Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

20 Years of Virii 472

DenOfEarth writes "News.com has an article outlining that it was around twenty years ago that a computer security reasearcher coined the term 'virus', and how the things have been running amok. Interestingly enough, when said researcher applyed for research funding to look into a blanket solution to this possible 'virus' problem, he was turned down."
This discussion has been archived. No new comments can be posted.

20 Years of Virii

Comments Filter:
  • by Anonymous Coward on Thursday November 27, 2003 @06:25PM (#7579148)
    Virii is not a word.

    Drive safely.
    • Indeed.

      "Viri" is used by people trying to sound clever (i.e. being pretentious) but are really ignorant.

      "Virii" - well, what can I say? I hope that's just hope it was sticky keys and the author being too lazy to proof read.
      • "I hope that's just hope it was sticky keys"

        Talking of being too lazy to proof read...

        Perhaps I meant: "I hope it was just sticky keys"
      • by kalidasa ( 577403 ) * on Thursday November 27, 2003 @09:41PM (#7579952) Journal
        Actually, no, viri is an acceptable plural of virus. The word virus is used in Vergil's Georgics; if you look it up in Lewis and Short (and I assume in the Oxford Latin Dictionary, which I don't have immediate access to), the plural in Latin is indeed viri. Yes, it's the same word as the plural of the word for man, vir.
        • by Black Parrot ( 19622 ) on Friday November 28, 2003 @12:50AM (#7580440)


          > Actually, no, viri is an acceptable plural of virus. The word virus is used in Vergil's Georgics; if you look it up in Lewis and Short (and I assume in the Oxford Latin Dictionary, which I don't have immediate access to), the plural in Latin is indeed viri.

          The Oxford Latin Dictionary says that it always appears in the nom. sing. or acc. sing., with only two exceptions: once in the gen. sing. and once in the abl. sing., both in Lucretius. It also cites the use in Vergil's "Georgics" as malum ~us, "bad poison", i.e. not a plural. The Oxford Classical Text of the "Georgics" also shows malum uirus (line I.129).

          Possibly L&S were right and the OLD & OCT are wrong, but I doubt it.

    • Slashdot: 6 years of "virii" posing and arguing.
    • by account_deleted ( 4530225 ) on Thursday November 27, 2003 @08:56PM (#7579799)
      Comment removed based on user account deletion
    • by Hal The Computer ( 674045 ) on Thursday November 27, 2003 @09:06PM (#7579843)
      Allow me to tell the impatient what amazingly INSIGHTFUL comments are coming up:

      * 39 people reminding you that viruses is the corrent plural, not virii (of which 9 point to dictionary.com)
      * 13 people stating that no, virii is correct
      * 9 people questioning the manhood, charachter and evolutionary level of the people who defened virii.
      * 14 posts about the "good old days"
      * 6 comments on how someone should have patented viruses
      * 14 informational posts so far
      * and only one good joke (hint, you're reading it ;-) )

      (BTW: I'm too lazy to actaully count posts, all of the above numbers are 100% statistical, that is to say, 100% fiction.)
  • not to nitpick (Score:5, Informative)

    by mabu ( 178417 ) * on Thursday November 27, 2003 @06:27PM (#7579155)
    From dictonary.com [reference.com]:

    Q. What is the plural of virus?
    A. Viruses.
    It is not viri, or (which is worse) virii. True, the word comes directly from Latin, but not all Latin words ending in -us have -i as their plural. Besides, viri is the Latin word for 'men' (plural of vir, man, the root the English virile). There is in fact no written attestation of a Latin plural of virus.

    If you would like to pursue the subject further, see the excellent article What's the Plural of `Virus'? [perl.com] at Perl.com. If you have some knowledge of linguistics and Latin, you might be interested in the morphological analysis of the word from the Perseus Project.
  • by EmCeeHawking ( 720424 ) on Thursday November 27, 2003 @06:27PM (#7579158)
    Put enough people into a system and it starts to behave like an organic system rather than individuals each doing their thing.

    Viruses, worms, trojans are way past the point of being expressions of individualistic derangement.

    They represent the nasty side of the biology of the Net: the fact that any simulated or real ecosystem produces more parasites than non-parasites, and that non-parasites have to spend a significant amount of energy fighting off the bugs.

    Two decades is not significant in itself, but it should be a stark warning that viruses are not going to go away, that the Net is turning "wild", and that we need something other than daily antivirus updates to keep our systems safe.
    • What would you suggest? People will write viruses for every platform. People just write more for Windows since it is the most prevalent environment.

      Greater security in the operating system will help, but there will always be people who are willing to find ways to break the system, some maliciously, others not so much. There is no perfect solution.
    • by .com b4 .storm ( 581701 ) on Thursday November 27, 2003 @07:53PM (#7579532)

      Two decades is not significant in itself, but it should be a stark warning that viruses are not going to go away, that the Net is turning "wild", and that we need something other than daily antivirus updates to keep our systems safe.

      I agree completely. And I think this "something" fits into your analogy of the net being like an organic system. If you have any realistic expectation of staying alive and healthy, chances are you do not go around licking stairway railings or sticking your finger into electrical sockets. Knowing that these are not things one wants to do if one wants to stay alive, the average person consciously avoids doing such stupid things.

      And so it will need to be in the online world as well. If you have any reasonable expectation of keeping your computer running well (and keeping your data/privacy under your control), you cannot just go around running random programs with purple cartoon apes as mascots, and you cannot just go around opening every e-mail you receive. People will need to learn such things, just as we have learned what things are conducive to staying alive. Granted, many of the problems we experience today are the result of technology failing to protect people and their computers (automatically executing attachments, anyone?)... But a significant part of it is also a lack of education (or responsibility) when it comes to being a safe citizen on the net.

    • They represent the nasty side of the biology of the Net: the fact that any simulated or real ecosystem produces more parasites than non-parasites, and that non-parasites have to spend a significant amount of energy fighting off the bugs.

      Yeah maybe, but as in the real world where we're mostly healthy, we still can use our computers productively most of the time. Granted, I run OS X, but even when I'm on a Windows box I still fight the system more than the viruses. The energy I spend cursing MS products i
  • by CausticWindow ( 632215 ) on Thursday November 27, 2003 @06:30PM (#7579172)

    Viruses were much cooler in the early nineties. They didn't spread as wildfire on the internet, but at least they did cool thing as code morphing to foil antivirus programs.

    And why is this guy surprised that he doesn't get a grant for a "blanket solution" for viruses? I've got a blanket solution for world hunger and cancer, but I'm not getting any reasearch funding either.

    • by boots@work ( 17305 ) on Thursday November 27, 2003 @06:32PM (#7579184)
      I'm got a blanket solution for cold mornings.
    • Virus Checkers are lame these days also. I remember back about 15 years ago or more, that there was one particular virus checker on the 'Amiga 500' that would play a short sample of "We are the champions" by Queen. Nowdays, our highlights are the joys of 'Internet Explorer technology-dependant', activation-ware from Symantec - and the compulsary yearly subscription updates from most Anti-virus vendors. Yay!
  • Interestingly enough, when said researcher applyed for research funding to look into a blanket solution to this possible 'virus' problem, he was turned down."

    While I really doubt that this researcher would have been able to find a blanket solution, perhaps he would have been able to at least create awareness about virii/security problems, and maybe we wouldn't have these holes in SMTP and everything...

  • the damn fool didn't patent the idea and save many people a lot of bother :-)
  • Up to a certain point, virii generally relied on some form of human intervention or mistake by which to proliferate themselves.

    It seems that many of the early viruses were trojans, hiding in other software or with games. A few were hunter-seeker variants, looking for new places to infect but generally relying on either a weak user to infect to "climb the ladder" or a trojaned machine.

    Today, virii can get an unpatched machine from halfway across the world without requiring anything more than it be on wit
    • Remote exploits on unpatched machines go back quite a while too, at least to 1988 (the Morris worm [google.com]).

      As long as there are security holes in programs that interface with the network (such as sendmail), people will try to use them for malicious (or at least non-beneficial) purposes.
  • by Anonymous Coward on Thursday November 27, 2003 @06:36PM (#7579205)
    is spreading like a... yeah.
  • by caluml ( 551744 ) <slashdotNO@SPAMspamgoeshere.calum.org> on Thursday November 27, 2003 @06:38PM (#7579213) Homepage
    Users on a multi-user computer system behave like viruses, utilising the hosts resources, sometimes even going wild and destroying the host itself.
  • Ah memories (Score:4, Interesting)

    by jawtheshark ( 198669 ) * <slashdot.jawtheshark@com> on Thursday November 27, 2003 @06:41PM (#7579228) Homepage Journal
    Back in the good old days, I actually let my computer infect on purpose. Just once, yes, it was a bitch to clean. I got however the opportunity to dissect the thing in memory. I do not remember what year it was, but the Tequila virus was spreading like a wildfire. My AV detected the diskette with Tequilla. I had nothing important on the machine, disabled the AV, and staring hunting.

    While reading the live memory, I found a message stating "Tequilla and Beer forever" along with an address in Switserland if I recall correctly. Ah, those where the days.... Where viruses were no lame email worms but appended themselves to executables.

  • Ignored by the NSF? (Score:3, Interesting)

    by Prof. Pi ( 199260 ) on Thursday November 27, 2003 @06:42PM (#7579232)
    From the article:

    When he asked for funding from the National Science Foundation three years later to further explore countermeasures, the agency rebuffed him.

    A typical problem with getting research funded (or published) is that the gatekeepers, the people who decide what gets funded/published, often choose what is worthy based on their own research interests. One generally has to have established a track record to become a gatekeeper, which means that new ideas are often shut out, while researchers pursue what they think are the current "fashions."

    James Gleick (author of Chaos) tells how he was warned by professors that he'd ruin his career wasting his time with this "chaos" nonsense. (Fortunately, he ignored them.)

    • there very simple ways to do a 'blanket solution' solution for viruses..

      heck, most of nowadays viruses spread because of programming errors(security holes, or just bad by design flaws) or because of human ignorance anyways(some consider chain letters as viruses& so on).

      so it might have been because the gatekeeper didn't want to waste money on just virus awareness pr(which his research might have helped with though).
      -
  • You know, I always wondered how in the world they came up with the word "virus" for harmful code that renders a system useless after infecting others...
  • by mukund ( 163654 ) on Thursday November 27, 2003 @06:47PM (#7579271) Homepage
    • Yeah, I'd trust internet access from THAT company! Glad I don't like in Pakistan, I guess! (The US isn't much better, though... but at least we have a pseudo-democracy, and not a dictatorship...)
  • The word applied has been spelt as applyed. I can understand blatant abuse of the English language in the posts by slashdot users but on the main of slashdot - typos are just not acceptable.
  • 20 years? (Score:5, Interesting)

    by Anonymous Coward on Thursday November 27, 2003 @06:57PM (#7579311)
    it was around twenty years ago that a computer security reasearcher coined the term 'virus',
    Right... except that in David Gerrold's "When H.A.R.L.I.E. was One" (1972) there's this bit of dialogue :

    "Do you remember the VIRUS program?"
    "Vaguely. Wasn't it some kind of computer disease or malfunction?"
    "Disease is closer. There was a science-fiction writer once who wrote a story about it--but the thing had been around a long time before that. ....etc. etc.

    (p. 175, in the 1975 Ballantine paperback reprint: I think I have the 1972 serialization in Galaxy somewhere in a box upstairs, but I can't be arsed to dig it out)

    Actually, as described in the succeeding pages, VIRUS was more of a worm (a term coined by John Brunner in "The Shockwave Rider", but you knew that already); but the idea of malware called a virus was around in the early 70s at least.

  • Fred Cohen - BAH! (Score:5, Interesting)

    by HisMother ( 413313 ) on Thursday November 27, 2003 @07:01PM (#7579324)
    Any time you read an article and see Fred Cohen's name, you can stop reading right there, because you know another so called "journalist" has fallen hook, line, and sinker for this guy's self-aggrandizing line of bullshit. Note that you'll never find an article quoting X as saying Fred Cohen is the father of computer viruses, unless X is Fred Cohen. He's shilling for his security consulting firm, plain and simple. He no more "invented" the computer virus than Al Gore invented the Internet. Please, Slashdot, stop feeding this buttplug's enormous ego!
    • Yes, and your HisMother [slashdot.org], so you should know. ;-)
    • by NegativeK ( 547688 ) <tekarien@@@hotmail...com> on Friday November 28, 2003 @01:21AM (#7580537) Homepage
      Any time you read an article and see Fred Cohen's name, you can stop reading right there, because you know another so called "journalist" has fallen hook, line, and sinker for this guy's self-aggrandizing line of bullshit.

      I'm calling you on this one. I've been reading quite a few books on viruses, and I've read Cohen's paper from 1984 on viruses, and his A Short Course on Computer Viruses. Both are _very_ informative. The paper from 1984 described experiments back in the day when people would say that there system is absolutely secure, no way to doo anything to it, period (people still say it, but back then, others believed them.) His Course on Viruses is also excellent - it has a very concise set-theoretic basis for viruses. He may very well be whoring for his security company (I wouldn't know), but don't doubt this man's ability to write concise, accurate, funny texts on the subject.
  • by DenOfEarth ( 162699 ) on Thursday November 27, 2003 @07:09PM (#7579350) Homepage

    Alright, alright...enough people have commented on my misspelling of the plural form of virus, rightly so, as their dictionaries tell them 'virii' is not a word. Also, I did misspell the word 'applied' as 'applyed'. I used to get A's in spelling when I was younger, but maybe I'm getting rusty, sorry for that. Maybe I shouldn't smoke dope before posting stories...

    My question is whether it really matters or not. I don't think the blurb of text is incomprehensible, and since it's not a legal brief or anything like that, there is no binding meaning to the words. I've looked at the comments, and some people have also used the word 'virii', probably without thinking it was wrong. Is there anybody out there who read '20 years of virii' and didn't know what that meant? I'm really interested, as I would be willing to bet that most people who read that statement would be thinking within seconds that the story concerned a plural form of the virus being around for 20 years, or something very similar (unless they were a native latin speaker, in which case they might have been a bit fucked up).

    I'm not trying to slam on the nitpickers or anything, but really, what is communication? Is it being able to form coherent thoughts in another human being's brain, or is it following a bunch of rules that need to be updated every once in a while to keep up with our own language mutation that takes place daily?

    hehe...I've never been put on a soapbox before because I made spelling mistakes, so to those who really take offense to my spelling, I'm sorry that you weren't able to understand the words I wrote, and to those that 'got it', I hope you thought the story was interesting.

    • that virii may well end up in the dictionary, not as a true latin word, but as a modern slang term or 'latinism' simply because its use seems to persist so much. Virii may become a word in the moredn living english language even if it was never one in the latin tongue.

    • Spelling and grammar flames rarely contribute anything useful to a discussion. Your meaning was clear.

      It may be true that the lead articles in /. should be held to a higher standard than replies, but that's no excuse to bury useful discussion in a flood of pedantry.

      Whatever happened to the playfulness with words that is supposed to be one of the earmarks of the hacker culture?

      • Whatever happened to the playfulness with words that is supposed to be one of the earmarks of the hacker culture?

        I dunno, it beats me. I usually like making up words that suit my fancy or that sound 'right', and if done properly, intelligent people will respond favourably to that, even if the word isn't in the dictionary. As for the nitpickers though, I guess I just get kind of bugged when someone points out that 'virii' is wrong in english because of some latin stuff. Cripes, I don't know any latin,

        • You know now! I think all this PC-ness and being overly-sensitive about others these days is turning out a bunch of pathetic wimps AND removing a useful way of learning!

          *removing tongue from cheek*
          • hehe...cool. I was thinking the exact same thing, because if I didn't make that spelling mistake I wouldn't have gone to the perl.com page to learn the common fallacy. I agree with your sentiments that sometimes you have to tell people the hard shit, and most of the time I have no time doing it, but I just question the degree to which we need to be learned in things...ah well...In any case I'm going to stop commenting on this fecking story...it's a stupid distraction.

            best of luck to you

        • Try this (Score:3, Funny)

          by metamatic ( 202216 )
          If you are desireness of wordywise playfulings, begart a topics for thems. Nonebody willed complainted thens. If yous postwill factuish artics, use properized English, lestward we thinkage you a cuckwitted moronid semi-literaged drok.
    • by Malc ( 1751 ) on Thursday November 27, 2003 @07:45PM (#7579506)
      You're always going to get people who are looking for any excuse to bring another down.

      Then you have those who are seeing a common mistake and pointing it out, either through their own superiority or in an attempt to help others mend their ways.

      And there are others who find that basic mistakes diminish the credibility of the text. If the author can't even get the obvious things right, how much of the rest is correct?

      I personally get annoyed with people who make common mistakes like using they're, there and their interchangably. Why? It slows my reading down as I pause and translate. Too many mistakes and I just move on... that person's voice unheard by me. Sure, I can understand it if I read it for long enough, but why should I make the effort when the author could've tried a bit harder. Oh, and at the risk of sounding hypocritical, I can't abide laziness either.
  • Silly Cohen (Score:2, Funny)

    by trystanu ( 691619 )
    If only cohen had've patented the computer Virus'
  • (Warning, ignorance ahead.)

    I think a capability system (ex. EROS [eros-os.org]) is theoretically invulnerable because a virus would never have the rights it needs to infect. I barely understand how a capability system works, but I think it goes like this:

    Your e-mail client (for example) can't see anything but itself and e-mail (not even the file system), and it doesn't have authority to write onto itself.

    This is possible because every process or program has it's own set of "keys" that grant it rights to see/read/write
    • Question: Would said email client have the ability to write email/email attachments to disk? If so, a clever virus writer will eventually find a way to make one, given enough incentive. It may not have quite the auto-propogating power of an Outlook virus, but a trojan will work for sure, at least.

      Such a system would present greater hurdles, sure. But if the system allows one program to create data and another to execute it, ever, then there is a way to write a virus. It may not be easy, but there will
    • In theory, a capability system can be used to prevent many types of viruses; however, they are still vulnerable to at least two kinds of attacks.

      First, if a program is capable of causing damage with rights it legitimately possesses, the capability system will be unable to prevent it from doing whatever it chooses. This would typically require some sort of manual intervention (exploiting a backdoor, rooting the system, spoofing a distribution site) to compromise a trusted component, but there are many prog
  • Sentient Viruses (Score:3, Interesting)

    by tymbow ( 725036 ) on Thursday November 27, 2003 @07:18PM (#7579390)
    I was having a red wine fuelled conversation with some friends on the subject of viruses, worms and Internet security the other day. We were discussing how connectivity has changed the landscape with regards to the impact of viruses, bugs and worms. In the eighties and early nineties there was less connectivity than we have with the modern Internet. The obvious analogue to human viral pathogens and the rise of jet aircraft travel between countries shows how this will only get worse as more devices are connected to Internet and how inoculation and prevention together with secure coding practices (something which has no human virus equivalent at the moment, but who knows where DNS techniques will take us) are becoming mandatory. Should all devices connecting to the network be licensed and approved as cars travelling on roads today must be?

    The most interesting point raised was when (if?) we reach the point where viruses are classifiable as sentient beings. Do we then have the right to arbitrarily exterminate them? I could in my stupidest dreams foresee a court case where the latest Internet Explorer 99 bug is arguing for it's continued existence, social welfare and the right to bear children.
  • by Anonymous Coward
    Look, it is really, really simple:

    It doesn't matter if it's latin. It doesn't matter if it's correct latin. It doesn't matter that the plural is viruses in english or not.

    When are you guys going to realise that english (and any other language) is stuffed with words from other languages, wrongly used words, words that never existed, words that were wrong at the time but became commonplace, words that are currently written the way they are because they used to be too lazy to write them properly, etc.

    A lot
  • First the virus infects the human host with the desire to write the software for the virus. Then the software virus infects multiple computers and multiplies. Then another person sees the power/attention garnered by the virus and is themselves infected. And so the cycle goes -- infecting both humans and computers.
  • The solution (Score:5, Insightful)

    by bigberk ( 547360 ) <bigberk@users.pc9.org> on Thursday November 27, 2003 @07:42PM (#7579499)
    blanket solution to this possible 'virus' problem

    There is one solution to the 'virus' problem that everyone in the networking and security field knows about, but which few professionals endorse due to conflicts with business and commerce.

    The solution to 'viruses' is diversity in systems. This stems from the biological viewpoint which makes us realize that while one type of system may be vulnerable to a specific flaw, a mix of different systems (each with their own properties) will offer greater resilience.

    Think of the Internet, and how much trouble has been caused by Microsoft Windows viruses. Because of the Microsoft monoculture, the Internet has come to the brink of disaster several times (worm outbreaks; flooding of DNS root servers; and most notably, spam and increasingly fragmented global communications as a result).

    • Re:The solution (Score:4, Insightful)

      by burns210 ( 572621 ) <maburns@gmail.com> on Friday November 28, 2003 @12:16AM (#7580336) Homepage Journal
      actually, i have always thought(not to be rude, this is honest) that to have a secure box, you do not plug it into a network. This is how windows 2000 got one of its high-end security clearences(wether it is required for any OS, or if it was just for win2k, i don't know) and it is also a running joke on how DOS has had the fewest remote exploits of any Microsoft OS (none, because it was such a pain to get it on the network...

      But honestly, this idea seems to be overlooked, when in actuallity, it is worth using... It would have saved Valve's ass if their code wasn't on a conmputer that was connected to the internet. If it was on only the LAN, and inaccessible to the internet, then their code wouldn't have been able to be leeked.
  • by dark-br ( 473115 ) on Thursday November 27, 2003 @07:52PM (#7579526) Homepage
    Speaking of virus it has always been somewhat mysterious. I remember when I compiled my first dos virus in assembling it was such a painful task. From the initial assumption to the final accomplishment it took me more than 3 months, but what I had compiled was still at mess. Recently I come up with the idea that virus ultimately is something that affects other files and spreads itself, so it would not be too complicated to compile a virus by shell. Then I conveniently compiled the following script. Its functionality is to affect other shell programs.

    This program is of little practical significance, but it is helpful to visually understand the virus spread mechanism. Therefore, its instructive significance is more important than the practical one.

    Read the rest here [xfocus.org].

  • First use. . .not! (Score:4, Informative)

    by DuckDuckBOOM! ( 535473 ) on Thursday November 27, 2003 @08:15PM (#7579626)
    From the article:
    [Cohen] introduced the term "virus" to the lexicon of computers.
    Oh, really. I recall David Gerrold describing a self-replicating computer program called VIRUS in 1972 in When Harlie Was One [amazon.com]. And I suspect the concept wasn't original with him.
  • by Stephen Samuel ( 106962 ) <samuel AT bcgreen DOT com> on Friday November 28, 2003 @03:26AM (#7580807) Homepage Journal
    Perhaps I just didn't notice [slashdot.org], but I think we managed to go past the 15'th anniversary of The Morris worm [wikipedia.org] without noting it.

    For many people in the UNIX community, the Morris worm was the great wakeup call that the 'net was no longer a safe space where you could trust all the other sysadmins (( as was especially the case when your 'net was really only a LAN )).

    As a result of the Morris worm, people started to lock down their systems and software, including simple things like using fgets(3) instead of gets(3).
    (This lesson was also available to Microsoft, but they chose to ignore it until very recently.)

If mathematically you end up with the wrong answer, try multiplying by the page number.

Working...