Story image

ESET looks back at the origins of the computer virus

07 Nov 17

34 years ago the first computer virus was born – the brainchild of Frederick Cohen, a student at the engineering school at the University of California.

On November 3, 1983, Cohen had a theory that a malicious program could be used to exploit any connected system. He explored the issue on a VAX 11/750 system running Unix. His lecturer, Professor Leonard Adleman, dubbed the program a ‘computer virus’.

Since then, security firms have been fighting viruses and other forms of malware. Last week ESET dubbed November 3 the first ever Antimalware day.

“We continue the Antimalware Day celebration, an ESET initiative, by going back to that faithful day in 1983 when the first virus was born. At that moment, the virus was defined as a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself,” ESET explains.

Adleman revealed in an interview that Cohen’s original  aim was to write the program, make it available to all users under the guise of something useful like a file organizer, but what it would actually do is hand over all control of users’ data and privileges.

“The program had done exactly what he had claimed it would do. It very rapidly was taken up by users of the system and all rights and privileges and data of the system were surrendered to Fred”, he recalled. Cohen went on to do several experiments, and it never took more than a couple hours before he had complete access and complete control of the entire computer. “So it worked. No surprise it would work,” Adleman explained.

“We weren’t aware of other experiments apart from ours. I’ve learned since then that other computer programs that had been written by other people also have the claim to be the first computer virus, but at the time we didn’t know any of that,” he adds, referring to other research going on at the time.

Cohen believes the world takes a ‘fail and fix’ approach to technology.

“We weren’t aware of other experiments apart from ours. I’ve learned since then that other computer programs that had been written by other people also have the claim to be the first computer virus, but at the time we didn’t know any of that”.

“We wait for pain and then spend resources to alleviate it. The strength of fail and fix is that if nothing noticeable fails, you don’t spend any resources fixing. The weakness is that lots of things fail, it may take you a long time to detect the failures (if you ever do), and the cost of fix far exceeds the cost of proactive efforts,” he explains to ESET.

ESET says that it is dedicated to researching and raising awareness so users can use technology in a safer manner, which is what Antimalware Day is all about.

“User education will never cease to be an obligation, or a necessity. We need to understand the technology behind the threats we talk about every day, understand the psychological aspects behind the attacks, and avoid blaming the victims, because the failures that result in successful attacks involve many other factors,” the company says.

“The fact that cybercrime will continue to exist and perfect its capabilities is a reality; the question is how are we going to face this reality. Dr. Cohen agrees with us that there is still room for optimism: information technology can solve more problems than it creates, we just need to focus on using it to that end.”

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.