Schneier on Security
A blog covering security and security technology.
« Foiling Counterfeiting Countermeasures |
| Bomb-Sniffing Dogs on Subways »
January 19, 2006
20th Anniversary of the Computer Virus
Today is the 20th Anniversary of the oldest computer virus known: the Brain virus.
It was a boot sector virus, and spread via infected floppy disks.
EDITED TO ADD (1/19): F-Secure has some amusing comments.
EDITED TO ADD (1/30): As many people pointed out, Brain is not the first computer virus. It's the first PC virus.
Posted on January 19, 2006 at 9:53 AM
• 23 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Interesting ... I thought the oldest known virus was Elk Cloner for the Apple ][, dating from 1982. That would make it about 24 years old.
Brain might be the oldest *PC* virus, though.
That's nonsense. Everyone knows Apples don't get viruses.
My introduction to computer viruses was in the mid eighties at college, on aging Apple Macs. I asked why the viruses spread, and was told that every time you put a floppy in the drive, the Mac would execute a desktop program on the disk.
Even then, naive as I was, this sounded like a really stupid idea.
So I groaned when Windows introduced Autoplay, which was basically the same feature.
Now, I disable that kind of feature whenever I find it.
Does anybody recall a TV program dedicated to the BBC Microcomputer? Maybe a Brits only thing, but they showed a BBC Microcomputer virus that made the text fall off the screen. Many many moons ago...
That's the oldest PC virus, not (necessarily) the oldest computer virus.
actually, it's the oldest pc virus that made it into the wild... it's entirely possible (perhaps even probable, given cohen's earlier work in the field) that there were pc viruses prior to that point that never made it out of the lab...
by rights, if one were going to celebrate milestones for the concept of the computer virus one should look at those who coined the term and work back to when they first had/introduced the idea... which, if memory serves, is november 11 1983...
Ah yes, those were the days. As far as I can remember, that virus was benign. The only thing it would do would be to change the volume label of every infected (floppy) disk to (c) Brain, and the code that did it would propagate on sectors it purposefully marked bad on the disk (it would not infect disks that didn't have at least 1.5k of free space; three disk blocks). I was nine years old at the time, and read a disassembly of the virus, and that was one of my first steps to becoming an assembly language programmer.
I'll argue that the first real virus was Ken Thompson's self-replicating-code.
So that's even older.
I thought the f-secure blog write-up was pretty funny:
I agree with C Smith, Apple was ahead of its time even then by contracting the first viruses. My personal favorite was the old Ivar trojan since you could remotely control a Mac's sound...the installer just posted a fake "bomb" popup with a restart button. Brilliant. Nothing more surprising than your computer crashing and then talking to you after restart.
Supposedly the "ashar" person mentioned in the F-Secure page is Ashar Nisar, who originally wrote the virus and gave it to the Brain people. He later went on to found a company that runs (ran?) Pakistan's TLD: http://www.pknic.net.pk/pknic.html
@ Nicholas Weaver
I'm not familiar with any self-replicating code from Thompson. Do you have any links? Or are you referring to the hacked compiler that introduced a backdoor into the login program during compilation?
Yeah, the Ken Thomspon compiler hack.
It didn't just insert code into login, it also inserted itself into the compiler when the compiler was recompiled.
Thus it self propagated during compilation of the compiler.
Brain wasn't a virus, it was adware. It was an advertisement for a Pakistani computer store. Just two days ago I was tearing apart some old machines, and wanted to see what was on them. One actually had the Brain virus still on it.
I thought you got Brain.A from toilet seats?
"Brain wasn't a virus, it was adware"
Is it really useful to maintain such a distinction?
Thompson's compiler hack is described here http://www.acm.org/classics/sep95/ but he says he first saw the idea in an earlier document (which doesn't mean it has been implemented at the time).
2006 marks my 30th year since my first exposure to
computers... so I guess I'm becoming something of an
Anyway, what bugs me is that the technology to avoid
most, if not all, of the potential damage from virii
is about that old. It dates to the days of the
mainframe (and later the mini), when people didn't
just share the same network, but the same machine
with others of possibly malevolent intent.
Since the rise of the PC, however, all that know-how
has been ignored and forgotten.
> That's nonsense. Everyone knows Apples don't get viruses.
Correct. Apples get worms.
My first pc-virus was the boot-sector mild form of ping-pong. And I remember how fun it was to remove it and restore the original boot-sector with pctools and edlin. :-)
Now things are pretty less funny, and I'm not sure I would wish it a happy birthday! ;-)
Minor correction. It was more adware than a virus. It's funny that the first virus was to make money and not just electronic vandalism.
Sorry for the off-topic posting, but the use of "virii" instead of "viruses" is one of my pet peeves. Depending on your idea of linguistic authority, you may either compare the number of occurrences on your favourite search engine, or read the following page:
Was a moth involved in the first computer virus? in the 1960's i believe please let me know
IS Brain still in circulation 2008/9 under the name ashar? Although it was theoretically adware and didn't cause dammage other than on floppy/hard disks, could it have never been disabled because of the uselesnes of this virus today?
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.