This week marks the 20th anniversary of Cohen's work on the Unix platform. To celebrate the occasion silicon.com threw a virtual birthday party and invited some seasoned campaigners from the anti-virus industry to discuss their thoughts on the previous two decades of malware.
What developments do you think have defined the growth of the computer virus over the past 20 years?
Alex Shipp, MessageLabs: Three things: Firstly, the ubiquity of the Internet, secondly ease of coding, thirdly everybody using the same Windows platform.
Simon Perry, Computer Associates: Speed, intelligence and the level to which it has become a business problem versus simply a problem for the single end-user.
Graham Cluley, Sophos: Viruses have boomed in 'popularity' as computing has become more mainstream. As computers became networked, viruses began to spread more by infecting files. In 1995 Microsoft accidentally shipped the first virus which could infect Word documents and we began to see more viruses spreading via e-mail and the Internet. In the early days of viruses it would take months for a virus to spread into the wild. Today, a virus can spread around the world potentially infecting thousands in a matter of minutes.
Roger Levenhagen, Trend Micro: Viruses have grown in number and sophistication alongside the expansion of technologies. The explosion in the propagation rate and number of viruses can be linked directly to the growth in the use of e-mail and the Internet.
We have also seen the increase in the use of 'social engineering'--techniques used by virus writers to encourage computer users to open e-mails and activate viruses. Over the years, businesses have faced significant costs due to network downtime - and the clean-up necessary--linked to computer viruses.
What would you say have been the real milestones during the past 20 years?
Cluley: The first real milestone was Brain. This was the first PC virus and this is where it all began. Next I'd say Tequila, which was a multipartite virus (infected floppy disks, hard disks and executable files). Then, Concept - the first Word macro virus in 1995. This was the first virus which could infect documents and rewrote the rules for viruses.
Then of course there was Melissa--the first successful e-mail-aware virus--and the granddaddy of all e-mail-aware viruses. Then came social engineering--best utilized by The Love Bug and Kournikova.
Bruce Hughes, TruSecure: Viruses that have multiple vectors are the worst. Nimda is an example. They send e-mail, perform a distributed denial of service attack and open a backdoor.
Levenhagen: It is arguable that the Love Bug and Nimda viruses have been the worst viruses we have seen, in terms of spread and damage potential. However, the most problematic viruses have been the most recent. This year SQL Slammer broke all records for the speed at which it was able to spread, to the point of disabling ATM machines and bringing Internet traffic to a halt.
Shipp: I think the biggest milestone has to be the advent of spreading malware by the Internet, whether by worms, e-mail spamming of Trojans, newsgroup postings, Websites and other methods.
Peter Simpson, Clearswift: The most problematic has certainly been the hybrid variants, which survived for extraordinarily long periods due to their modular design and the ability to undergo changes by accepting encrypted plug-ins to update the code. Autonomous network worms such as Nimda, Code Red and MSBlast have set the most worrying precedents, as they operate below the AV radar and leave organizations far more open to infection.
Also, the Sobig Project employed spammed worms, with post-infection 'owned' PCs used to install spyware, steal financial credentials, act as a front for spamming operations, launch DDoS attacks on anti-spam sites and recently offering spammers virtually untraceable cloaked ISP' services.
What do the next 20 years hold? How much worse is it going to get?
Perry:: Twenty years is a lifetime in IT, so I am confident therefore in stating that within that timeframe, an attack that we would today classify as warfare or terrorism that includes a cyber element is a certainty.
Cluley: We'll see more viruses undoubtedly. There is no such thing as a usable virus-proof computer system. But anti-virus software is getting better at protecting against new, unknown threats and is using the Internet to its advantage. I don't think viruses are going to cause the end of the world but it's not a trivial 'fluff on the jacket' problem either. We need to keep the problem in perspective and not panic.
Levenhagen: As we have seen in the past 20 years, viruses are developed in line with new technologies as writers are looking for different ways to attack businesses. With this in mind, it is likely that viruses will be increasingly targeted at mobile computing and mobile phones.
Shipp: I think talk of doom and gloom is premature. There is already technology in place that has effectively all but eliminated the problem. The issue is it costs more than traditional solutions and there is the possibility that this will create a two-tier Internet. Those countries that can afford protection are by-and-large safe and those that cannot are at a disadvantage.
And finally... what 'birthday message' would you send the virus writers still at large?
Cluley: "Dear virus writer, Happy 20th birthday! I have sent a large birthday present to you. Please report to your local police station and identify yourself and they will be delighted to deliver it to you personally."
Levenhagen: Happy Birthday… Your days are numbered.
Perry: I am reminded of those trick birthday candles that you can never blow out no matter how hard you try. The virus writers can all take as many blows at us as they want, but we're going to keep adapting and we're going to keep the IT flame burning.
