Happy 20th birthday, PC virus
January 19, 2006 11:03 AM   Subscribe

A moment too late, I realized I forgot to include this link to Rober Slade's Brain virus history.
posted by Plutor at 11:08 AM on January 19, 2006

So antvirus companies write all the good viruses?
posted by The Jesse Helms at 11:16 AM on January 19, 2006

This reminds me of a piece of Apple ][ software I've been looking for for years; Destructivity. It was a collection of hacker ware: trojan horses, virus templates, etc. What was cool was it had well annotated machine source code. As an added exercise the source wouldn't work out of the box, so you had to have some skillz to use the stuff. It was like a teaching kit for how to write viruses.

Anyone else remember Destructivity? I've looked on Apple ][ archives from time to time but can't turn it up.
posted by Nelson at 11:19 AM on January 19, 2006

So hiring reformed virus writers would be bad for antivirus companies? That sounds counterintuitive to me. After all, hiring Frank Abagnale didn't hurt anti-counterfeit measures any.
posted by Faint of Butt at 11:21 AM on January 19, 2006

Old school viruses kicked ass. Gotta love crap you can download, thinking it's porn, only to have it spray digital crap into your BIOS or hard drive firmware.

Old school viruses actually damaged stuff. Now we just have to deal with spyware advertising crap and the occasional "I'm going to r00t your Windows box!" threat.
posted by drstein at 11:29 AM on January 19, 2006

Obligatory Mac inclusion: We don't have to worry about this . Even in the OS 9 era when viruses actually existed for the Mac it was a pretty low risk.

This isn't a PC hate thing so much as a "WTF?!" Why are there so many virsues and why does the number keep climbing? Is it at the point that the anti-virus industry sees no benefit in really trying to inoculate against virii? Is in that Windows swiss cheese default settings? What? General FUD about virii, they're really not such a huge problem with a bit of work? 'Cause it seems insane to me, with my one button looking mouse.
posted by Brandon Blatcher at 11:38 AM on January 19, 2006

These days Internet worms are by far the biggest threat. They exist mostly to build giant botnets that can then be used for extortion. "Pay us $10,000 or we crax0r your site". Sometimes botnets are used to send spam email. Worms are also used to carry advertising payloads.

It's not just fun hackery anymore, Internet worms are big business. Organized crime.
posted by Nelson at 11:49 AM on January 19, 2006

Mac users 'too smug' over security
(and the inevitable response to the response)
posted by zsazsa at 11:49 AM on January 19, 2006

Even in the OS 9 era when viruses actually existed for the Mac it was a pretty low risk ... 'Cause it seems insane to me, with my one button looking mouse.

Yeah, market share and the number of potential hosts has nothing to do with it. Shove your lame comsumer-loyalty-as-substitute-for-soul schadenfreude up your ass.
posted by Mayor Curley at 11:53 AM on January 19, 2006

Shove your lame comsumer-loyalty-as-substitute-for-soul schadenfreude up your ass.

I'm am NOT looking for a Mac/PC fight and I apologize if I came off arrogant. I WAS trying to be witty by poking fun, but again, apologies.
posted by Brandon Blatcher at 11:59 AM on January 19, 2006

This isn't a PC hate thing so much as a "WTF?!" Why are there so many virsues and why does the number keep climbing? Is it at the point that the anti-virus industry sees no benefit in really trying to inoculate against virii? Is in that Windows swiss cheese default settings? What? General FUD about virii, they're really not such a huge problem with a bit of work? 'Cause it seems insane to me, with my one button looking mouse.


I believe the term you're looking for is "security through obscurity."
posted by stenseng at 12:04 PM on January 19, 2006

Mayor Curley rocks!
posted by Mental Wimp at 12:05 PM on January 19, 2006

a 5% market share, combined with charging ridiculous amounts to develop for the platform help.
posted by stenseng at 12:06 PM on January 19, 2006

But back in the day all the non-PC OSs had their own viruses...
posted by Artw at 12:06 PM on January 19, 2006

a 5% market share

That answer has always seemed odd. Computer geeks enjoy challenges so one or 5 would probably create a virus for the Mac unix variant, just for bragging rights.

combined with charging ridiculous amounts to develop for the platform help.

This makes no sense. You can get plenty of mac shareware at $20 or less or freewere or commerical software at reasonable prices. If it was so expensive to develop for, none of these things would exist, correct?

Is just that Windows is so easy to develop viruses for and/or the tools have enabled a lot of script kiddies who don't need a good knowledge of programming to make a virus?
posted by Brandon Blatcher at 12:16 PM on January 19, 2006

stenseng, a full compiler (gcc) and IDE (Xcode) come free with MacOS.
posted by zsazsa at 12:18 PM on January 19, 2006

The last two or three virus problems I have had on my Macintosh were not viruses at all. They were security flaws created by the Norton ANTI Virus software itself. http://securityresponse.symantec.com/avcenter/security/Content/2005.12.21b.html
What does it say about "Security" companies that cause more harm than the perceived protection they provide?
posted by Gungho at 12:23 PM on January 19, 2006

Yeah, market share and the number of potential hosts

Mayor Curley:
Unless you can come up with a convincing diff. eq. of the virus population growth to prove this, I think you're full of shit.

Macs have 2%-10% of the PC market share, depending on how you count. By your (all-too-common, and all-to-simplistic) reasoning, the primary (nee only) reason Macs don't have many viruses is that low market share number. Well why is it then, exactly, that of the viruses out there, 2%-10% are not for the Mac? Or 2%-10% aren't for Linux machines? Yes, viruses (or worms, or whatever) exist for those platforms, but there is not a relationship between market share and virus share. Something like 99.5% of all viruses are for Windows or DOS, even though they don't have anywhere near that amount of market share.

Sorry, that hypothesis is sophistic bunk. The primary reason Windows and DOS get the lion's share of the viruses is inherent insecurity and bad software design. Market share plays an ancillary role, at best. The Morris worm fundamentally changed the way Unix people approached security. Viruses on the Windows/DOS platform didn't change any practices, really. It eventually made an industry for the quasi-snake-oil salesman that are anti-virus authors.

But derail aside, reading about this Brain virus was really cool.
posted by teece at 12:26 PM on January 19, 2006

teece, no offense buddy, but you're full of it.
posted by stenseng at 12:52 PM on January 19, 2006

This is why I'm on a VIC 20.
posted by bardic at 1:02 PM on January 19, 2006

teece, no offense buddy, but you're full of it.

Out of curiosity, how so?
posted by brundlefly at 1:10 PM on January 19, 2006

teece, no offense buddy, but you're full of it.

A truly ironclad rebuttal, sir. You are correct, I concede.
posted by teece at 1:15 PM on January 19, 2006

My TRS-80 has been virus free since 1980.
posted by spilon at 1:16 PM on January 19, 2006

So antvirus companies write all the good viruses?

...and they make you pay them to have your computer fixed. Excellent business strategy if you ask me.
posted by j-urb at 2:21 PM on January 19, 2006

"teece, no offense buddy, but you're full of it."

"Out of curiosity, how so?"

Because he's arguing that because apple has a 5% market share, it should have 5% of the viruses. Which is ludicrous. Because the virus depends on being able to infect its neighbors. Keeping in mind that even only a few people who come in contact with the virus are going to execute it and propagate it. A virus that only possibly infect 5% of the population CAN'T be successful.
posted by Mayor Curley at 2:45 PM on January 19, 2006

A virus that only possibly infect 5% of the population CAN'T be successful.

It seems to me that, if someone wrote a virus that would infect even just one mac, then it's a success. Then again, it depends on the motivations of the virus writer.
posted by zerokey at 2:49 PM on January 19, 2006

if someone wrote a virus that would infect even just one mac, then it's a success

Not really. By definition, a virus is something that replicates from host to host. Something that only infects a single host lacks true virus nature.

It could be a successful trojan, or a successful piece of adware, but not a successful virus.
posted by PeterMcDermott at 3:40 PM on January 19, 2006

A virus that only possibly infect 5% of the population CAN'T be successful.

Right. And I'm full of it? Give me a break. Like I said, show me a model that will prove this for computer viruses. I've seen such models for biological systems. Such crafty systems exist to explain how biological viruses spread, or populations grow, or whatever. But you'll note one extremely crucial detail which is lost on you: they model how a virus spreads, which is what you are talking about when you say "successful." They do not model the creation of viruses, which is what I'm talking about.

An unsuccessful virus != no virus. Indeed, browse through any virus data base: it's 95% unsuccessful viruses (to pull a number out of my ass). The great majority of ALL viruses are unsuccessful. So what.

But, (and now I've looked at the numbers), in modern virus scanners, between 99.2% and 99.6% off all viruses are for Windows and DOS. The great majority of which are very unsuccessful viruses.

Unless you are arguing the completely ludicrous stance that there ARE Mac and Linux virus authors out there coding away, creating viruses for those platforms, but those viruses are SO unsuccessful that they are not even seen by anyone, you're just talking nonsense. And if you are arguing that, well, then you're not thinking very well about it.

So again, it is most definitely not me that is full of it. But whatever you have to tell yourself, that's cool.

With all the Windows fanboys out there with a giant chip on their shoulder about Mac and Linux fanboy's (justified) smugness, you'd think there'd be a few of them smart enough to actually code something up, and prove that these systems are equally infectable...

Note: I'm not saying Mac and Linux/Unix are invulnerable: no OS is. I am saying that security is still not taken seriously by Microsoft, some 20 years after this shit started, and that is THE primary reason for the overwhelming dominance of Windows as the de facto virus platform. It has much less to do with Windows market share (that plays a small, but not primarily significant, part).
posted by teece at 3:51 PM on January 19, 2006

I am saying that security is still not taken seriously by Microsoft

They still put an awful lot of money into it.
posted by Artw at 3:53 PM on January 19, 2006

Shove your lame comsumer-loyalty-as-substitute-for-soul schadenfreude up your ass.

Someone touched a nerve, evidently.
posted by Rothko at 4:04 PM on January 19, 2006

Why are there so many virsues and why does the number keep climbing?

To what extent are virus/malware toolboxes, assembly kits, and development tools easily available for MS/Win and Macs?
posted by ROU_Xenophobe at 4:15 PM on January 19, 2006

A virus that only possibly infect 5% of the population CAN'T be successful.

I dunno, Ebola only infects a fraction of a fraction of the human species but it's still around. An epidemiologist might suggest that success is not in numbers but in being around to make the next batch of victims miserable.
posted by Rothko at 4:22 PM on January 19, 2006

Market share is a big thing, what you need to look at is demographics. We're not talking 5% of a random sample, Mac users tend to be wealthier and older than PC users because of the relative prohibitive cost. This means there's a lack of pimply hackers with OSX machines, development tools, virus kits, and a culture of OSX hacking.

Supposedly Macs are supposed to be the next big thing again and if there's influx of kids getting macs as their primary computers just like they did with PCs you'll see your OSX viruses and trojans. I don't care if you get the occasional "Type the root password please" prompt if what youre installing a stolen copy of Photoshop from Limewire with a nice trojan embedded into it. In other words you smug bastards are fucked like the rest of us. You'll be running Symantec and wondering how you lived without it.

In fact its happening. Right now you have:

1. Opener - a serious piece of malware. Its more of a rootkit married with spyware. Its nasty. It makes most Windows infections look like child's play. And its just a script. Scripts are much easier to write than whole applications and grandma can't tell the difference, she'll just double click it.

OSX's achilles heal won't be 20 year old legacy code like in Windows but simple scripting and non-technical users who don't even know what a bash shell is.

Its simply a matter of time now and I'm sure some young hacker is looking to make a name for himself with the first big OSX virus. In the meantime keep making noise about it. Its about as smart as yelling "MY HOUSE HASNT BEEN ROBBED YET" every so often to people on the street.
posted by skallas at 4:53 PM on January 19, 2006

In other words you smug bastards are fucked like the rest of us. You'll be running Symantec and wondering how you lived without it.

In fact its happening. Right now you have:

1. Opener - a serious piece of malware.

According to the thread you linked to, this malware was using vunerabilities that have already been patched, back in 2004. Also, the user seems to have not secured his machine, which caused the infection and according to people posting on the thread, there's no way for it to spread.

Still it's interesting stuff and certainly eyeopening for HOW to potentially infect a mac. Highly recommended reading for Mac users.
posted by Brandon Blatcher at 5:36 PM on January 19, 2006

HEEEERE WEEEE GOOOOO
posted by Baby_Balrog at 5:56 PM on January 19, 2006

a 5% market share, combined with charging ridiculous amounts to develop for the platform help.

As someone who has worked in software publishing for the platform, I can verify that there is no exorbitant fee involved in developing for the platform.

At the minimum you need a Macintosh and developer tools. In the past, the tools were purchased from Metrowerks. Now they're free from Apple.

They do charge for relationships, that is "Apple Developer Connection", but that basically gets you advance copies of the operating system and developer tools, and access to various marketing initiatives.

As for why it's so hard to write a Mac virus, a big part of that is because it's really difficult to execute code on a Mac without the user permitting it.

Mac OS before OS X was a lot more susceptible to viruses - there were like 25 or so, but System 7 broke most of them.
posted by bugmuncher at 6:49 PM on January 19, 2006

Dude, if I was a virus writer, I would so be trying to write something for a Mac. Show all those "smug" "stupid" and "willing to spend ridiculous amounts of money on their shitty computer" bastards how wrong they are.

Shame none of them have pulled it off.
posted by fungible at 9:29 PM on January 19, 2006

You'll be running Symantec and wondering how you lived without it.

No I won't. There are infinitely better ways to protect your system from malware. Indeed, the virus database paradigm is about as fucking stupid and ass-backwards as you can get.

The only person it benefits is anti-virus companies. Boy, they sure are winning the war on viruses!

It's been "only a matter of time" since I switched to Linux in 1998 and a Mac in 2004. I'm still waiting.
posted by teece at 9:32 PM on January 19, 2006

If market share were the explanation, it would be hard to account for the presence of viruses on Mac OS prior to OS X. Mac OS has always been a minority platform, yet it used to have enough viruses to support a couple of different commercial virus protection tools, and a handful of free ones. (I wrote one of them.) If people were writing viruses for Mac OS back when there were fewer than a million users, none of them connected to the Internet, it's hard to imagine that they would pass up the opportunity now, with millions of Mac users, many of them linked to each other.

Its simply a matter of time now and I'm sure some young hacker is looking to make a name for himself with the first big OSX virus.

I'm sure there are plenty of them; there always are. They have a very difficult challenge ahead.
posted by Mars Saxman at 9:59 PM on January 19, 2006

Dear OSX users: Don't mistake more secure for secure.
posted by srboisvert at 1:50 AM on January 20, 2006

I should have known this thread was going to end in OS holy wars. I'm just surprised the Bliss virus (Linux) hasn't been mentioned yet.
posted by Plutor at 2:53 AM on January 20, 2006

A polite virus. That's brilliant!
posted by sveskemus at 6:36 AM on January 20, 2006

I sometimes think the old quip that floppy boot sector viruses were more prevalent has a little bit of truth to it.

Of the "modern" viruses that make the news, I almost never run across them in the wild. I read about all the havoc they create, but I don't actually stumble across the virus on computer I interface with.

But floppy boot sector viruses... I got a new, low-level job once, and in the beginning they gave me nothing to do. Out of boredom, I grabbed a pile of floppies in an empt cubicle, and started seeing what was on them. There were about a hundred. Somewhere around 50% of them were infected with old boot sector viruses. There were several different viruses, too.

I haven't come across a virus in the wild in about 10 years. I'm sure part of it is me being tech savvy, and the other part is that I only use Windows very sparingly, and the last part is that I'm not in a billion Windows user's address books, but it is nonetheless an interesting fact to me.

And speaking of Linux, this showed up in my inbox today:
A heap overflow has been discovered in ClamAV, a virus scanner, which
could allow an attacker to execute arbitrary code by sending a carefully
crafted UPX-encoded executable to a system runnig ClamAV. In addition,
other potential overflows have been corrected.

posted by teece at 8:32 AM on January 20, 2006

Elk Cloner was the first PC virus.

Either that, or the Apple ][ was not a personal computer.

The use of what should be a generic phrase - "PC" - to automatically imply "Microsoft OS running on x86 hardware" annoys me. My WinXP laptop is a PC, the Linux box behind me is a PC, the Mac Classic I rescued form the garbage is a PC. None of them are mainframes, or terminals; they were intended for personal use. If the damn thing isn't rack-mounted it's a PC.

Of course the chance of anyone changing this is about as good as me getting the world to stop saying "organic" when they really mean "pesticide free" (for christ sakes, everything edible is organic, and the hydrocarbon-based pesticide you spray on it is every bit as organic as the food...)
posted by caution live frogs at 11:39 AM on January 20, 2006

caution live frogs: Yeah, or people saying 'hacker' when they really mean 'cracker'.
posted by sveskemus at 12:56 PM on January 20, 2006

Ah, the old Pakastani Brain, how I remember you well.

It was 1987 or thereabouts. I was taking an intro-level programming class at my high school and LO how the diskettes would start to read "(c) Brain".

Boot just one disk and every disk inserted into the system from there until reboot would be likewise infected. The old sneakernet in action.

At the time, it seemed a whole lot less benign than the "fairly harmless" it gets slapped with today. I remember we used to think it was voodoo: sometimes the label read something like "(c) Br.i..." and we suspected that once it spelled it out, we were toast.

Reality was probably more that floppy diskettes sucked as a medium, but how much we believed that simple cargo cult.

Years later I would buy a blank floppy whilst in college and the damned thing had written into it (by the manufacturer) a tiny boot sector loader that would display a stern warning for leaving a disk in the drive as doing so was a vector for infection. I nearly shit myself when I saw it, thinking that "crap, I'm hosed".
posted by Ogre Lawless at 3:55 PM on January 23, 2006