But if they could, they would, on Diddly Bomb, for the best, expect the worst, I hope that's the case. Well, it's one week, almost, after the famed Michelangelo virus was to have hit and caused massive destruction throughout Western civilization. It didn't happen. And tonight, on Off The Hook, we're going to try and figure out why. And we're also going to try and predict the future and see if something like this could actually happen in the future, or if it's just a whole lot of media hype. We have a couple of special guests that we'll be talking to, and we'll be, of course, taking your phone calls at 279-3400. One book that deals with computer viruses, one of the few books that deals with computer viruses, is called The Little Black Book of Computer Viruses. And, in fact, there's a couple of books. Some are being thrown across the room at me right now. It's another one by Dr. Frederick Cohen, who's in the studio. Thanks for throwing that over here. A short course on computer viruses. We'll be getting to that as well. And we have on the phone, from Arizona, Mark Ludberg, the author of The Little Black Book of Computer Viruses. Are we coming through loud and clear out there? Yes. Okay. You've published a very interesting book. Actually, I understand it's part one of three, is that correct? Right. And perhaps you could tell us what the other two are. Well, the first volume is just basic, you know, how-to, how these things work. Some instructional examples of computer viruses, both viruses that attach themselves to files and viruses that are boot sector viruses. The second volume is going to be kind of scientific applications, how computer viruses can be used for, you know, in positive ways. And then the third volume is going to be kind of military applications and how the military can use these things. Okay. You're speaking in the future tense there, so I assume those books have not yet come out. No, they haven't. Okay. When do you expect those to be published? Volume two is planned for kind of the end of this year. And volume three is probably a year after that. Okay. As I mentioned, we also have Dr. Frederick Cohen in the studio with us. He's written a book called A Short Course on Computer Viruses and also is an attendee at the Virus Conference, which is taking place right now at the, what do they call that place, the Marriott Marquis or, it used to be the Penta, that's how everybody knows it, I think. The Summit. The Summit now? The Summit. Okay, well- It's all over the place. It's all over. Now, what is your view on the Michelangelo scare? Was that something that the media just created or was that a bonafide virus? The media didn't create it. It was created by some of the vendors of virus defense software and some of their media organizations to, I think, to sell software that was on the shelves too long. After software sits on the shelf for about 150 days, the vendors return it and you have to give them their money back. So you have to do something to create sales, so that's one way to do it. And you think that's what happened here? Oh, I'm pretty sure of that. If you listen to the media, you heard a couple organizations, one was a national computer security something or another and another one was national virus something something, announcing there would be millions of these things and that virus defense software was the fastest growing part of the industry, which of course is a fiction. So when you have people creating a fiction and the media picks up on it, not knowing the difference between the fiction and the reality, then they make a lot of sales and almost defraud the public. Now, speaking of Michelangelo, I just saw this press release from a guy out in Australia and he's claiming the credit for actually naming the virus the Michelangelo virus. Now, that's a question that has been brought up a couple of times. This is a boot sector virus, there is no real file attached to it, yet everyone's running around calling it the Michelangelo virus. So where did they get that name for it? Yes, it takes place on Michelangelo's birthday, but was that the original intent of the virus? I myself think that that's quite doubtful as there really wasn't much space in there for intent to be gotten across. It was not the intent of the virus writer. The guy that named it actually had a friend whose birthday was on March 6th and he was going to name it after his friend and his friend said, it's also Michelangelo's birthday. So he said, okay, we'll call it the Michelangelo virus. Well, is that just conjecture on your part? No, this was, I talked to the guy this afternoon who named it. The guy who named it, but the guy who wrote it? Oh, nobody knows who wrote it. Right, okay. Let me ask Mark Ludwig, do you have any idea who could have written this virus? Could have been just about anybody, really. You know, in writing my book, one thing I've found was computer viruses are really tremendously easy to write. Anybody who knows a little assembly language and sits down and wants to do it, could do it. Have you written one? Yeah, there are four in my book. And you've written yourself? Yes. Now, when you've written these computer viruses, how do you test them out to see if they will actually spread? Well, I have a few computer systems of my own that I test them on. And they've never gotten out, have they? Well, I've sold about 700 books now. I'm sure they have. No, I'm saying from your computer. I haven't let them go, no. Has it come close at any time? I've got to. Any panics, thinking that maybe these things are about to spread? Not really. I've tried to be real careful with them and use red disks and stuff like that rather than the black ones when I'm playing around with the viruses. Now, how do you think a virus like Michelangelo, let's say somebody writes a Michelangelo virus or the equivalent, how do they get it to spread? What do they do? They just leave a floppy disk lying in an office and that's it? Well, if I wanted to get it to spread, I'd take it down to a university. That's a great place for them to spread. Lots of students who don't have a whole lot of money and like to copy software. And it's just a good place. And how would you get them to copy that software? Well, I'd just go into the computer science department where they have some PCs sitting around and infect the hard disk. And with Michelangelo then, anybody who puts a floppy disk in the drive and copies something off or something like that automatically gets the virus with it. Very interesting. As I mentioned, the announcement from Australia that this gentleman named Roger Riordan was actually the first person to call this the Michelangelo virus. He says, in my talk last year, I mentioned we had found a new boot sector virus a few weeks before. This overwrote the hard disk if you ran an infected PC on March 6th. And as this was Michelangelo's birthday, we had named it Michelangelo. Thus, you can claim that the first public announcement in the U.S. of this now notorious virus was made at last year's conference. If this is of any value for publicity purposes, feel free to use it. And I'm sure it's very valuable for publicity purposes here. That's the story of Michelangelo in case all those people out there were curious as to how it got the name. This is apparently where it came from, from Australia. Does that make sense to you, Dr. Cohen? Yeah, that's clearly where that particular name came from. I don't think it's particularly interesting where the names came from. Well, it's something that the media doesn't seem to have a fix on because we've been hearing all kinds of scary stories about this virus that was set to go off on Michelangelo's birthday. And that makes you think, well, that would mean it has to be somebody from Europe. You know, people have all kinds of assumptions. That's a fiction. There are well over a thousand viruses now out in the world. So, on the average, any given day of the year, there will be about three of them that will go off. So, it's no particular indicator that it's March 6th. There's one that goes off Friday the 13th. It's a very common virus. That's coming up in two days from now. There's another one that goes off the 16th of March. And almost any day you want to name. Tell me more about the St. Patrick's Day virus. Is that coming up? I'm sure that if you want to have one, it's easy to have one. I just made one up. I think you're right about that, that almost any day there will be a virus of some sort. Have you ever been a victim of one? No, I've never had a problem with viruses because I use very safe precautions. I'm actually the person that wrote the viruses in the first experiments and did the first experiments on viruses. So, I'm very familiar with how you'd be careful, etc. Also, a lot of people misunderstand that viruses are not just a PC phenomena. The first experiments were on time-sharing systems. And we found you could take over an average time-sharing system in under a half hour by launching a virus. So, it's not just a PC thing, but that's where people seem to notice the most today. Now, you claim to be the person that coined the phrase originally, computer virus. Yeah, actually. When was that? 1983. And before that there was no such thing? Or nobody had a name for it? There were self-replicating programs. I came up with the term computer virus. Actually, Len Adelman, who was a professor of mine at the University of Southern California, I was a PhD student there at the time, came up with the word virus. And so, his name should be credited with the name computer virus. But I'm the person that published the first scientific papers on it. I figured out that these things could spread through our best military secure computer systems and throughout the world and these sorts of things. And there were viruses before this. There was a famous worm program that ran at Xerox that was used for parallel and distributed processing. There was a bit error somewhere in the worm program and it brought down the whole Xerox worldwide network for a period of time. Mark Ludberg, what is your definition of computer virus and how would that compare to, say, a worm, a Trojan horse, all these different phrases we hear bandied about? Got the guy who coined the phrase right there. I kind of consider a virus as something that attaches itself to another program with the purpose of reproducing. A lot of people give it the added connotation of being something that's destructive. But the destructive nature is not necessarily, is not necessary for a program to be a computer virus. Do you have any instances of a computer virus that's not destructive? Well, the four viruses in my book are not intended to be destructive, certainly. They don't have any code in them that's, you know, designed to destroy a hard drive or anything like that. Their sole purpose is to reproduce. There are, you know, a fair number of viruses out there which are not destructive. They're called benign viruses. Well, apart from being non-destructive, are there any that are beneficial? Is it possible for a virus to be beneficial? Well, I think that's kind of a subject of debate right now. You know, all the press they get is that they're destructive. I'm kind of trying to look at them in terms of what they might benefit science. You know, they might not benefit the average guy on the street who has one on his system, but they might be very beneficial in terms of what can we learn about life? What can we learn about subjects like evolution through computer viruses? One very interesting thing about them is that, unlike a living organism, which, you know, we can't create in a laboratory right now, we can devise all kinds of computer viruses and control them very carefully. So I think there's some interesting possibilities there. I'd like to read you something on benevolent computer viruses. We'll get back to the definitions in a moment. Advanced Systems Protection released today, I assume it's today, because that's when I was handed this piece of paper, the first widely available commercial application of benevolent computer viruses. Payback is an automated bill collection system that uses benevolent computer viruses to automate the bill collection process. For each unpaid bill, Payback births a tiny expert bill collection virus from a virus gene pool. Each virus individually replicates and evolves, reacting to the specifics of the individual collection case and responding individually. Unlike malicious computer viruses, Payback's viruses are very safe. Safety is maintained in Payback through the use of a special viral computing environment designed so that Payback's viruses can only operate on machines where that environment is installed. This makes Payback completely safe from the undesired side effect of malicious viruses that spread to machines where they are not desired. Fred Cohen, any comment on this particular benevolent computer virus? Yeah. In fact, from the beginning of computer virus research, we knew that there were benevolent applications. The initial research results showed that anything that you can do with computing on a computer, you can do through evolution of computer viruses. The only issue then is, what's the more efficient way to do things? So with computer viruses, we have some advantages. For example, in a distributed system, viruses distribute themselves throughout a network without anybody having to explicitly tell them where to go. If a machine has more time, more viruses can live on that machine. So there are some big advantages to using viruses, but of course there's a big disadvantage in the potential safety hazards. So you have to find a safe way to implement it. Otherwise, it's a perfectly reasonable way to perform computing. Also, I should point out that in the first paper on this, in 1984, there was a compression virus that was intended to spread throughout a computer system, compressing executable files and decompressing them at execution time. This would save approximately 50% of the disk space on typical computer systems in exchange for a small increased time to start running them. I see. Now, just to finish off with the definitions we started with, Trojan horse, anybody want that one? A program that does something that's not documented. Okay, and a worm? A worm is a special case of a computer virus. It's commonly now defined as a program that replicates and then runs the replica after replication. As opposed to a virus, which... It can run or not run the virus replica after replication. Most computer viruses today don't automatically run the replica. Rather, if somebody runs the program containing the replica, then it continues to grow. So the sole purpose of a virus is to replicate? Replicate and evolve are the properties that make something a virus, but it doesn't necessarily have to be the sole purpose. A virus can include any additional code with it, and that code is brought along during the replication process. So it's a very convenient way to distribute processing across a network, for example. Okay, Mark Lubeck, are we in agreement here? Any major differences in terms? Yeah, I might just say that the Trojan horse is really a program that does something that's not documented intentionally, as opposed to a buggy program. Okay. It's like in Troy, right? Yeah. Okay. Now, recently we heard something else in the media about the Gulf War printer virus. Now, it sounds almost absurd that through a printer, a virus could be set loose to do all kinds of things in time of war to cause military problems for the enemy. I'll give this to Fred Cohen first. What do you think that actually was? It's just propaganda we're being fed, or is it possible to actually set a virus loose through a printer? Well, you asked a couple of questions there. One of them is the U.S. military does do research, funded research on the potential use of computer viruses as a military weapon, both against us and against our enemies. In addition, it is possible to write a computer virus that will start at a printer on many of today's printers and networks, and the reason is printers today are not like printers of the past. Printers of today now have network connections and can send packets over networks, and they're used in a lot of different ways. So it's possible. The third part of your question was, do I think it really happened in the Gulf War? And the answer is, I doubt it. Mark Ludwig, your interpretation. Yeah, I think it's a pretty far-fetched thing. You know, it's possible. There are a lot of things that are possible, but to get the virus in there, to get it to do what it supposedly did, at just the right time, seems like a very difficult proposition. You'd have to know as much as the NSA or something to do that. Now, that's something that I was mulling over myself. If such a thing were possible, why would they take such pains to tell us that it was possible? Wouldn't that be sort of self-defeating for any future such application? And then that leads me to ask, well, then, what is this all about? I guess nobody really knows. Okay. Now, for those people out there, listeners that are living in fear now with their computers that we convinced them to get years ago, now they have them, and now they think that any day now something horrible is going to happen, apart from just telling everybody to back things up, what should we be passing along? What bits of wisdom and... What kind of care can they be taking to avoid tragedy? Fred? Well, I'll go back to the United States government. The U.S. government has this strange policy of protecting secrecy, and they've pushed this so hard into our society and pushed so hard against maintaining integrity in our computer systems that our computer systems simply don't have anything to maintain integrity. So there is a problem, and the problem is that we haven't pursued integrity in computer systems the way we should have. There are a lot of products on the market now that are reasonably effective against current and many future viruses, but if you hear somebody say, my product will protect you against all current and future viruses, you should not buy their product, because they're not telling you the truth. Okay, Mark Ludwig, your comments. Well, that's true of what Fred said. I think you really set it back up. You know, there... Anybody who had the Michelangelo virus on their system and backed up Thursday night would at most have an interesting morning the next morning. Do either of you know anybody that was affected by Michelangelo? I disinfected the system on Thursday before it went off. The worldwide reporting is that approximately four-tenths of one percent of the computers worldwide that tested for it had it. However, that's somewhat speculation, because approximately that percentage of all the computers in the world on any given day will have a disk failure that does about the same thing as the Michelangelo virus anyway. Well, now, I assume by that you mean that four-tenths of all PCs that were tested for it. Or do you mean four-tenths of all computers? Because a lot of computers are not PCs. It turns out that well over 90% of all the computers are PCs, so the numbers wouldn't be very different, but, yes, we're talking about PCs. Okay. All right. Now, we'd like to invite our listeners to give us a call, and if they have any questions, we'd also like to know who's been affected by Michelangelo. We'd like to know if people actually had their hard drives trashed, if there are any listeners out there that felt the wrath of this kind of thing. And also we'd like to know what you did. We're going to have a computer on on Friday, and those of you that don't have computers, feel free to call us, too, and let us know how your particular perspective on all this has changed. What do you think? Do you think we're all mad for living with computers and dealing with this kind of thing? Do you think it's going to get worse in the future? And we have with us Mark Ludwig from Arizona, who has written a book, and their address is PO Box 41401, Tucson, Arizona, zip code 85717. Mark, I believe there's a phone number, too, people can order it by, is that correct? If they'll just send 1495 to that address, that's the best way to do it. Okay. And we also have Dr. Frederick Cohen in the studio with us. He's written, I imagine you've written more than one book. A number of them, yeah. All right. We have here a short course on computer viruses, which is available on ASP Press. And how can people get a hold of this? You can call 412-422-4134. Okay, which is in Pittsburgh, is it not? Yes, it is. Okay. All right. Our phone lines are open to you, our listeners, 212-279-3400, if you want to ask either of these experts a question on computer viruses, or just lend your particular observations to this discussion. Good evening, you're on the air. My question is, one is, what do your guests feel or know about the psychology of the people who write these destructive viruses? Is it just ordinary vandalism, or does it go deeper than that, or that kind of question? And the other thing has to do with, as I understand it, all the antiviral programs are based on some kind of pattern recognition of existing viruses and similar viruses in the future. But does anybody know of or have any plans to create kind of an intelligent antiviral program that would be based on understanding a kind of what you want the computer to do and defeating anything that prevents that from happening, like the human immune system, that kind of thing? Is that possible? A couple questions you asked. First of all, who writes them? It's typically not the people that you'll hear in the media, the so-called hackers. They do not tend to write these things because it's a very different sort of thing than what most hackers tend to do, if you believe that the term hacker is a good term. In terms of more generic defenses, there are much better defenses than the ones that you're talking about. What you really see is that the companies that are selling the most defenses are the products on the market that offer this much better protection that's much more long-term. You say integrity shell. Is that along the lines that I just drew, sort of like an intelligent program that recognizes how the computer's supposed to work as sort of a homeostasis and then will defeat anything that upsets that? The integrity shell technique examines the information and it's not a simple automated decision-making that you dictate to it. It might automatically recover from online backups, refuse to run the program, attempt a virus-specific cure, etc. But if you install something that's botched in the first place, it's not gonna know the difference. That's true. On the other hand, the virus will not be able to spread successfully because as soon as it takes one step of infection, it becomes a secondary infection, which in effect prevents viruses from spreading very far. I would just submit that I feel, even though I don't even own a computer, I'm thinking about buying one and hearing all this stuff about viruses really puts me off because you think, well, here's a realm in which logic and intelligence and all these good qualities of human nature can finally come to dominate. And even in this realm of computers and data processing, destructive nature emerges. I put it down to petty, nasty vandalism coming from sick people. It's very sad that as systems become more and more complex and more and more interactive, that complexity and interactivity is gonna be defeated. We have to have our guard up even in this blossoming technology. I think it's sad. Let me ask the listener the question then. Do you think it's a person? Do you think it's a bunch of people? I think more often than not, my instincts would say it's an individual person rather than a group of people because it's harder for a group of people to conspire in such a sick way. I think it's more likely an individual person who's probably very smart and may feel frustrated or suffering in their life and they just want to basically lash out. It's the same kind of reason people do vandalism in general. It's a negative emotional reaction that takes the form in the existing world of a destructive act. Again, I say it's sad because in this realm of computers the technology is so potentially good but even this sort of new horizon for human activity has become polluted with this crap. I guess we just have to, like I said earlier, deal with that by designing some kind of a computer immune system. Let me ask our other resident expert, Mark Ludwig. Do you agree with that assessment? I think there are a number of possibilities but it's really hard to assess not knowing who it is. It might have been somebody who was just ticked off. Whether they're ticked off at the world or they were ticked off at one individual employer or something like that, you just don't know. Results could wind up killing somebody. Let's say a hospital or a doctor's office where data is precious. Precious time is lost for a heart transplant. There's all kinds of scenarios that could be not just disastrous but killing people. Technology is a two-edged sword. You have to also realize that there are computer systems that are used effectively to track people and perhaps even to kill them or to kill somebody in their family line. In that circumstance, if a virus got in there and destroyed all that data, you would think it was saving human lives. I think you have to take things as two-sided and consider the ramifications of what you do. If such a scenario does not exist already, certainly a scenario like that given today's technology would not be too far in the future. The American Committee, I believe, gave an award for the best use of new technology to a country that did this. I think it was some people in one of the computer societies that said that that particular country should win an award for having the best database of all their citizens. That's something to be proud of, I guess. Let's take another phone call. Good evening. You're on the air. I have a couple questions about viruses. Computer professionals have sat down and looked at the level of generation of the program language to determine what kind of viruses are being written for that, whether or not they're being written in the machine-level language or some other higher-level language. What languages are the most popular? Which level, as far as generation of languages are being attacked by these viruses? The viruses will attack essentially any program. They tend to be written in assembly language more often than other languages, but there are, for example, viruses written in the macro language used by dBase, so they actually spread from database file to database file. So if they're written in assembly... No, no, no, not written in assembly, written in the dBase macro language. Okay, so if they're written in a dBase macro level, which generation of languages would that be? Well, I don't know how you classify generations. I think most people would say that that's a third-generation language. Okay, what about issues of robustness as far as how viruses affect the robustness of a system? Have there been any studies based upon that? Not that I know of. Okay, how about different platforms for computers? Have there been any studies on that as far as which platforms? There have been viruses on essentially every computer platform that I'm aware of. Now, remember, over 90% of all the computers in the world are PCs. Also, PCs are inexpensive and therefore widely accessible, so you would expect that 90% or so of all the viruses would be PC viruses, and that's about right. Now, when you say 90% of all computers are PCs, you're talking about MS-DOS computers, PC compatibles? Yeah, IBM-type PCs. 90% are PCs, maybe 8% are Macintosh, and the rest are everything else. And workstations are now getting to be a larger percentage of sales, but there are a couple hundred million computers in the world, and almost all of them are PCs. Are you counting mainframes? What kind of data structures or algorithms are we talking about when someone has created a virus? What kind of data structures and algorithms? Can you speak on those? We have approximately 8 characters written in the command language of Unix... ...worldwide containing copies of computer viruses. So we don't need to put them in our defense products to get them out there. They're out there anyway. In terms of the defense products protecting themselves, most of the better defense products have methods to detect whether they have been corrupted, and if they have been corrupted, they can identify it or attempt to automatically correct it. Now, none of these mechanisms are perfect. There is no perfect defense against computer viruses except absolute isolationism. That is, not getting any information from anywhere. On the other hand, if you were completely isolationist, you couldn't put any programs in your computer, and it wouldn't be very useful. Yeah. I'd like to also just... Someone mentioned it about Michelangelo, and I was just agreeing with him that I had the same suspicion that it was a software company that had put this into play, because I know there are a lot of viruses, yet I've never heard a virus covered so much by the mainstream media as this was. And why do you suppose the media harped on it so much? Another aspect to that, it was covered a lot, and it was also covered well in advance of the actual date to give people plenty of time to go out and buy antiviral software. And a lot of people did, and a lot of software companies make quite a bit of money off this, so you have to ask yourself who benefited. Right. Mark, any comments on that? Well, that's true. I would hate to think that somebody did that. On the other hand, I've talked to several people who work in this field, and some of them have been totally ticked off at me, wanted to have me arrested for writing the book. Some of them have said, oh, that's great. We'll sell more software, and you can sell more books. So there are a wide variety of attitudes out there, and it's certainly not beyond the realm of possibility that somebody writing the viral software could have done this. Now, on the back of your book, there's a warning. It says, this book contains complete source code for live computer viruses, which could be extremely dangerous in the hands of incompetent persons. You can be held legally liable for the misuse of these viruses, even if such misuse is unintentional. Do not attempt to execute any of the code in this book unless you are well-versed in systems programming for personal computers and you are working on a carefully controlled and isolated computer system. Do you have any guilt pangs, thinking that maybe somebody might try to compile something, and it'll get out, and it'll all be your fault? Well, the viruses in the book are benign. So hopefully they won't cause too much damage. When you say benign... There could be the system that they're not compatible with, or something like that, where they could crash it. But I really think that this country was founded on the principles of freedom and responsibility that go hand in hand. When you say benign, they do replicate into systems without permission, and a lot of people would claim that that feature alone makes it malicious. That is, the fact that it comes into my system without my permission makes it malicious as far as I'm concerned. So that is a case for saying that there is no such thing as a benign virus, at least if it's designed to operate in the environment that's commonly available. Right. Oh, that's true. I won't apologize for it. Can I ask you a question? Yeah. Why did you provide source code for workable viruses instead of taking the tactic that I and many other researchers have taken to write pseudocode so that people can understand how it works without giving instant access to potential damage? Well, I mean, I think that... I've read some of these books that give pseudocode, and it's nice, but as a programmer myself, you know, you can only come to a certain level of understanding with that. You've really got to be able to explore it personally. Okay, let's take another phone call. Good evening. Hello, John. A couple of things that came up tonight. First, you mentioning people having remote, having databases all over the world in these countries. That was brought out in the Insulet stories that we have put out for the country's product that they can keep track of their citizens. Second point, on defining who writes viruses, we're oversimplifying. We know there are people that have written viruses just to see how to do it, to see if they could get it out there. Not necessarily malicious, perhaps irresponsible, but I think it's overstating to say that they have a chip on their shoulder and they're out to be vandaled. You think it's just an experiment that might have gone wrong? Yeah, I think irresponsible in some cases is better than to vandal. Third thing, we talked about the press overreacting to Michelangelo. There was also a whole bunch of misinformation that this show and the computer show last week had to get rid of. Even on the day the virus hit, it was published in many places that if you had Macintosh, you had nothing to worry about. In fact, some folks with Macintosh that were running soft PC did get hit because they got hit on the PC side. No one had ever thought that step through and said, well, how about this? Also, of course, people running OS2 and in some cases Unix on Intel type machines could have gotten hit and did get hit at times. I think we made a big deal of the Michelangelo virus, but we also put out some misinformation. Have you mentioned the virus conference that Fred's and you're going to be at? Yeah, we'll give the information for that at the end of the program as far as exactly where it's taking place and how people can get involved and that kind of thing. Any further questions for our guests here? No, I'll see you tomorrow. Okay, thanks for calling. Our phone number is 212-279-3400. I'd like to ask both of you a question concerning the publishing of code because as we mentioned last week on this program that we are planning in 2600 to publish the code for the Michelangelo virus. I don't think that's a good idea. A lot of people think it's something that deserves to be seen by the general public. Let me ask both of you, if a computer can be completely compromised by a page or two of text, is there something fundamentally wrong with the way the computer is designed? Fred, why don't you go first? I don't think there's anything fundamentally wrong with the way the computer is designed. It's just the nature of the beast. Another issue that you bring up is whether it's reasonable to publish the code of this particular virus. I have very mixed feelings on it. On one side, I believe that anybody who seriously wanted to get a copy of it could get one without much problem. In fact, anybody who wanted to write one of their own wouldn't be particularly worried about a great hazard from you publishing a copy of this. On the other hand, there are certainly some people out in the world that perhaps would modify it to have a different date on it, and maybe if there are 364 of them, then we'll have one that goes off on every day of every year everywhere, and that may not be too friendly. What do you think would happen if such viruses started running rampant? What would people do to defend themselves against that? If you go to a different sort of software, instead of going to the software that looks for specific known viruses, of which there are well over 1,000 now, and there will probably be 2,000 by the end of this year, if you go to a more generic defense, there are defenses that have been out in the market since about 1986. In fact, one of the defenses that's been out in the market since 1986 would have successfully defended against the Michelangelo virus without any difficulty at all. There are several long-term sorts of solutions that I think are a better idea. Mark Ludwig, do you think there's something fundamentally wrong with today's personal computers if they can be so easily attacked by viruses? Well, I don't think so, because they can be so easily defended as well. Like Fred said, there are good defense mechanisms out there. People back up their computers. A computer virus is not the kind of threat that will destroy years of your work. It won't do any physical damage to your machine. I have to take a small exception to what you're saying. What you said is true of virtually every virus that's out in the world today. However, if you look in a little bit more depth, it's very straightforward to write a virus that, for example, doesn't do any damage for 6 to 12 months. Then it will be in all of your backups. So you do your backups diligently, and then you get destroyed, and you recover from backups, and everything gets destroyed again, and you go back 2 months, and it gets destroyed again, and it gets destroyed again. Evolutionary viruses, if they were also caught in your backup system, you wouldn't be able to detect them simply by looking at copies of the thing that did damage. So there are certainly sorts of viruses that we haven't seen dominantly in the real world yet, but that are feasible, that are much more disastrous, and that backups are completely ineffective at defending against. Do you think it's possible to write a virus that surreptitiously inundates itself among your system and other systems and have it develop to the point where if you were to get rid of it, then your system would collapse? A virus that you become dependent upon. Let's say you put a virus in that encrypts files until you ask for them, and then it decrypts them. Now, were you to destroy that virus, you wouldn't be able to look at any of your files. Has such a thing ever been tried, or do you think it's even possible? It has been done experimentally. There are a wide variety of much more interesting viral attacks than the sorts that you've seen. I say interesting. You might call them very nasty. For example, you can create a virus that weaves itself into the code of another program, so that it becomes such a vital part of that program that if you tried to take out the virus, the program would collapse under it. However, we do, for most programs, have original copies. So even if you completely destroy the viability of the program, go back to the original copy and you're relatively safe. There are also these so-called encrypting viruses, for example, that could encrypt most or all of the data that's on a disk, only decrypt it during execution, as you described, and that would certainly be a more serious threat. However, if you have reasonable integrity precautions on your system, not security, integrity precautions on your system, this thing is extremely unlikely to occur. Okay. Let's go to another phone call. Good evening. You're on off the hook. Someone mentioned the fact that something had existed since 1986 to deal with viruses. I was wondering what exactly was that? Fred, you mentioned that. Yeah. I'm here as a scientist, so I don't want to name product names, but there are products that have been on the market since that time, and a couple of them are relatively well-known companies. Well, how is it possible that a product of 5 years ago would be able to look for something that was only invented, say, last year? How would it know to look? Because the nature of the defenses in these products are relatively generic. For example, some of the products will automatically recover memory to a previous known state of memory and then start examining parts of the computer system. If they happen to look at the partition table, which is the part of the system impacted by this particular virus, and check to see if it's changed, they'll notice that it's changed and then presumably recover from an online backup. This is now very commonplace. The virus was not only detected, but automatically corrected this virus the moment it entered your computer and prevented it from spreading further. Mark Ludwig, do you agree with that? Yeah. Okay. Let's go to another phone call. Thanks for that particular call. Good evening. You're on the air. Are you there? Go ahead. Yes. Hi, Art. This is me, Art. Do you remember me? Good evening. You're on... We don't want to hear that again. Please take the phone away from the radio and begin speaking now. Yes. I'd like to have you read the book Madame Curie that was published in the 1920s or 30s or 40s. It tells that Madame Curie won two Nobel Prizes, died of radiation poison, and she invented X-rays. So remember, I have proof. Okay. Well, thanks very much for... It must be something about those lower phone numbers down there. We always get the strange people there. Good evening. You're on the air, and you're at the very top, so you must be normal. Okay. I find that it's kind of hard for you guests to speak about a virus. I mean, as far as me believing them, as far as a virus being benign, I have mixed feelings because they said they haven't done any serious studies in relationship to robustness. I have problems with that. Also, can you... It sounds like you were on before. Were you on before? ...or give out any heuristics that someone may want to use as far as discovering and handling viruses? Okay. I'll let either one of our guests take that one. Mark, how about you? Do you want to shout at that? As far as discovering and handling viruses, like what? What do you want to... Well, actually, our caller has left us, but... There's a well-known consultant in the New York area named John David who said that if you get hit by a computer virus, you should turn off your computer and call an expert. And for that particular caller, I think that would be appropriate. It seems like the defense, though, is probably very simple. Regardless of what kind of computer system that you have, if you keep backups... I mean, is there any way that keeping backups can hurt you? Except that it takes time to take the backups. But once you get into the habit of doing it, is it something that you do maybe once a week? It's much better than that. Many networks now have automated systems for performing backups, so they'll regularly perform a backup to the file server, and then from the file server it gets put on a tape. Well, those are networks. What about personal computers? Oh, you have to go to those sick backup programs with the floppy disks. And if you use the one that comes with DOS, you're in big trouble. That one takes forever. You find out you needed 90 and you only had 89 ready. That's incredible. Mark, any advice for people with personal computers? Do they backup once a week, or how often? Well, the way I advise people is you decide how much you can afford to lose. If you can afford to lose a week's worth of work and not be really upset about it, then backup once a week. If you can afford to lose a day's worth of work, then backup once a day. OK. 212-279-3400. Good evening. You're on the air. Yeah. Reminds me of a story of an auto glass place that used to go out at night and break windows. Which came first, the virus or the answer to it? When did we first discover this Michelangelo virus? Did we hear about it in advance by people who kind of supplied us with the answer to it? What's going on? It was discovered about a year and a quarter ago in Australia by, I believe Mr. Reardon is his name, Dr. Reardon, one time a professor at a university in Australia, who went into the virus defense industry. And we've known about it for some time, and it's a minor variation on another virus that's been around for a number of years beyond that. And what virus is that? The stone virus, which people believe originated in New Zealand and puts a marijuana leaf on the screen and says legalized marijuana, which may account for its great ability to spread. I know there's no way to prove that someone is doing this for profit, but it just seems like someone created a market, you know? Well, it's certainly not inconceivable. Thanks for calling. And again, our telephone number is 212-279-3400. Good evening. You're on the air. Hi. Well, to follow up on the last caller, you think it was just the antiviral software people who were responsible for all the hype about Michelangelo? Or could it be a deeper conspiracy by a government who wants to make its citizens less tolerant of so-called hackers? Well, there could be all kinds of possibilities. Mark, what's your personal opinion? Well, I mean, it might have been, you know, somebody in, you know, the antiviral industry who started it. I really question whether it was somebody like that who was really responsible for all the media hype. I don't know why you would... If you think about it, the whole concept of some computer virus in an office gobbling up data on machines is just so bizarre and so foreign to most people that it makes a good news story. Oh, it makes a great news story. All the media outlets were full of it in more ways than one over the last week. Yeah, I mean, it's just a natural form. They gobble it up. Yeah, but I don't know why anybody would think it was a conspiracy. I mean, maybe 10 years from now, you'll hear it as one of the great marketing ploys of all time. Yeah. You know, I don't see it as a conspiracy, really. Mm-hmm. I don't think the antiviral people have that much clout with the media. Uh-huh. Well, I don't think it takes too much to fool them to get them to do your work for you. But then again, that's something that's open to conjecture. Can you give us an idea of what we have ahead of us? We've got the Friday the 13th virus. We've got the Ides of March. What are those viruses supposed to do? Where do they come from? Mark? Uh... They're all kinds. Uh-huh. Do you know those two in particular? Um... The Friday the 13th virus. Uh, I'm really not familiar with some of those. Mm-hmm. As to what they do. I know, for example, that Jerusalem goes off on Friday the 13th. Um... Uh-huh, and what does the Jerusalem virus do? It trashes... I believe it trashes out EXE files on your system. Executable files? Yeah. Um... Fred, do you agree with that? That's about right. Okay. Do you know anything about the Ides of March virus, which is for Sunday? First of all, when you talk about particular viruses, you're giving names to viruses that actually represent maybe 30 or 40 different variants each. Mm-hmm. The first copy of the Jerusalem actually, we think, came from Jerusalem. It came out of Hebrew University, I believe. It was 1988. It became widespread. At that time, it apparently moved into the Mossad, and then from the Mossad, which is the Israeli Secret Service, into the U.S. Secret Service, turned from there into other places. It showed up that year on IBM bulletin boards and impacted a fairly substantial number of systems. It was detected and disinfected in large part because of the efforts of the researchers at Hebrew University at that time. But because it spread far enough, then there were maybe several 20, 30 different people that made variations on it, changing dates, adding extra features, improving, in quotes, upon that virus. Okay. We're out of time. I want to thank those people for calling in and giving us their questions and feedback. I've been speaking to Mark Ludwig, author of Little Black Book of Computer Viruses, and Dr. Fred Cohen, who is a virus expert and has also written many books on such things. I'd like to give both of you the opportunity to tell people how they can get more information from you. Mark, why don't you tell us how people can get a hold of Little Black Book of Computer Viruses. You can get the Little Black Book of Computer Viruses from American Eagle Publications at post office box 41401. That's in Tucson, Arizona, 85717. And it's $14.95 postpaid. Okay. Fred, how about your particular book? Dial 412-422-4134. And what is that number that goes to? ASP. Okay, the publisher of Short Course on Computer Viruses. All right, and that's going to just about do it for us here today. This has been Emanuel Goldstein. The program has been Off the Hook. We'll be back again next week with a scandal. Yes, we've got a special scandal to unfold for everybody. And those of you interested in computer viruses might be interested in the 5th International Computer Virus and Security Conference taking place tomorrow and Friday at the New York Marriott Marquis and Summit. And I believe this phone number here is the right number to get a hold of, 800-835-2246. That's the number to call anybody interested in that particular conference. Thanks again for listening. Stay tuned for The Personal Computer Show here on WBAI-New York. ♪♪ ♪♪