Opinion: Malware vs. anti-malware, 20 years into the fray

May 6, 2008 (Computerworld) As I recall, Nov. 2, 1988, started as an ordinary day at Goddard Space Flight Center where I was working in the data communications branch. By the end of the day ... well, actually, that day never ended. We just kept fighting to bring our servers and networks back to life. Our SunOS and VAX/BSD systems, which were connected to the Internet, had slowed to a stop.

We didn't know it yet, but we were fighting the first Net-propagated malware program: the Robert Morris Internet worm. Twenty-four hours into our "day," we received a fix developed by the University of California at Berkeley, and we were back online.

As it turned out, the Morris worm wasn't a deliberate attack. It was a self-replicating program with a bug that caused it to reproduce at a rate so fast that it brought down the (then much smaller) Internet. That was almost 20 years ago, and eventually it came to light that Robert Morris Jr. didn't intend to wreak the havoc he did. He was simply trying to get a hard number as to how many systems were attached to the Net.

In contrast, today's malware causes less overt havoc but far more deliberate harm. Most 21st-century crackers aren't making malware to show off their skills or wreck systems for the sheer malicious fun of itall. They're making malware that hides in your system so they can use your personal information and PC resources to make money. Welcome to the era of capitalist hacking.

In response, the security vendors come up with anti-malware programs, and we're locked into a seemingly endless battle between crackers and the defenders for the safety of our networks, our computers and our personal information. At the moment, it appears the bad guys are winning. There's more malware than ever before.

In this corner, the challenger ...

Perhaps "malware" isn't the right word. Historically, viruses, worms and the like were hit-and-run attackers -- get in, zap some files and try to leap to another PC before they were caught and cleaned out. Modern invading programs are designed to curl up and make themselves at home in your system, but they're not there to destroy your computer or your files. They're not malicious in the way as famous computer viruses as ILOVEYOU, which in 2000 destroyed untold numbers of files on Windows systems.

No, they're there to wait for a chance to snatch an important password or a credit card number, to turn the PCs under your care into a 2 a.m. spam generator, and to hurt your users and your data, not your machines. You may not even be the main target. One of the more disturbing rumors, albeit a difficult one to prove, is that some malware may not be acting on the behalf or organized cybercrime crews but by terrorists or government agencies. The Baltic country Estonia's Web sites, for example, were hit by a massive DDoS (distributed denial of service) attack last year by what was believed to be a group of Russian hackers.

Not, mind you, that viruses such as Melissa, ILOVEYOU and Sasser didn't cause enormous damage; they did. But users could avoid infection by taking relatively few, relatively simple precautions, such as never, ever opening an executable attachment sent to them via e-mail. Or they could practice safe computing by not using Outlook -- the system vulnerability that claimed to be an e-mail client. Then, however, if you used an up-to-date virus detection program and practiced safe e-mail, chances are you'd be safe.