Twenty years of viruses and still no cure
Published: 27 Nov 2003 15:25 GMT
Of all the accomplishments in the annals of technology, Fred Cohen's contribution is undeniably unique: he introduced the term "virus" to the lexicon of computers.
The University of New Haven professor used the phrase in a 1984 research paper, in which he described threats self-propagating programs pose and explored potential defences against them. When he asked for funding from the National Science Foundation three years later to further explore countermeasures, the agency rebuffed him.
"They turned it down," said Cohen, who is also principal analyst for research firm Burton Group. "They said it wasn't of current interest."
Two decades later, countless companies and individuals are still paying for that mistake. The technology industry has yet to find a blanket solution to the ever-growing list of viruses and worms that constitute the greatest risk to computers on the Internet. Every year, companies lose billions of dollars when forced to halt work and deal with infectious digital diseases, such as Sobig and Slammer.
While much attention has been paid to the malicious online attackers who exploit technology's vulnerabilities, little has been documented about the origins of the virus. Its early iterations were not created by malcontent teenagers or antisocial geeks but by campus researchers, system administrators and a handful of old-school hackers who thought that the ability to reproduce their programs automatically was a neat trick.
The result is a tale of technical genius, academic naivete, bureaucratic arrogance and humans' penchant for tearing down institutions simply for the sake of doing so.
Sarah Gordon, senior research fellow at Symantec Security Response, caught her first computer virus more than a decade ago. She became so fascinated with the phenomenon that she spent several years studying the underground world of virus writers.
"The design of the Internet facilitates the distribution of information -- all sorts of information; it's a double-edged sword," Gordon said in a recent email interview. "Even if [viruses] are not designed to be intentionally malicious or dangerous, if they get outside of a controlled environment, there can be unexpected results."
That was precisely what happened with the fathers of the computer virus: the exponential doubling of viral code can greatly magnify minor errors and become the difference between a harmless prank and a devastating attack. Unlike the simple technologies behind isolated attacks on the Internet, the ability to propagate adds a level of complexity that often stymies the virus writers themselves. Although many programs quickly fizzle out, others have far outgrown the intentions of their authors.
Cohen had an inkling of much of the future when he first thought up the idea in November 1983 as a University of Southern California graduate student. During a weekly seminar on computer security, he conceived of a program that could infect other systems with copies of itself.
"All at once, a light bulb came on, and I said, 'Aha!'" Cohen recalled. "Within a few seconds, I knew how to write the program and that it would work."
His adviser at the time, Len Adleman -- well known as a creator of public-key encryption and the "A" in a popular form of the security technology known as RSA (Rivest, Shamir & Adleman) -- suggested that the programs were the digital analogy of viruses. The name stuck.
Previous
Did you find this article useful?
195 out of 382 people found this useful
- Share this article:
Full Talkback thread
2 comments
-
This just about takes de biscuit.
Robert H. Fieldm... Darryl Shawnmeyer -
if only one day the virus and worm creators would... Anonymous
