On November 3, 1983, Frederick Cohen, a Ph. D. student at the engineering school of the University of Southern California (USC), was sure that a malicious program could be used to exploit any connected system, but he wondered how long it would take for the code to do so.
He prepared a prototype that - after eight hours of hard work on a VAX 11/750 system running Unix - was ready to be shown at the weekly security seminar he attended. It was his lecturer, Leonard Adleman, who baptized that program as a computer virus.
"i knew that a virus could exploit a connected system. The only question was how quickly"
“I was in Len Adleman's information security class at USC when the proverbial light bulb turned on. I immediately knew that a virus could penetrate, and be used to exploit any connected general-purpose system. The only question was how quickly”, said Dr. Cohen in an exclusive interview.
His experiments marked a turning point: the name "computer virus" was born and with it, the search of means to protect against them.
To honor the work of Dr. Cohen and Prof. Adleman, and the foundations they laid for research of computer threats, we decided to declare November 3 as the first ever Antimalware Day. We hope to make this date a day we will celebrate worldwide each year, a day that will help reinforce the importance of antimalware in a world where computers can now fit into our hands.
This is a date that we invite you to become a part of, and help spread the message with us. To join this cause you just have to look for the content that we will post this week here at WeLiveSecurity, and on our social networks under the hashtag #AntimalwareDay.
We will begin the celebration by telling you why November 3, 1983, was such a decisive date and what the findings made back then mean today.
The experiments that made history
In eight hours, Dr. Cohen had developed a program that was capable of spreading to all users of the system and obtaining control of its data and privileges. He did several experiments, and the code took between 5 and 30 minutes to take control of and gain total access to the computer it infected.
Once Prof. Adleman identified that behavior with the concept of a computer virus (tomorrow we will tell you all the details of how he came up with that name!), some questions materialized: what else could be done with these programs, and how dangerous were they?
The conclusions to which Dr. Cohen arrived thanks to his experiments, sound similar to the answers you receive today: “None of the countermeasures examined appear to offer ideal solutions”, he documented in 1984.
It is a response that is often mentioned about current protective technologies: none of them are enough on their own. In addition, in order for systems to allow sharing, there must be some information flow, and that was in “direct opposition to the goals of viral security”.
The infamous cat and mouse game we usually talk about was set at that moment: whenever the industry develops a new protective measure, cybercriminals search the way to bypass it. But to Dr. Cohen this is a matter of choice: you don't have to suffer the risks if you don't want the rewards of modern technology.
“As a result of information technology, we live longer, better, easier, happier, etc. lives than ever before. And things on the whole seem to be getting better. So far, the rewards seem to be worth the risks. But if we don’t learn to deal with the cyberwarfare issues, we may not continue to find it that way”, said Dr. Cohen.
According to him, we live our relationship with technology under a “fail and fix” approach. “We wait for pain and then spend resources to alleviate it. The strength of fail and fix is that if nothing noticeable fails, you don’t spend any resources fixing. The weakness is that lots of things fail, it may take you a long time to detect the failures (if you ever do), and the cost of fix far exceeds the cost of proactive efforts”, he explained.
Naturally, this modus operandi rules many other aspects of human nature: “We also don’t generally do preventive medicine well - rather we wait to get sick then go to the doctor”.
There’s still room for hope
Prof. Adleman, who played a key role in the naming of computer virus, stated: “What we can do is the best we can do, our best try. And that’s what antiviral companies are doing. You might just as well ask what do we do about infectious diseases that attack our bodies, and we do the best we can: we make vaccines, antibiotics, antiviral medications… But these are evolving things out there, so we have to keep doing our best”.
We might never reach perfection. There will be failures and successes, and we might never win this cat and mouse game, but it is up to us to make our best effort to contribute to the cause.
At ESET, we are dedicated to researching and raising awareness so that users can use technology in a safer way, and we dedicate this new Antimalware Day in the hope that we can open the conversation on this important topic.
User education will never cease to be an obligation, or a necessity. We need to understand the technology behind the threats we talk about every day, understand the psychological aspects behind the attacks, and avoid blaming the victims, because the failures that result in successful attacks involve many other factors.
The fact that cybercrime will continue to exist and perfect its capabilities is a reality; the question is how are we going to face this reality. Dr. Cohen agrees with us that there is still room for optimism: information technology can solve more problems than it creates, we just need to focus on using it to that end.
What can you do to celebrate Antimalware Day?
The first step is to be informed and know how threats work and how to protect yourself from them; we invite you to be a part of the antimalware mission, by accessing research, news and opinions from the ESET security experts. This way you can also share your knowledge to help your contacts, friends and family protect themselves.
You could also consider a career in information security or related STEM fields; check out this beginner’s guide to starting in InfoSec and find out where you belong.
Stay tuned for more stories about the origins of computer defense techniques and our mission for Antimalware Day, declared November 3 from now on. Tomorrow, we will publish an exclusive interview with Professor. Len Adleman, where he will walk us through that fateful day when he thought of the name "computer virus", and what happened afterwards.
Happy Antimalware Day!