spaf@cs.purdue.edu (Gene Spafford) (12/22/89)
At various seminars during the past few months, I've been making a few statements about the motives behind viruses and related threats (like the AIDS diskette). I'd like to share them with this audience, too. I hope I'm wrong about these, but.... Theorem #1) The majority of viruses written so far have been done for "sport," by people who have been trying to prove that they can write viruses. Others are possible experiments that got away, and a few specific cases of revenge. Theorem #2) Within a year or so, writing viruses for "sport" will almost cease to happen. They are becoming so well known and such a nuisance, and software guards are such that casual attempts will not be tried nor will they be successful if tried. Theorem #3) We will see more cases of viruses, etc. written as acts of political terrorism and as acts of extortion. Examples of politically-related computer attacks have occurred recently: the Stoned (New Zealand) virus, the Dukakis Mac virus, the FuManchu virus, the NASA "wank" worm, and perhaps the current AIDS trojan horse. These will be much more cleverly written and well-funded attacks as time goes on. (Imagine viruses that flash messages like: "Experiment with Computers, not Animals," "Save the Unborn," "Ban Nuclear Power," "Free Palestine," etc.) Theorem #4) Within the next few years, there will be at least one major problem where some purported anti-viral/security software will be made available, and it will contain a logic bomb or trojan horse in it that causes more damage than what it is supposed to fix. (Minor thesis: the likely author of such software will be someone marketing commercial security software, and the logic bomb version will be a public-domain package not traceable to the author. The purpose -- to discredit public domain anti-virus software.) Theorem #5) Too many people will continue to seek a software solution even though the problem is only partially in software. Thus, we aren't going to see an end to the problem for a long time to come. Comments? Discussion? - -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf