Basit and Amjad Farooq Alvi, operating out of Lahore, Pakistan. The brothers reportedly created the virus to deter pirated copies of software they had written."

Re:first PC virus

[Neo-Rio-101]

The brothers reportedly created the virus to deter pirated copies of software they had written.

Predecessor to the SONY rootkit!
*ducks*

Re:first PC virus

[eweu]

See? Apples have always had innovations years before PCs.

The only computer virus I've ever had was the WDEF virus. Disinfectant caught it right away. That was 1992, so I guess I'm too smug.

Re:first PC virus

[scdeimos]

Oh well, Sony won't be able to claim Prior Art.

Re:first PC virus

[glowworm]

And... I believe the first network aware self propogating worm was the Morris worm (1998/11/02) meant to gague the size of the internet.

I believe the third worm and the first on-purpose malicious network worm was Wank from October 1989. It attacked VAX machines running on DECNet, changing passwords and lol phoning all the people who had accounts to annoy them ;). Cert Wank Advisory CA-1989-04 ;)

Earlier in 1988 there was the hi.com worm, but that was just a zombie. It was meant to send a Merry Christmas message to all infected users on 25 December 1988 ;)


W O R M A G A I N S T N U C L E A R K I L L E R S
Your System Has Been Officially WANKed
You talk of times of peace for all, and then prepare for war.

Someone might know of an earlier malicious network aware worm, but this is the first one I know of.

Re:first PC virus

[pvt_medic]

so they should file a patent on this. Think about the royalties they could take in

Re:first PC virus

[earthbound+kid]

You have a typo: Morris was 1988, not 1998. It's obvious from the rest of your post though.

Re:first PC virus

[davevr]

Given that WDEF started in 1989 and you still caught it in 1992, I would agree that yes, you are too smug. ;-)

Re:first PC virus

[pookemon]

Er - didn't Apple make Personal Computers back then?

Re:first PC virus

Incorrect. I post as anonymous coward for obvious reasons.

In 1981, I wrote an assembly program I called Apple Cancer. It resided in the 3 spare sectors left over in the directory track when apple switched from 13 to 16 sector disks. An additional directory normally unused bit was used as a flag to indicate whether the disk had been infected or not so as to eliminate the need for costly rereads of the spare sectors mentioned above.

If the infection bit was not set, a call was made to a routine in the operating system normally only used to initialize new disks which would one time write the patched operating system - and the 3 extra sectors to the disk. It was very fast and barely noticeable.

The original idea was as a copy protection scheme, but it quickly became obvious where the true non-utility was. It worked only too well.

Re:first PC virus

[linuxfanatic1024]

The age of a virus is completely irrelevant if your computer catches it. It can still do damage.

Re:first PC virus

[hughk]

No, the first worm was earlier, but it stayed inside one company's very large internal DECnet network. It was a networking mapping script that went wrong on DEC's Easynet in the early eighties that was supposed to collect adjacency information and then execute itself on any compatible adjacent nodes. I guess you can see the problem there (it never checked in case it had already visited a node).

The employee concerned was never caught although he sometimes would admit to it a loong time later.

Re:first PC virus

[Shano]

Indeed. I discovered one of my Acorn machines was riddled with the Extend virus (through no fault of my own - it was about third hand and had obviously been infected at the school it came from). As it happens, !Extend is harmless and later versions of the OS detect it immediately, but still ... this is a virus from about 1992 showing up in 2005.

Re:first PC virus

[Redwin]

Regarding first instances of worms, in the 1970's a program called "Creeper" was created and spread across networked computers running TENEX spreading independantly of user interaction. A second program called "Reaper" was then released to find copies of the first program and delete it. See The VirusList.com and digitalcraft.org for more information.

That being said the Morris worm was the first to get serious public attention, and a paper called "The Morris worm: a fifteen-year perspective" by Orman and Streak has an interesting analysis of it. Unfortunately it (appears) only to be available through IEEE so a subscription is required to view it.

Re:first PC virus

[DJTodd242]

Read all about WANK, looks like it came from Australia.

http://www.underground-book.com/download.php3

Re:first PC virus

[kimvette]

That has never stopped patent applicants from being awarded software patents before!!

Re:first PC virus

[Foerstner]

Compared to the old floppy-spread viruses, modern internet worms are a flash in the pan. The older ones had staying power, and could wait patiently on a floppy for half a decade and then become active again.

Happy Birthday, Virus!

[pHatidic]

I LOVE YOU

Re:Happy Birthday, Virus!

[zoloto]

No that post wasn't a virus, LOL!

Re:Happy Birthday, Virus!

[Tavor]

Happy Birthday Joshi!
There, darnit. Now to get on with my life.

Makes you wonder

[dartarrow]

... how Quantum Viruses would be.

Re:Makes you wonder

Those may or may not already exist.

Re:Makes you wonder

" Those may or may not already exist."

you mean "they exist and don't exist"

Re:Makes you wonder

[hackstraw]

.... how Quantum Viruses would be.

Well, they might be bad, but you would never really know where they were and where they are going :)

I got my first and last virus in 1994 from a roommate in college who brought me the "Monkey" virus from a computer lab on a floppy disk. I also have not used Microsoft based operating systems that much since that date.

I guess I'm lucky.

Re:Makes you wonder

[ZzzzSleep]

Quoth dartarrow

Makes you wonder how Quantum Viruses would be.

There was an article about it in new scientist a little while ago. The first part of the article can be found here. A pdf of the full article can be found here.
Cheers,
ZzzzSleep.

Re:Makes you wonder

[Rado.hr]

At the moment you acquire one, it will be in the quantum uncertainity state of infecting all your files, but you won't be sure until you run quantum antivirus to pin it down to a certain state of infecting just one file. I don't see much improvement in end-user experience...

Re:Makes you wonder

[vertinox]

Makes you wonder how Quantum Viruses would be.

The good news is that you won't get infected until you observe the virus.

The bad news is that if you do observe the virus, you have a 50/50 chance of a dead cat inside your computer.

okay!

[maxrate]

Time to whip out the old 5 1/4" floppies!!!!!!

Re:okay!

Time to whip out the old 5 1/4" floppies!!!!!!

I have an 9" hard di...oh wait.

Re:okay!

[whiteranger99x]

I have an 9" hard di...oh wait.

Damn, a 9" hard disk? You must have one Scuzzy disk :P

Re:okay!

[saboola]

That's what she said! Giggity Giggity! Alriiight!

Re:okay!

[poot_rootbeer]

Time to whip out the old 5 1/4" floppies!!!!!!

I take it you're a "shower", and not a "grower".

Also: plural?!?!?

Good luck

"Happy birthday, Brain, you and all your little virus friends - just know we're doing our damndest to keep you from having more."

Good luck. You'll need it, 'cause selection pressure tends to win.

Re:Good luck

[onepoint]

Your reply made me think for a minute
"You'll need it, 'cause selection pressure tends to win."

Reminded me of an old ( mid 80's ) analog issue.

We are progressing along with fewer and fewer operating systems. What would the writer of the virus think if he brought down part of a country. better yet, what would the writer of the virus do if he did it in his own area.

just makes you wonder.

Onepoint

obligatory microsoft comment...

it has to be said, wouldnt the first virus be when microsoft came out with its first operating system

Re:obligatory microsoft comment...

Nah you didn't have to say that.

Re:obligatory microsoft comment...

[ByteGuerrilla]

Oh, come on! This is the 21st century, man. That joke is sooo 1999

Oh, really...

[__aaclcg7560]

... it spread by floppy disks, which is a far cry from the network-aware worms of today.

While a network virus could reach around the globe in a matter of seconds, floppy disk viruses were just as bad before networks and CDs became common. Not only did you have to scan your own hard drive, but each and every floppy disk if you didn't know where the virus came from. You often had to practice "safe computing" by asking if the floppy disk was scanned before you use it on your own machine.

Re:Oh, really...

[interiot]

And had to make sure you didn't put a floppy disk in the drive while booting up, or make sure to configure the BIOS to not boot off the floppy. I used to help maintain a highschool computer lab back in those days, and man, lots of users with poor habits made viruses spread through the lab pretty quickly.

Re:Oh, really...

[misleb]

What was cool about the floppy born virus is that it is easy for collectors to store. I knew I guy who had a big box full of infected floppies. Hundreds of em'. All labeled with the virus that was on them. Some had multiple viruses. Neat stuff.

-matthew

Re:Oh, really...

[Boronx]

I had one virus (monkey-d or something) that would hide in memory such that the virus scan couldn't find it, though a scan would clean a floppy. As a result, if I found a disk with the virus, I had to clean it then immediately reboot, since even "dir"ing the disk would reinfect it.

Re:Oh, really...

[DerekLyons]

What was cool about the floppy born virus is that it is easy for collectors to store. I knew I guy who had a big box full of infected floppies. Hundreds of em'. All labeled with the virus that was on them. Some had multiple viruses. Neat stuff.

The computer store I worked at in the early 90's had an extensive collection that we used to test AV programs and to train techs on virus detection and removal. We kept 'em in a double locked file cabinet, and only me and the other senior tech each had one key, and were the only ones allowed to handle them.

About the same time the local BBS community had a persistent infection of "___" (I don't remember at this late date) that we could not find the vector of - not matter how paranoid we seemed to get. It was finally traced to a machine at the local library that we all trusted (mistakenly as it turned out). They had a machine that had it's HD filled with shareware - and the tech routinely disinfected it (and it needed it!). The libraries tech guy would clean the machine, then come home and let us know it was clean. One or more of us would be waiting when the library opened, assuming that the machine had remained off all night - and was thus still 'safe'. Problem was, one of the librarians had a game disk she'd play after hours or before opening - and it was infected.

Re:Oh, really...

[elgatozorbas]

You often had to practice "safe computing" by asking if the floppy disk was scanned before you use it on your own machine.

How is this safe? Methinks genuinely security aware person would take another's word for it.

Re:Oh, really...

[WuphonsReach]

I had one virus (monkey-d or something) that would hide in memory such that the virus scan couldn't find it, though a scan would clean a floppy. As a result, if I found a disk with the virus, I had to clean it then immediately reboot, since even "dir"ing the disk would reinfect it.

Which, IIRC, is where the guideline of "cold boot from a known clean, write-protected diskette before disinfecting" came from. Some of the nastier ones were especially tenacious.

I used to keep floppy boot disks around that I knew were clean and had a fairly recent version of anti-virus software on them.

Re:Oh, really...

[sconeu]

Remember the old slogan?

"Practice safe computing. Always wear a write-protect tab".

Re:Oh, really...

[wiredlogic]

I got my first boot sector virus downloading Slackware onto floppies in a school coputer lab and copying them onto my PC. We didn't have dorm networking then and the modems were 4800 baud so this was the only viable option. I new the floppies were potentially unsafe but I accidentally rebooted with a disk in the drive and got infected. Luckily it was an inocuous virus that did no damage.

Linux was still in the pre 1.0 state back then.

Re:Oh, really...

[Reziac]

I have a few dozen infected diskettes here somewhere, used in their day to test new releases of AV programs. I still keep a small zoo on my HD, for the same purpose, tho I never bothered to extract and archive any of the BSVs of the floppy era.

Collecting viruses was kindof a fun hobby, in a way... sortof like collecting stinging insects. :)

Re:Oh, really...

[ross.w]

It's funny how this has changed. I recall at work before our IBM Token Ring LAN was first installed, people used to compose their document at the nearest PC, then save their document on a floppy disc and go print it at a PC that was equipped with a printer.

Once we got the LAN installed (but pre-internet so no external link) it was no longer necessary to walk across the room using "sneakernet" to print a document, but people did it out of habit, and because setting up their own PC to print via the LAN was bothersome to them.

You could pick who those people were, becuase their PCs kept getting infested with viruses, largely because due to the scarcity of floppys, there was always one (and it only took one) who took stuff home or to Uni on the same floppy and then spread the love via the printer PC.

Those of us who used the LAN to print or exchange files were relatively safe.

Thanks, Microsoft!!

[Eggplant62]

For 20 years of occasionally losing sleep and mucho work time to dealing with the various virii that have popped up on your shoddily-secured operating system. I'm certain we're in for at least 20 more years while we await your demise. It'll be slow in coming but sure.

Re:Thanks, Microsoft!!

The next logical step would be for you to get yourself a more serious Operating System.

Viral Wartime...

If you are getting married because of a viral outbreak, then it's simplest to just think of yourself as a virtual-wartime profiteer.

Re:Viral Wartime...

Virtual-wartime profiteer??? It's clear that you've never been married... It's more likely that he'd be in a kind of virtual internment camp making door hinges or something!

Re:Viral Wartime...

[sglane81]

... it's simplest to just think of yourself as a virtual-wartime profiteer.

Where I come from, we call them carpetbaggers.

Virus writers have been teching up for 20 years

[patio11]

20 years ago: Beware of this VIRUS
20 days ago: lol this is not a virus

Re:Virus writers have been teching up for 20 years

[pvt_medic]

20 minutes ago it was no longer its birthday

perfect business model

[roman_mir]

create a crisis and provide means of solving the crisis for a nice fee.

  Welcome to the Dungeon
  (c) 1986 Basit & Amjad (pvt) Ltd.
  BRAIN COMPUTER SERVICES
  730 NIZAB BLOCK ALLAMA IQBAL TOWN
  LAHORE-PAKISTAN
  PHONE :430791,443248,280530.
  Beware of this VIRUS....
  Contact us for vaccination............ $#@%$@!!

can we be sure the same thing isn't happening today at say... symantec?

Re:perfect business model

[jonnosan]

they're still in business. : http://www.brain.net.pk/aboutus.htm

Re:perfect business model

[MichaelSmith]

can we be sure the same thing isn't happening today at say... symantec?

The first word macro virus came from Microsoft.

Re:perfect business model

[nvrrobx]

Normally I would have used my mod points to mod you down as flamebait, but instead I think I'll reply.

I happen to work for Symantec. I think we create great products. Yes, they have bugs. Sometimes they're bad bugs. Guess what - every piece of software installed on your PC has bugs. We fix them very quickly when it happens. We do a thing called "Rapid Response" and we turn around a patch as quickly as humanly possible. I've participated in one "Rapid Response", so yes, I do know what I'm talking about. Symantec is also a fantastic place to work. We have great people (both from a technical and human side). We provide services people need/want. So yes, I guess we do have a good business model.

We *do not* create these viruses. I find it amusing that the conspiracy theorists out there like to latch on to that idea. I love how it's hip and trendy to bash Microsoft, Apple, Symantec et al around here. I'm not aware of any Symantec employees arrested for creating any of the major viruses or worms that have spread lately. Maybe you know something you'd like to share with the rest of the class?

(My opinions do not necessarily reflect those of my employer.)

Re:perfect business model

I happen to work for Symantec

I've been an intern at Symantec since June. Just thought I'd chime in and second everything you just said.

(including the disclaimer)

Re:perfect business model

[DigiShaman]

As an employee of Time Warner Cable (supporting RoadRunner customers), I ***HATE*** Symantec Personal Firewall with the glowing white-hot passion of a thousand suns.

A firewall should provide passive protection like the one included with XP SP2 (damn good firewall for being software based). But other software based firewalls end up getting gummed up with corruption in that they totally shut down the users connectivity to the internet.

Re:perfect business model

[wfberg]

No one seriously believes Symantec is capable of making virusses. Not competent enough to even build a virusscanner that doesn't rely on internet explorer for its user interface (except, interestingly enough, the corporate edition, which isn't sold to noobs; not that it's perfect, it's a bitch to setup and maintain in just the way you want). And what's with the skins? You've got your priorities right there, make it look pretty and screw up user's expectations of the user interface.

I've tried many virusscanners and security products and Symantec products have consistently offered the worst experience in terms of ease of use, expert use, and even just plain uninstalling. I wouldn't recommend them to anyone.

Now, that may bruise your ego, but if it does, I suggest you apply for a management position. Your products suck, do something about it, or just put on blinders and keep humming "lalala I can't hear you".

Have you even tried your competitors' software? Even AVG's free edition anti-virus kicks your butt, likewist for sygate's free personal firewall..

Re:perfect business model

[Inda]

No, these days you create rubbish products and live off your brand name.

I uninstalled your anti-virus software many moons ago. One day, many moons later, I saw network traffic when there should have been none. This traffic (2mb an hour - nearly 1.5gb a month) was coming from one of your updating applications that had not been uninstalled properly. Thanks for that. Thanks for the wasted time and the wasted bandwidth.

I could go on about the hours your software takes to scan my little hard drive. But I won't.

I could go on about the weekly reboots needed to update definitions. But I won't.

I could go on about the alternatives to your crappy software but I think everyone (who doesn't shop in PC World) already knows the score there.

Re:perfect business model

[JamesTRexx]

Corporate version also needs IE. I've rolled out client 10 two days ago and half the machines were refused for not having an up-to-date IE.

Re:perfect business model

[6*7]

Ever heard of Stockholm syndrom :)

Re:perfect business model

[zerocool^]

I'm running your corporate AV now (site license with virginia tech, my employeer, who's views this post does not reflect either).

I have no problems with the corporate symantec / norton / whatever. It runs well, doesn't suck resources, etc.

Before I was in my current job, I did consulting / onsite tech work. Basically, I went to people's businesses and houses and fixed their infected computers. I've worked with symantec's end-user products extensively. Why aren't they as good as the corporate products?

For starters, most end users only get updates on Tuesdays, versus the Corporate edition gets updates as often as you guys push them. By contrast, Trend Micro users get updates as much as 5 or 6 times a day, even without running corporate. The Corp Norton also has a sleek, minimalist interface, versus the end user AV's interface with is bulky, unstable, and hard to navigate. It's also constantly trying to upsell you. And if you do end up with Norton Internet Security, your computer becomes unusable. It starts like 6 services and 4 background processes, and you can pretty much forget about any file sharing (for example, mapped drives, or SMB stuff). The firewall is over zealous, most people don't even know what it's doing anyway, and just click allow for everything that pops up. It hooks into so many dll's - installing it's own tcp/ip stack or network driver or some such thing... Ugh.

Norton also doesn't catch all the viruses that Trend Micro does. I used TM a lot, not because I was paid to, or because anyone told me to, but because it worked. You could get the virus pattern file from download.trendmicro.com, along with the sysclean scanning engine, even if you weren't a customer, and it was portable. I saw systems with updated norton that were still infected, or had viruses that had been found that couldn't be deleted all the time. I know the plural of anecdote is data, and all that, but I saw this time and time and time again... systems completely hosed when end users thought they were safe because of Norton / Symantec.

The other thing that bothers me about Symantec is the propensity for buying up other companies. They've been on a real merger kick lately, to the detriment of some good software. Of course, they now own PC Anywhere. They also have recently purchased Veritas, and I fully expect them to run it into the ground in the next 2 or 3 years. They own WinFaxPro, ProComm terminal, Partition Magic, and a whole crapload of other stuff they've purchased.

Anyway, whatever. It may be a great place to work, but the end user stuff they turn out is crap annoyware, and their corperate philosophy is merge merge merge and innovation be damned.

~Will

Re:perfect business model

[roman_mir]

Normally you would mode me down for a legitimate question? Good to know. Thanks, mister Symantec. I don't run your software, AVG works just fine. And for your future reference, just because someone asks a question and uses your particular company as an example it doesn't mean they accuse your company of anything.
Ok, have a beautiful day.

Re:perfect business model

[WuphonsReach]

We started using the Corporate version of Symantec a few years back. (Our previous A/V, installed before I came onboard, was McAfee... and we'd have to upgrade the workstations on a 1-by-1 basis every week.)

Overall, we've been mostly happy with it. It stays out of the way when configured properly and does a reasonably good job of updating. The big issue with v8 is that the clients get slaved to a single server for updates rather then talking to any server within the organization. So when we retire a server, we have to then go around and uninstall/reinstall all of the clients to change to a different managed server.

Re:perfect business model

likewist for sygate's free personal firewall

looks like sygate's owned by symantec now:

We would like to welcome you to Symantec. We recognize that the strength of an organization is built on the loyalty of its customers, and we are committed to providing a seamless transition for Sygate's customers. We are in the initial stages of the integration, and you can expect business as usual as we move through the transition.

http://smb.sygate.com/default.htm

Re:perfect business model

[melodraama]

A firewall should provide passive protection like the one included with XP SP2 (damn good firewall for being software based). But other software based firewalls end up getting gummed up with corruption in that they totally shut down the users connectivity to the internet.

What do you mean by the "software based firewall"? Like there were any hardware based firewalls.

Re:perfect business model

[xtracto]

I will take the freedom to go on about how they have bought quite a lot of software and managed to make them suck big.

From all of them, the ones I *used* to use (before Symantec put their claws on them) were:
- Powerquest Partition Magic
- Norton Utilities (was pretty good before Symantec days)
- Norton Antivirus (agree... they where OK in the DOS days... well it was that or McAfee .. queeww)

Now, I have replaced those programs with Paragon Partition Manager, SysInternal misc utils, AVG Free antivirus.

As for Symantec products, Thanks but no thanks. As someone else said, they live up only on their name...

Re:perfect business model

[AoT]

Wow, this place just gets more and more ignorant.

Re:perfect business model

[John+Courtland]

Agreed, I had, preinstalled from the IT dept, Symantec Corporate Security Suite or whatever it's called. When the firewall kept wasting my network adapter I took it upon myself to lobotomize the entirety of that software from my computer. It would even trash the loopback, for Christ's sake.

And let me tell you, DoScan.exe is a fucking pile of shit. That's all I'll say about that, lest I get so pissed I turn into some DragonBall Z character and burn down my office with the flames coming off my body.

Re:perfect business model

BTW, Sygate is a Symantec property.

Re:perfect business model

[knarf]

Aieee.... I honestly do not think Symantec and 'great products' should be mentioned together in one sentence. I would rather you described Symantec products as grossly invasive (in a technical sense) and often quite unstable. Not to mention the fact that removing a Symantec product from a (Windows) computer is often as hard as removing a worm or virus. This includes manual registry editing and hunting for leftover files. Have a look at your own service site and read some of the problems people encounter and the trouble they have to go through to solve them.

And what about Symantec's business practices... The Spybot S&D fiasco seems to be indicative of a company which does not take its corporate responsibilities to seriously to me.

Whether or not Symantec (or any other company in the protection business) has a hand in creating viruses/worms/malware is something I do not have enough information on to comment on. If someone has any proof that this is indeed the case please speak up...

Re:perfect business model

[melodraama]

No, seriously. The term "hardware firewall" is stupid name for a device, which runs an operating system on a general purpose CPU and is configurable through software, instead of making configuration changes with resoldering different pieces of electronics. The Windows XP firewall is as much a hardware firewall as is some dedicated program running on a dedicated box.

20 years of Windows, too!

[freeweed]

Windows is also 20 years old, give or take a couple of months.

Laugh, it's a joke. Windows wasn't even natively network aware until 10 years later :)

Re:20 years of Windows, too!

[narad]

it would have been better if it never became network aware...

Brian?

[caluml]

"No, I'm Brian, and so's my wife!"

I recall...

[Velox_SwiftFox]

When one media pundit was being subjected to derision because of his outlandish idea that viruses might be spread by email.

Re:I recall...

[PostItNote]

Ah the olden days. Good times.

Re:I recall...

[StormReaver]

"...one media pundit was being subjected to derision because of his outlandish idea that viruses might be spread by email."

And is was an outlandish idea. Yet again, something so stupid and bad as to be unthinkable was made possible by Microsoft's horrendously bad software development practices. Note that of all the software in the entire world, only Microsoft's makes this kind of idiocy not only possible, but extremely common.

Re:I recall...

[conteXXt]

There was a fair amount of the opposite too.

I recall the admins at my workplace sending out a warning about email attachments and do not open them.

The kicker? we used PROFS (IBM mainframe mail with text only attachments)

I didn't even bother to try and explain that one to them. Just rejoiced in the panic that ensued.

Re:I recall...

[greed]

Rich-content e-mail is just another one of the results of the battle between Netscape and Microsoft. They both added programming languages to HTML (JavaScript and VBScript). I hold Netscape just as responsible for the ensuing damage to the network.

One of these days I'm going to see if I can rig Thunderbird to alert on any attempt to fetch a URL from an e-mail tries to go to a host which differs from the From address. So spoofers can still send out "account-confirm@paypal.com", but they'd have to find an XSS exploit because all their links would have to go to http://something.paypal.com/. Just a "Hey, did you mean that" alert, so friends can still mail URLs to each other.

Re:I recall...

        Any software developer is going to create software with holes in it. Not every distrobution of Linux is locked down tight with no possibly way to exploit it with viruses. The difference is #1. More people use Microsoft operating systems, making them a more appealing target for viruses. Does a virus writer want to target 5% of the desktop population or 95%? and #2. I like to think that most of the people who consistently run 'Nix in a desktop environment are some of the more computer savy and intelligent people online. They more than likely understand security and have some type of antivirus program and make sure their systems have all of their holes patched.

        Of course, reading some of the comments by the 'nix l33t on Slashdot certainly makes me wonder about #2....

Carnage

20 years!

Coincidently, it was twenty years ago today that my first sexually transmiteed virus, Herpes, was discovered. Compared to today's potential bird flu, its a minor virus, and like Brain, it spread by my "floppy disk" (as I like to call it). Still, though, it was my first noted virus, and I've had twenty years of pain and annoyance from it and its many successors. Happy birthday, Herpes, you and all your little virus friends - just know I'm doing my damndest to keep myself from having more.

Re:20 years!

[syzler]

Coincidently, it was twenty years ago today that my first sexually transmiteed virus, Herpes, was discovered. Compared to today's potential bird flu, its a minor virus, and like Brain, it spread by my "floppy disk" (as I like to call it).
 
But don't you have to upgrade to a hard drive in order to transmit it?

Re:20 years!

[middlemen]

it spread by my "floppy disk"

you mean "floppy dick" don't you ;)

Re:20 years!

Coincidently, it was twenty years ago today that my first sexually transmiteed virus, Herpes, was discovered. Compared to today's potential bird flu,

Why do you jump from your first sexually-transmitted virus to bird flu? Do you think that bird flu might be ..... Nevermind. Please don't tell me about it.

No such thing as "computer" virus

[Yahweh+Doesn't+Exist]

there are only OS viruses. this is an important distinction in modern times when the term "computer virus" is used when 99.999999*% of the time the correct term would be "Microsoft Windows virus". more generally it promotes a misunderstanding to the public that viruses are a feature of computers themselves rather than particular computer configurations.

*recurring decimals not shown

Re:No such thing as "computer" virus

[bugg]

I don't think that's true, many old viruses used to operate mainly in the boot sector, and as such were infecting and spreading at a level beneath the OS (and beneath filesystems, for that)

I don't care what kind of disk you're booting, it has an MBR, and there might be a virus in it...

Re:No such thing as "computer" virus

[Lehk228]

nope. most older viruses were computer viruses, taking advantage of disk boot sectors and such. they were aware of the OS as far as finding thier next target but it wasn't vulnerable operating systems which made them work.

Re:No such thing as "computer" virus

[kartack]

I remember back in grade school we had a lab of Mac Pluses/Classics and prior to the installation of the AppleTalk network we had an outbreak of nCAM. This was one of those oh so wonderful pass by floppy worms. Since there was no network each student had a floppy disk that they stored their files on. The computers were outfitted with hard drives so the Mac OS 6.0 and Applications were installed on each machine. nCAM is fairly malign for a worm in that it does little other then spread itself to applications and diskettes, however the one thing it does is infrequently play a sound file that says "Don't Panic". Now on a single users machine this would be mildly annoying considering the sound would only play maybe once an hour or so. However, in a lab of 20 or 30 computers one would be going off nearly every minute. Since it was difficult to detect at first the worm quickly spread and was quickly all over the place, in the student disks and in effectively every computer. They ended up disinfecting all of the student disks and lab computers, I should imagine it was a project given to the grade 9 computer class. I believe they ended up having to go through this process on more then one occasion.

Re:No such thing as "computer" virus

[19thNervousBreakdown]

It's benign and malicious. Malign means to villify, or to damage their reputation in some way.

Re:No such thing as "computer" virus

[TangoCharlie]

It should be noted that 99.99999....... recurring, is _exactly_ 100.

Proof: Let's take the simpler example of 0.999........

Two numbers are different, there will be a third number, different to both of them which
is the average of the two numbers.

Let a=0.999.... recurring, and b=1.0. avg = (a+b)/2 = 1.9999.../2 = 0.9999..... recurring. So, agv = a. The average is not different, so there isn't a number between a and b. This proves that a and b are actually the _same_ number. QED.

Back to question of viruses....

How many Windows viruses are there?? How many of them are "active"? Erm, lots!
How many "active" MacOS viruses are there? Erm, 0?
How many "active" Linux viruses are there? Erm, 0?
How many "active" BSD viruses are there? Erm, 0?

So, it would appear that you're actually correct. Of "PC" viruses, it would appear that all of them are Windows viruses.

Now.... what about phones???!!! I think the situation there is somewhat different. I don't have the facts, but from what I've heard in the "press" there could be viruses for both Symbian and Microsoft Mobile (Windows) phones. Of course, if M$ gets 96% of the phone market as they have done in the PC market, you can be pretty sure that 100% of those viruses are going to be Microsoft Mobile viruses. Happy Days! :-)

Re:No such thing as "computer" virus

[Amouth]

this is true.. there are many tsr's that can load before the OS.. now most of them only effected a specific os if the coder had though about it he could have doen alot more.

Re:No such thing as "computer" virus

[2short]

Not so. All viruses are environment specific, yes. As noted by other posters, for the type of virus this article is about that required environment was a PC compatible machine; OS, or lack there of, was irrelevant. Most modern viruses are in some sens much less hard core. They require both specific apps and usually a clueless user. When virus writers pick an app to target, they do tend to pick specific apps that run on Windows, because they can count. All the more so if they need a clueless user.

So I agree that most viruses are specific to Windows; but I think it's dangerous to imagine it must be this way. Viruses are a feature of computers themselves, as I cannot imagine a computer capable enough to be worth using that could not support viruses, particularly with the addition of clueless users.

Oh, and "99.999..." is just a funny way of writing 100; numerically they are identical. I know another poster noted this, but I can't help myself.

Re:No such thing as "computer" virus

>..."99.999..." is just a funny way...

wow. you wrote this and yet still missed the joke.

What's outlandish

The only thing outlandish is calling programs that require the user to explicitly execute "viruses". Virus that exploits the email preview pane to execute without user knowledge? Sure, virus. Virus that makes remote calls to a vulnerability in an Outlook COM object? Sure, virus. Virus that relies on a user to click OmG_R34LNuD3P1c5_Br17n3y5p33rS.jpg.exe? No, not a virus.

Re:What's outlandish

[Beave]

The method of replication has little to do with if it's a "virus" or not. By a traditional sense, most "virii" we see now days are actually worms. I just posted about traditional definitions a minute ago. Here's what ole wikipeia has to say: "In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an infection, and the infected file (or executable code that is not part of a file) is called a host. Viruses are one of the several types of malicious software or malware. In a common parlance, the term virus is often extended to refer to worms, trojan horses and other sorts of malware, however, this can confuse computer users, since viruses in the narrow sense of the word are less common than they used to be, compared to other forms of malware." Not the "inserting copies of itself _into other executable code". How it replicates is not what makes it a virus. User interaction or not, has nothing to do with it.

Re:What's outlandish

[i8puppies]

That goes more into the disease of stupidity, really.

Worm verses Virus

[Beave]

It uses to be that "worm" != "virus". Now days, it seems, many people call just about everything a "virus", when in fact, the "more proper definition" would be worm. Or, maybe I'm just being an old fart about this. It's pretty simple. If it is a _standalone_ program meant to infect machines, then it would be considered a "worm". If the malicous program where to "infect" other programs (say - via .exe, .com infector or MBR), it's a "virus". That is, a "virus" will actually "attach" itself to a existing program (old com/exe infectors for eaxmple) or load themselves into the MBR/boot records. Then again, I see very obvious "trojans" get called "viruses!!!" all the time as well. Oh well :)

Re:Worm verses Virus

[Gary+W.+Longsine]

The issue is confused because modern malware often incorporates virus and worm techniques into one svelt and evil package.

Re:Worm verses Virus

[Beave]

.. I disagree. I believe it has more to do with the media jumping on the term "virus" rather than "worm" (ala - "cracker verses hacker". Most "malware" are trojan types of programs. There are not to many true (to the traditional sense of the word) "Viruses" (binary infectors - be it .exe/.com/MBR/.doc/etc) out there.

Re:Worm verses Virus

[Black+Cardinal]

Actually, this has been true from the early days. When I was a teenager in the mid 1980s, I didn't understand the difference between worms, viruses, and trojans and most people just called them all viruses.

Re:Worm verses Virus

[jaxu]

If you start being picky over "worm" and "virus" naming, you should also use "trojan horse" instead of "trojans"...

Because the "trojans" are those dump users who open and run every attachment the can get a hold on!

Re:Worm verses Virus

If the malicous program where to "infect" other programs (say - via .exe, .com infector or MBR), it's a "virus".

You're not an old fart because they would write were...

Re:Worm verses Virus

[stevey]

I've not seen any svelte malware since the late 90s.

Nowadays we see worm programs with their own SMTP engines, mailing copies of their code to all and sundry - with a typical size of 200k. Not svelte, slim, or small in any way.

When I did assembly-coding my viruses were in the order of 300bytes-2k tops.

Re:Worm verses Virus

[n6kuy]

I hought "Trojans" were what you used to protect yourself from paternity lawsuits...

Re:Worm verses Virus

[Creepy]

I'm with you there - I read a book last year by a pretty big author (argh! I can't think of the name of the author or book right now) where supposedly a computer expert on viruses helped the author out on the technical side, and yet the program in the book was really a trojan, not a virus. In that case, I suspect it's because people are too stupid to know the difference, but the book included a glossary at the beginning with the terminology in it.

    I like to add one more - bombs or timebombs - a little piece of malware that runs the program X # of times before deleting itself or delete itself after being copied X # of times. It was big in the early 1980s, but obscure today.

I'd day it's pretty likely not

[Sycraft-fu]

Main reason being there's no real need. There's enough assholes out there betweek immature assholes looking to cause trouble and greedy assholes looking to use systems for spam and such that there's just no lack of viruses.

Remember that if they were doing such a thing they'd face extreme criminal charges when caught, and make no mistake, they would be caught. There's a lot of anti-virus companies out there, and a lot of security researchers. Sooner or later, I'd be diacovered they were the source and then they'd be fucked.

You don't take risks like that if there's no reason. Ten viruses per year being released would be plenty to ensure your continued existance, since it only takes one nasty one to remind people your software is valuable. Given the thousands that are released, there's no reason to put yourself at risk making more.

Re:I'd day it's pretty likely not

[Poeir]

Given the results of the Sony debacle, I'm inclined to believe that Symantec et al would not face extreme criminal charges.

Re:I'd day it's pretty likely not

[theCat]

There was a time once when firefighters worked not for the government, but for insurance companies, and they would respond to protect structures covered by their employers or would freelance in expectation of payment by the insuror. The problem was that due to profit movites the fire "companies" were not averse to dirty tricks when a fire was set in order to get the "job", and are rumored to have even set a few themselves. The modern fire fighting ethic evolved only after firefighters became government employees charged with protecting everyone.

I don't think Symantec is doing anything to create viruses. But let's be honest; if they *wanted* to, how hard would it be to enter an anonymous chat room, hook up with a blackhat coder in Russia, mail him US$2k in small bills, and have something nasty on the 'net in 24 hours? Not hard at all. Nitpick the details all you want, they would stand to make so much money selling "protection" afterwards that the details of the initial transaction would be trivial.

I think everyone is aware that Symantec and their ilk have little finacial interest in seeing virus and worms disappear, and every interest in seeing them continue. It's just a fact. They only get paid when things break, unless we put them on as government workers like police or firefighters. That's not a proposal, just an observation. Though the NSA *did* develop SELinux... so maybe there's something to it.

Re:I'd day it's pretty likely not

[prshaw]

But let's get ever more honest....

How hard would it be for Slashdot to be paying those same blackhat coders in Russia, and then they have something nasty on the net in 24 hours for a new story against Microsoft!

So it NOT Symantec, it's SLASHDOT!!!

So what was your first?

[demonbug]

I never encountered Brain (the virus, dammit!). The first (and only!) virus I've had infecting one of my computers was the Ripper virus. Damned annoying, especially being unaware of it for probably a year or more, and this during the time of zipping files across multiple (I think our record was 17 or so) floppy disks. At least one disk out of a set would always be "dead". Made it really annoying to share doom^h^h^h^h ultima7^h^h^h^h^h^h^h data with friends. Ah, the good ol' days. I did finally get rid of it, but I also dumped all my floppies - too much hassle to check each one of them.

Re:So what was your first?

[mrjb]

Brain was my first. We lived in Medan, Indonesia by then. Soon I whipped together a boot sector virus scanner called Serum. This was arguably the first antivirus with heuristics- if memory was allocated in the boot sector, the boot sector was flagged as virus. It allowed users to program new signatures in it by hand.

Most boot viruses would copy the original bootsector elsewhere (brain stored it in clusters marked as bad cluster, later a lot of viruses formatted track 41/42 of a floppy and stored the original there). Serum was able to find back this original bootsector and put it back in place, effectively eliminating the virus. Quite state-of-the art at the time (as far as it concerned boot viruses). I earned my first own computer with that serum, my trusty 12 Mhz 286.

Years later, the Michelangelo virus appeared in Medan. Serum could already detect it as 'a virus' and fix it. Only later did we find out it was in fact Michelangelo.

Ah, those were the days... Too bad I don't have the source code anymore, I'm sure I'd be terrified by it :)

Re:So what was your first?

[dwiget]

My first was the "Stoned" virus.

Do not recall exactly what it did, but got a message "This computer is now stoned" or something like that, system would eventually crash. I believe it started writing out data to the hard drive until no more could be written, system would die. This was 1988 or so.

Infected floppies (boot sector stuff), so had to create and check new boot floppies on another un-infected system. Got the virus handed and floppies that were used for booting and "sneaker net" were all checked and handled as needed. Never had or saw it again after that one time.

Re:So what was your first?

The can't remember what the first virus I actually got was. It was some relatively minor Macro virus back in the early 90's. My first memorable one was "Code Red". I was working as a backup network admin at the time and was at home going to check my EMAIL through OWA. Suddenly I see "Hacked By Chinese". I called my superiors and they freaked out and starting calling the authorities to tell them that we had been illegaly hacked. (They were pretty much idiots.) I went back into work, used my good friend google, and found the proper patches/cleanup tools/information. I almost got in trouble for making an "Unauthorized change" to the Exchange server by having it check for virus updates several times a day instead of the "Once a Month" setting that the ingenious Senior Network Engineer had set up.

Carnage

The Microsoft connection:

Wasn't Microsoft responsible for PC-DOS? Oh how little has changed!

Gee, Brain. What do you want to do tonight?

[Bimkins]

The same thing we do every night, Pinky, try to infect the world!

Scientific American

[michaelmalak]

This 1988 bibliography on viruses has many pre-1986 references, most notably from the popular press:

• Dewdney, A. K.; Computer Recreations - In the game called Core War hostile programs engage in a battle of bits; Scientific American; Mar 1984.
• Dewdney, A. K.; Computer Recreations - A Core War bestiary of viruses, worms and other threats to computer memories; Scientific American; Mar 1985.

I've always believed that were it not for these Scientific American articles, it would have taken a lot longer for viruses to become prevalent. These articles piqued the interest of computer users (then synonymous with programmers) everywhere. For example, here's a 1994 comp.sys.apple2 post I just found of someone who was seduced by the articles into writing viruses.

Re:Scientific American

[rjstanford]

Oh, they were a blast alright. I never wrote anything with wormlike tendencies, but I still remember the first time I figured out (figured out, not copied from an article/program/bbs) how to write self-replicating code. Very gnifty and, while simple to copy, a bit of a PITA to deduce. Then again, I was about 12 at the time... which also means that I never had any of it on a networked machine. Not that it would have mattered - it wouldn't infect other systems, just produce copies of itself upon request, but it was the "hard" part of writing a virus.

Now these kids today just download a virus kit, tie in a root kit, grumble, grumble, bitch, moan, for all the "love of the hack," comments, its pretty much like buying legos and doing nothing but follow the instructions and claiming it as "art."

Sigh. I'm gettin' old.

ah viruses

[yeruki]

Viruses. How annoying they may be, they still grow older than me.

STONED virus

[tq_at_sju]

i remember on my first computer we got the STONED virus from a floppy disk from my dad's work, anyone else get that ???

Re:STONED virus

[sumday]

I get STONED most evenings.

Re:STONED virus

[eobanb]

Yes! My 386 still has it, in fact.

Re:STONED virus

[PGillingwater]

I met the guy who developed Stoned, down in New Zealand. Good times, good times.

Re:STONED virus

[mccalli]

I met the guy who developed Stoned, down in New Zealand. Good times, good times.

On meeting the guy, did you chuck him in the nearest river? Because that would have been the only meeting that loon would have been a good time for me. The stoned virus very nearly wiped out my A-Level computing project (UK exams taken at 18) and nearly got me banned from the lab as well. Had I not had an ST with some fairly nice sector copying programs, I would have lost everything with a week to go, and so my University chance would have been blown. And yeah backups, but I was still learning and you've got to remember that this virus stuff was still relatively new at the time (1989).

Cretins who write these things aren't being cool, they're just sociopathic idiots and should be treated as such.

Cheers,
Ian

Re:STONED virus

Yep - rememeber seeing it at high school - mid 80's....

"Your PC is now STONED" was the message if I remeber correctly...

Thanks for the memory, was very funny at the time, and even funner now I'm sitting here stoned...

Have a great weekend.

Re:STONED virus

[smithy242]

Yeah, that was a good one. Used McAfee to remove at the time, and it took forever going through all of my 5 1/4" floppies. . .

I was curious how the virus worked so I took a hex editor to it, managed to modify the boot string "Your PC is now Stoned!" to see the effect. There was something else in there like "LEGALIZE MARIJUANA" but I never saw this echoed to the console.

Ahh, Disinfectant! :D

[interactive_civilian]

eweu said:

Disinfectant caught it right away. That was 1992, so I guess I'm too smug.

*sigh* I must have come to the party too late. By the time I started really using the Internet (late '92 or early '93) Disinfectant was already up to date on everything out there, so I have never had a Mac infected by a virus.

Disinfectant was a nice peice of software...fast, free, small memory footprint, small size... Of course, it was probably pretty easy to keep up to date since it only had 40 or so viruses to keep track of...

Personally, I'm looking forward to the OS X version of Disinfectant... That is, assuming we eventually get to the point where we actually need it. ;p

I guess I am also too smug...

still waiting for the first Mac OS X virus...

wake me up when it arrives...

You know..

[bmajik]

I've owned machines running DOS 5.0, Windows 3.0, 3.1, OS/2 2.1, OS/2 2.11, Windows 2k Server, Windows XP, Solaris 2.4, Solaris 2.5, Solaris 2.5.1, Solaris 2.6, IRIX 6.2, IRIX 6.5, NeXTSTEP 2.x, NeXTStep 3.3, OpenStep 4.2, OpenBSD 2.{5,6,7,8}, Linux TAMU, Slackware 1.0 (and a bunch of subsequent versions).

Do you know what?

I have never had a virus of any kind on any of those machines.

The best anti-virus protection is inbetween your ears.

Ironically, my IRIX machine was remote rooted, and i had a DOS successfully launched against my Solaris 2.6 machine (sunkill.. made telmod eat cpu/ram in kernel time).

My windows machines have comparatively been trouble free.

What the hell do you people do where your machines are always screwed up with malware on them? Do you not even bother to think about the consequences of your actions?

Re:You know..

[ByteGuerrilla]

Thank you for making that point. Too many people are all too willing to jump on the 'blame microsoft' bandwagon over security. Fact is that at the moment, crackers and other malicious computer users move faster than computer security does, so they're always at least half a step ahead of the game. When the Romans invented the pilum, they didn't make the tip break on impact straight away so it couldn't be thrown back, it took the barbarians to throw it back first before it became necessary. I've been using free (and I mean legitimately free) antivirus software for years now, and Windows for all of those years. I have only ever had a virus on my computer once, and that was when I had to go online to get the anti-virus software. A Windows PC, properly maintained, is every bit as secure as a Linux/IRIX/Solaris/BSD/Mac/etc. system - it takes a special kind of ignorance to haphazardly open up your computer to malicious files so much.

Re:You know..

[Eggplant62]

It's not my machines that get infected either. I know the steps I need to take to keep them safe, primarily putting them behind a firewall device or Linux box with iptables, to keep them off the public internet, thus I have never had a problem with my own personal equipment. However, I have worked in the past as a field service tech. The bulk of my service calls were concerned with residential users who did not know this one primary safety skill, and who thought that they were invulnerable because they managed to at least keep up with patches. Meanwhile, they're visiting porn sites and unsavory music-sharing or warez sites using Internet Exploder and wondering why their PCs are constantly locking up, slow, or impossible to do anything with.

I think I'm entitled to be critical of the mess that Microsoft calls Windows, which is based on one concept, backwards compatability, which hobbles it from being what I would consider a hardened, secure system. Until Microsoft puts time and personnel behind a thorough code audit or a complete rebuild from scratch, they will continue to suffer from security-related problems, and people and businesses will still bear the brunt of the expense related to correcting these security problems on their own computer infrastructure.

Re:You know..

Ironically, my IRIX machine was remote rooted

Yeah that wasn't too uncommon. IRIX's default security and all the extra processes associated with the shell, etc, were always getting remote rooted. Anyone without an IRIX box behind a strict firewall was (and IMO still is) asking for trouble. The best one I heard about was where the haxor accidentally managed to erase the XFS equivalent of the boot sector, forget what it was called... and their SGI support had run out, they didn't have anyone who could fix it, and they couldn't budget what SGI wanted for their trouble... Ooops!

Congratulations...

[caitsith01]

You will soon be the first ./ user to 'do the worm' twice in one year.

Re:Congratulations...

Didn't you pay attention?

He said he was getting married.

Re:Congratulations...

[buswolley]

Speaking of slashdot, What the hell does the slashdot topic logo of a caterpillar have to do with viruses?

Re:Congratulations...

[MegaFur]

It's the current logo for "computer/Internet virus/WORM".

Re:Congratulations...

[ChrisGood]

It looks to me more like an inch worm than it does a catapillar.

You're right.

[bmajik]

There were NO virii for MacOS 6/7/8/9. There were no Mac A/V products for those platforms.

I wouldn't be surprised if MacOS had a disproportionately large # of virii written for it, compared to its market share. And they were always nasty to get rid of, IME.

Re:You're right.

[Yahweh+Doesn't+Exist]

me: ...in modern times...

you: ...virii for MacOS 6...

what part of 1988 do you consider "modern"? I know it's a vague description but when you were writing your comment and realised you couldn't put Mac OS X in your list, didn't you think that might be my point?

and just because security can never be perfect doesn't mean one imperfect OS is just as acceptable as any other imperfect OS.

MS needs to sort out its security. I hope MS's next OS isn't as much of a joke on release as XP. I won't use it but another Blaster-scenario messes things up for even non-MS users.

Re:You're right.

[linuxfanatic1024]

I had SAM Virus Clinic on my Mac SE running OS 7.1 many years ago.

Viruses have no future

[crazylocks]

Where will all the human viruses go when their host OS becomes obsolete?

It's quite funny, really

[i8puppies]

How "computer viruses" have broken countless systems, racked up unbelievable maintenance costs, and scared everybody into not trusting their machines, yet the easiest method of receiving one is praised and used by most end-users.

They are not "computer viruses", they are "windows diseases".

Quit glorifying it, you stupid geeks!

If you'd quit glorifying things such as this, they may...MAY...go away. Quit being geeks ("OH! Look at how they did this! They put this here, and coded this that way, and....NEAT!") and be human beings for once ("Oh. Neat coding, but these folks should be jailed. Morons...")

Re:Quit glorifying it, you stupid geeks!

[i8puppies]

If it weren't for geeks like us then people like you wouldn't have an internet to troll on.

Common denominator

[Spy+der+Mann]

Macro Viruses, e-mails, Melissa, Blaster... what do they have in common, kids?

"Microsoft products!"

Well done, kids! You get an extra point today!

Re:Common denominator

[ross.w]

The first viruses referred to in the article were boot sector viruses. They didn't care what O/S you were running. Linux and OS/2 were just as vulnerable.

prank macro

[Barbarian]

That was what Microsoft called the first Word macro virus.

Re:prank macro

No, it was Word.concept, MS wrote it but did not name it.
--

[Reply to This][Parent]

First _PC_ Virus

[wk633]

There were Apple ][ Viruses (Viri?) out before that.

http://en.wikipedia.org/wiki/Elk_Cloner/ e.g.

Happy Birthday!

[Stan+Vassilev]

Happy birthday to you, happy birthday dear viruses...

Woo -Woo

[can56]

Virii, and assorted critters, have been around for millions (or mexillions/bazillions) of years on this planet. Yet life marches on.

Computer viruses are different, in that they are created on, and propogated through, devices used only by humans, for the past 20+ years.

Who do you think will win in the long run -- Si or DNA?

Sig - Post when drunk, to avoid further discussion ;-)

Re:Woo -Woo

[Rado.hr]

Just two remarks: 1. viruses use RNA chunks, not DNA 2. viruses aren't that old, there's common misconception that they must be soo old since they're so simple life forms (IF they are life forms), but the fact is that virus must evolve *after* it's host, for it can't propagate without using cell hardware of infected host. So, first you get a host, then you get a virus. They are evolving so rapidly, there's little chance to date them using methods for cell-based organisms.

It's just amazing

[mcrbids]

I'm upgrading my personal mailserver from RedHat 7.2 (now no longer supported by Progeny, alas) tonight to CentOS 4.2. For about 1/2 hour, my new mail server's antivirus wasn't set up, even though email service was on.

I was SHOCKED at how many viruses came in - like 40, more than 1 per minute! That means that this mail server was getting some 1,500 crap emails for me every day.

Unbelievable...

I've just gotten used to never seeing viruses in my email - it's an incredible crapflood of this stuff out there.

Re:It's just amazing

[ByteGuerrilla]

That's absolutely true. More and more machines on the Internet are being taken over as hosts for virus reproduction and distribution, and the sheer amount of malicious data being flung about the 'Net as a result is huge. This is one of the reasons it was hypothesised that the Internet would break down or go into a 'meltdown' state. So much crap... so little space.

Re:It's just amazing

[mcrbids]

But here's what's interesting - because the antivirus email was SO effective, I never even knew it to be a problem! How long before the majority of the traffic online is malicious, but it doesn't matter because it's filtered?

Talk about the wild, wild west...

My First Virus

[Vskye]

My first virus came off a "commercial" 5.25" floppy that I paided for. (go figure!) This was back in the late 1980's or early 1990's I believe. Sucked big time. ;)

Dana

Re:My First Virus

[Dunbal]

My first virus came off a "commercial" 5.25" floppy that I paided for.

      And I haven't paid for software since...

Re:Vista?

Pushing back the release date, of course. ;)

PC virus mentioned in 1984/85

[Terje+Mathisen]

I read the first article about the theoretical possibility of a PC virus in either 1984 or '85, at this time most people scoffed at it, simply refusing to believe it was possible.

Anyway, having written quite a bit of asm code, I had no problems accepting the possibility, so for fun I decided to write a sort of vaccine:

Simply a small program that took a digitial signature of every executable piece of code (boot blocks, .com/.exe etc) and saved this to a text file on a bootable floppy, which was then marked read-only.

Afterwards I could simply put in this floppy and reboot, whereupon the same program would compare the current signatures with those saved on the floppy.

The problem was to keep the original list updated each time I wrote a new program. :-(

Terje

Re:PC virus mentioned in 1984/85

[pe1chl]

tripwire. I remember a PC project at a bank that used it to check the system daily.

Also remember the times when it was universally accepted that a virus could only spread via bootblocks and programs, and not via datafiles. Datafiles were not code so they never could get executed.

This was first defeated by our friends at M$ who decided it was a good idea to have a macrolanguage in wordprocessor documents.
OK, we had to adjust the abovementioned truth only a little bit, because such a document really is a program. Word macroviruses became very widespread.

But the real surprise was when it turned out that even datafiles for programs which did not have any executable features at all could spread viruses...

Incidentally...

...that's also when Sgt. Pepper taught the band to play.

Sure...

[Boronx]

... why don't you just imagine a beowulf cluster of them while you're at it?

No, THIS is the first computer virus.

[Animats]

This is the first computer virus. From 1975. With source code.

Re:No, THIS is the first computer virus.

[Redwin]

How about Creeper and Rabbit created early 1970's and 1974 respectivly? Info here and here

I remember...

[lucm]

... when some of the virus were funny, like this one that was playing the "Hitchcock Presents" theme once in a while. Or that other one that was beeping each time the Enter key was pressed. This was a time where a TSR was not some obnoxious prick trying to sell you phony mortgage plans.

Nowadays the virus are mostly mail-related, so you get annoyed by other people's virus all the time. Sad.

SCA

And theres me thinking the SCA bootblock virus from the SCA in 87 was a trendsetter, but obviously beaten by the apple II stuff. It certainly was a nice piece of code for 4k, funky scrolling text on a red bar set on a black background with the words "Something wonderful has happened" fading up and the usual bootloader. I remember the first time seeing this and someone explaining to me how it replicated, and thinking it was a wind up. Then realizing it was not. The fact they stuffed this into 4k was at the time something of a eye opener and I think help spark the 4k demo scene on the amiga (that and that is the size of the bootsector on a amiga floppy)
The only real problem with it was commercial games used the 4k bootsector on the floppy to bootstrap their copy protected loaders in, and it used to overwrite these.
We managed to keep the spread down to a minimum by use of a cunning device known as a "write protect tab". That is once we had virus checked a disk, it was write protected and that was that, since joe average could not afford a hard disk back then and the amiga ran out of its roms anything memory resident just went when the power was pulled...

Re:SCA

[Gleng]

Yes, I was going to post about SCA. I very nearly crapped myself when I first saw the "Something wonderful has happened" message.

The little bastard used to reside in RAM between warm reboots, and only manifested itself on every 15th boot, so you never knew quite when or where it was going to strike.

Pretty cool though, in hindsight!

Re:SCA

[lazarus]

Of course if you wanted to get rid of SCA or any of those other "interesting" Amiga virii you could use VirusX. SteveX has a small snippet about it on his blog.

As far as I remember Steve single-handedly protected the Amiga community from virii and never took a cent for his work. It was simply something he found interesting and a challenge. Of course every once in a while some user group somewhere would take up a collection and Steve would find a cheque in his mailbox.

Other software Steve wrote for the Amiga was BBX (bulletin board), DiskX, WindX, CacheX, BixX, and probably a dozen others I've forgotten over the years.

Re:brain and..

[linuxfanatic1024]

NARF!!

Looking forward to Xinfectant as well

[Jerry+Smith]

Personally, I'm looking forward to the OS X version of Disinfectant... That is, assuming we eventually get to the point where we actually need it. ;p

ClamXav? Worth a look, but http://www.oreillynet.com/cs/user/view/cs_msg/7191 6 not protecting Classic. More info here http://www.versiontracker.com/dyn/moreinfo/macosx/ 24449 and don't forget to update the http://www.markallan.co.uk/clamXav/clamavEngineIns taller_0.88.zip engine. Disinfectant saved a lot of computers! (having worked as a tech, and being paid to clean out infected macs :-))

Re:Vista?

[linuxfanatic1024]

Adding more dangerous features to VBscript, Internet Explorer, and MS Office, of course!

One notable omission from the article..

[Channard]

.. is one of the most memorable occurances in virus history. An author wrote a book on viruses - the title of which shall remain nameless - and helpfully included the source code to an actual virus. Which led to dozens of variants appearing virtually overnight. Not the smartest thing to do.

Worms were there first

[Yvanhoe]

it spread by floppy disks, which is a far cry from the network-aware worms of today.

"The first implementation of a worm was by two researchers at Xerox PARC in 1978. The authors, John Shoch and Jon Hupp, originally designed the worm to find idle processors on the network and assign them tasks, sharing the processing and so improving the whole network efficiency."

http://en.wikipedia.org/wiki/Computer_worm

Not only was it a "network aware" worm, but also a rootkit and a crude "grid" implementation.

Doing your damndest?

[zakkie]

Really? You and all your friends and family are running something other than MS Windows then I take it? ;-)

Yes, I know viruses are technically able to happen in any environment, but practically speaking, how many non-MS-specific viruses (not worms) are currently in the wild for non-MS platforms?

Are you affiliated with the ETS?

[JambisJubilee]

You must write questions for the GRE.

If it wasn't for the I LOVE YOU virus....

[digitaldc]

I wouldn't have love at all.

This virus taught me that no warning will stop humans from investigating urequited love notes from their office coworkers.

Doing our damnedest?

[WheelDweller]

Well, that is to say, everything but leave the fragile and intentionally weak operating system, that is. After all, we gotta play games, and we don't like changes, unless they come from Microsoft. :)

"Doing our damnedest"; that's very, very funny. Remember that MS is closed-source, and therefore better code: no one can see the code. So how is it the Vista-ready viruses are ready to go when the OS hasn't been released?

Quit fooling yourself. If you're still running Microsoft, it's out of laziness.

re: 20 Years of Computer Viruses

[micrometer2003]

For 40 years IBM made computers that were pretty robust. The o/s memory and files were in a privileged part of the machine and out of the reach of ANY user. Why can't we do this with pc's?

And Jerusalem, And Michelangelo, And Ping-Pong...

[thesaintar]

And many more of the little bastards

Ah yes that one!

[sheepoo]

...which came out of Pakistan.
For better or for worse, the Pakistanis did start something :)

Yeah, i loved Michelangelo but my favourite was

Yakee Doodle

This is the photo of the first real computer bug!

[sxmjmae]

See real bug at: http://history.navy.mil/photos/images/h96000/h9656 6kc.htm

It happened 9 September 1945 at Harvard University.

Re: 20 Years of Computer Viruses

Of course we can. You just have to let the industry install this nice tamper-proof chip into your computer, disallowing low-level access from all software that is not expressly approved by Microsoft, RIAA or MPAA. You just have to give up your own access to low-level software, because that is not be allowed by any of the aforementioned authorities. You don't have anything against all this, right? Right?

Plural

[talornin]

Ok. THIS IS IT!

THE PLURAL OF VIRUS IS _NOT_ VIRI OR VIRII! Its viruses.
For to many years I have been pestered and laughed at on forums and IRC for calling it viruses.
But once and for all, one virus, several viruses. NOT virii.

Take a look here: http://dictionary.reference.com/help/faq/language/ v/virus.html
 
And to think that english isnt even my native language.

Re:Plural

[gkearney]

Ok. THIS IS IT!

If everyone starts using the spelling VIRI OR VIRII as the plural form of VIRUS then, over time it becomes the proper plural form. Unlike French, English has not governing authority on usage. Proper usage is what ever the common usage is. Words and usage can and do change in English even over a short period of time.

Re:Plural

[spazmonkey]

Perhaps you can help with another vexing plurality question -

    It is the proper term Jesuses, or Jesii?

    Also is there any sort of special purpose collective noun for a group of them? (i.e. litter, flock, pod, etc?)

    A Gaggle of Jesii?

    Just wondering.

Re:TSR

[Richard+Steiner]

That's right. TSR - Tactical Studies Rules, the folks who created Dungeons and Dragons. :-)

WAY OT...

[sconeu]

Actually, he did, but it didn't have the proper TPS report cover on it.

There are still viruses?

[matt+me]

Making me nostaligic, I thought they'd been eradicated sometime in the 90s. Not had one this century. How can we triumph in eradicating smallpox and now the WHO so close to elimating polio? Oh because ppl aren't as dumb as computer users.

Autopatcher Virus?

[h4ck7h3p14n37]

Where are all of the really dangerous viruses? It seems that all of the ones I've heard about recently didn't do a whole lot of damage, versus what they could have done.

It shouldn't be too difficult to develop an autopatcher virus; this would auto-propagate throughout a network and maintain a distributed vulnerability database that could be updated in real-time. The idea would be to automatically exploit and patch machines in a network as new vulnerabilities are discovered. Of course, the payload wouldn't necessarily be restricted to patching vulnerabilities. Once this sort of system was deployed, I can foresee it eventually reaching a critical mass where it simply could not be removed from the network.

Re:Autopatcher Virus?

There aren't a lot of dangerous viruses in the wild because they're not profitable. If it can't turn your box into a spam zombie or harvest your credit card information, people aren't going to put a ton of effort into getting it out there. Hobbyist/proof-of-concept viruses don't tend to be built to spread rapidly.

As far as an auto-patching worm, it's a terrible idea. IIRC someone actually tried that when one of the major MS worms was spreading a few years ago. And it's a bad idea because the biggest problem with worms is the increased network traffic they cause, and the autopatching worm was just as bad as the malicious ones. Not to mention that it's still ethically and legally wrong to infect someone, even if you have good intentions.

Re:Autopatcher Virus?

As far as an auto-patching worm, it's a terrible idea. IIRC someone actually tried that when one of the major MS worms was spreading a few years ago. And it's a bad idea because the biggest problem with worms is the increased network traffic they cause, and the autopatching worm was just as bad as the malicious ones. Not to mention that it's still ethically and legally wrong to infect someone, even if you have good intentions.

From the original post:

Of course, the payload wouldn't necessarily be restricted to patching vulnerabilities.

The general idea is that the tool could be used to patch machines, but it could also be used to gain control of a large number of servers.

No way to talk about my birthday!

[dlZ]

That's no way to talk about me on my birthday! I'm not a PC virus!! ohh... wait, I guess I should rtfa, it was 20 years ago, I'm a little older than that.... *hobbles off with cane*

Nostalgia: My First Virus

[LeeMeador]

The first "virus" I heard about was mid-80s when a virus got into the Dallas EDS office and infected a bunch of Macs. This was when a Mac was a tall beige box with a 9" screen at the top and a floppy disk slot below it. As I remember, someone got arrested for that. I heard about it from some guys I knew who got paid to go in and remove it.

The first "virus" I remember getting was STONED. I'm guessing early 90's time frame. It came in on a customer machine that was being upgraded. Infected most of the floppy disks in the repair center and then started spreading through the building. It was easy to remove but you had to do it on each and every one of the hundreds of floppy disks in the building. What a pain.

That's my story and I'm sticking to it.

Angry flower

[mobby_6kl]

>THE PLURAL OF VIRUS IS _NOT_ VIRI OR VIRII! Its viruses.

THE CONTRACTED FORM OF "IT IS" IS _NOT_ ITS!

It is = it's. You should learn this before correcting others with dictionary definitions.

From F-Secure description...

[RoadWarriorX]

Nowadays Brain is extinct.

Yes, but it's trying to reinvent itself for THE comeback of a lifetime!

Re:Message in the virus? (OT)

[objwiz]

how can this response (that I'm replying to) be flagged troll?...that doesnt make a bit of sense to me.

"Brain" - misguided response to piracy?

[coldnebo]

From http://www.brain.net.pk/aboutus.htm I found the following extremely interesting context:

"What no American journal had the courage to admit at that time was how badly the virus had hurt America's painfully cultivated image of the world's leading copyright protector. Almost overnight, it had shown Americans to be the world's biggest copyright violators. Every time the virus found a new home in the USA, it signalled one more copyright violation by an American."

Apparently this "virus" was originally intended to sit on people's PCs and ensure that they didn't run certain copyrighted software without a license. It explains the apparently silly idea of placing the authors contact information into the virus message along with a request for contact.

Although this is a rather bad idea for copy-protection enforcement I've seen similar schemes (INT13 hooks minus the virus transmission part) in CAD/CAM and music software. What's interesting is that it casts a completely different light on the intentions of the authors (misguided vs. malicious) that isn't reported in TFA.

I can't find any specifics about what the original software that was being protected was used for. Why was it so widespread? Did we (the USA) really screw Pakistani developers out of income for a useful utility? Or is this a case of a bad copy-protection scheme getting out of hand and falsely reporting violations?

Brain

[baadger]

What are we going to do today Brain?
The same thing we try to do every night Pinky...try to take over the world!

Well

[bmajik]

i was merely trying to illuminate the lack of historical perspective in your post. As other posters have mentioned - early viruses _were_ OS agnostic. Later on, platforms without proper user segmentation/memory protection (like Dos, Win 3.x, and Mac OS pre-X) all had viruses written for them.

As an aside, viruses do tend to be platform specific now, and "platform" means more than operating system. For instance, viruses that spread from one website to another via hijacking a browser. The browser is vulnerable, but the virus targets servers _and_ browsers.

Or the outlook/word macro viruses. These are application-specific viruses. You can use windows but be totally immune to these viruses if you dont have/use those particular applications.

The idea that there is a correlation between product security and # of viruses developed and in circulation, and that that is the only correlation, is false.

We can see that, observationally, the security of something like SunOS 4 or IRIX 4 was very very poor, yet there were few/any? viruses for those platforms.

Additionally, viruses as a type of attack are less interesting than they used to be. What makes a virus a virus is its self replicating nature. Why does it self replicate? So it is more likely to be run again and again. It needs to insert itself into as many programs as possible because invoking those programs/execution containers (in the case of word macro viruses) is how it delivers its payload and continues to spread. That is no longer the case today - platforms are always on, with long running service type processes. Malware can create new processes on the fly without user intervention. The "infect as many files as possible to increase liklihood of execution" is not really a relevant attack paradigm in a modern, always connected operating system.

In any case, there is nothing about OS X or any UNIX for that matter that makes it fundamentally more virus-resistant than Windows NT based systems. In each platform, the user is still required to do something for a virus to work. In the case of Windows, there are lots more ways that code can be executed, and the penetratino of these mechanisms is higher, but the former is a features issue and the latter is a market penetation issue.

If 90% of the population were using Mac OS X, we'd see more Mac OS X malware (2nd issue). 90% of the population wont ever use Mac OS X, because it lacks the features people want (the first issue - we don't build execution engines into various contexts just to make malware easier to develop. There are legitimate reasons why users would want Macros in Excel or HTML in their email. The problem is balancing flexibility of features with security in the face of increasing hostility)

Uhm, Excuse Me

[Master+of+Transhuman]

If I remember correctly, the first viruses were created by Dr. Fred Cohen (and on UNIX systems, by the way, back in the day when sys admins were trusting) back in the early '80's. He coined the term "virus" back in 1983 (or actually his research advisor did). He published his first paper in 1984.

Apparently this 20-year "anniversary" is for the first virus found "in the wild". Fair enough, but it is not the 20-year anniversary of the first computer virus.

Re: 20 Years of Computer Viruses

[prshaw]

I would guess that if that is what you want, then that is the computer you should buy.

It would also be worth saying that if you think there is a money making market in that product then you should start a company selling it and get rich yourself.

Only problem is then we couldn't complain about other people getting rich selling us things we don't want.

First virus or first PC virus?

[evanh]

A quick google gives some funny reading ...
http://66.102.7.104/search?q=cache:pebp5iyrBeIJ:li nuxmafia.com/~rick/eblug-lecture-2004-12-15.sxi

Quote follows:

Back in the mid-1970s, several of the system support staff at Motorola discovered a relatively simple way to crack system security on the Xerox CP-V timesharing system. Through a simple programming strategy, it was possible for a user program to trick the system into running a portion of the program in `master mode' (supervisor state), in which memory protection does not apply. The program could then poke a large value into its `privilege level' byte (normally write-protected) and could then proceed to bypass all levels of security within the file-management system, patch the system monitor, and do numerous other interesting things. In short, the barn door was wide open. Motorola quite properly reported this problem to Xerox via an official `level 1 SIDR' (a bug report with an intended urgency of `needs to be fixed yesterday'). Because the text of each SIDR was entered into a database that could be viewed by quite a number of people, Motorola followed the approved procedure: they simply reported the problem as `Security SIDR', and attached all of the necessary documentation, ways-to-reproduce, etc. The CP-V people at Xerox sat on their thumbs; they either didn't realize the severity of the problem, or didn't assign the necessary operating-system-staff resources to develop and distribute an official patch. Months passed. The Motorola guys pestered their Xerox field-support rep, to no avail. Finally they decided to take direct action, to demonstrate to Xerox management just how easily the system could be cracked and just how thoroughly the security safeguards could be subverted. They dug around in the operating-system listings and devised a thoroughly devilish set of patches. These patches were then incorporated into a pair of programs called `Robin Hood' and `Friar Tuck'. Robin Hood and Friar Tuck were designed to run as `ghost jobs' (daemons, in UNIX terminology); they would use the existing loophole to subvert system security, install the necessary patches, and then keep an eye on one another's statuses in order to keep the system operator (in effect, the superuser) from aborting them. One fine day, the system operator on the main CP-V software development system in El Segundo was surprised by a number of unusual phenomena. These included the following: * Tape drives would rewind and dismount their tapes in the middle of a job. * Disk drives would seek back and forth so rapidly that they would attempt to walk across the floor (see walking drives ). * The card-punch output device would occasionally start up of itself and punch a lace card. These would usually jam in the punch. * The console would print snide and insulting messages from Robin Hood to Friar Tuck, or vice versa. * The Xerox card reader had two output stackers; it could be instructed to stack into A, stack into B, or stack into A (unless a card was unreadable, in which case the bad card was placed into stacker B). One of the patches installed by the ghosts added some code to the card-reader driver... after reading a card, it would flip over to the opposite stacker. As a result, card decks would divide themselves in half when they were read, leaving the operator to recollate them manually. Naturally, the operator called in the operating-system developers. They found the bandit ghost jobs running, and X'ed them... and were once again surprised. When Robin Hood was X'ed, the following sequence of events took place: !X id1 id1: Friar Tuck... I am under attack! Pray save me! id1: Off (aborted) id2: Fear not, friend Robin! I shall rout the Sheriff of Nottingham's men! id1: Thank you, my good fellow! Each ghost-job would detect the fact that the other had been killed, and would start a new copy of the recently slain program within a few millisecond