Early Days On The Anti-Virus Front: A Personal Perspective

An anti-virus programmer reminisces about the people and the organizations that were pivotal in the earliest days of the war against computer viruses.

20 Years Of PC Viruses


 A Brief History Of Viral Time

 The 10 Most Destructive Viruses

 Early Days On The Antivirus Front

      •  In The Beginning

      •  CARO And Beyond

 What To Do In A Malware Attack

 Virus Image Gallery

 Virus Timeline

CARO And Beyond

Most of the early antivirus innovators became involved in a group called the Computer Antivirus Research Organization (CARO). CARO quickly proved its worth in the early '90s with the advent of polymorphic viruses, which mutated from generation to generation.

The virus writers were attempting to avoid definitive virus detection by changing their viruses so that simple signature strings -- portions of a virus, uniquely identifying it -- could not be used. For a short while, the virus writers had a slight edge over the virus busters. This edge lasted for mere weeks as the CARO community got together and rapidly implemented code, developed independently but cooperatively, to fight this new threat -- a wonderful example of competitors working together for the good of all.

Inventing Viruses

A persistent accusation against the antivirus community is that it devises and creates its own viruses to keep itself in business. To the best of my knowledge, no employee of any anti-malware vendor has ever created or deployed malware. With an estimated 300,000 pieces of malware already out there, is there any need to do so?

Many of these vendors did insert signature strings for nonexistent viruses into their signature lists (the collection of viral signature strings used by an AV program). These bogus signature strings uniquely identified a vendor's signature list and provided an easy way to tell if dishonest competitors were helping themselves to its contents.

My own contribution to the bogus string database was for the nonexistent Capon virus. ("Capon" was the name of an acquaintance.) This is the first time this information has ever been admitted publicly. Shhh!

The antivirus world has changed dramatically since its early days. For one thing, there's a lot more than just viruses and worms to contend with. Today's list of malware includes spyware, rootkits, Trojans, drive-by downloads, phishing attempts, distributed denial of service (DDoS) attacks, and more -- and the bad guys will no doubt come up with more devious schemes.

As for me, I got out of active AV when there were too many viruses for one person to handle. There are now multimillion-dollar companies with massive staffs that protect consumers and businesses from an array of malware threats. Long gone are the days when all the AV players knew each other's names.

I took the money I made from my AV products, moved to a farm in upstate NY, and renamed it Virus Acres. I sometimes miss the excitement of the early days -- but not enough to go back into it!

Ross M. Greenberg is the author of the early antivirus programs Flu_Shot and VirexPC and was an early member of the Computer Antivirus Research Organization (CARO). He now consults and writes mainly on security-related matters.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing