This action might not be possible to undo. Are you sure you want to continue?
The culture of the virus
The anti-viral industries are engaged in a battle against the natural. Self reproduction is embedded deep within the technology of computation and by default its history and culture. Martin Howse sieves out the viral seed under both open and closed coding models
ree software exposes code and illuminates context, shedding a wide light on technologies and extruded economies, rewriting histories and creating a meaningful culture. In the ﬁeld of the viral episodes such as the Bliss affair, in which free software rubbed shoulders with the anti-viral industry, exposing hype and deception, prove particularly illuminating. Free software also provides a handy lens with which to view both code and its culture as inherently viral. And of course the GPL as virus is a common theme kicked off by Microsoft and subsequently embraced by both the Free Software movement and its opponents, yet there can little doubt of its concrete viral nature in reproducing a license text ﬁle across thousands of software directories and which implicates subsequent code releases. Though implying damaged nature, with roots in Latin referring to poison and venom, the viral can well be viewed as benign in this light - and the evolution of the computer virus does show that healthy experiment and the same prankster spirit that is embedded within the hacker ethic so dear to the free software community lie at the origins of the computer virus. Such histories need to be teased out and contrasted against the tedious contemporary machinations of script kiddies and the like unknowingly implicated within vast machinations set in motion by morphing executables and resulting in escalating security measures eroding the freedoms of the user. After all, DRM and trusted
At the same time, viral technologies could readily be explored and exploited within an open context and under the heading of a new notion of promiscuous computing. One example within contemporary aesthetics is the project ‘Life Sharing’ from 0100101110101101.ORG which opens up all the artist’s machines for free access. Parallels abound with the totally open and password free ITS or Incompatible Time Sharing system which pioneer hackers such as Richard Stallman used back in the day at MIT. The link to free software is both historic and essential. Computer viruses can readily be viewed in this openly reproductive light, with contemporary networked fears reﬂecting nothing more than an age-old recurring panic over promiscuity. It’s now a question of electronics, of the free exchange and ﬂow of information, and it’s interesting to note that headline searches under google for the term promiscuous reveal no salacious details, rather affording somewhat dry coverage of a mode for wireless
The viral, as obfuscated and self reproducing executable segment, exists in strange relation to open code
computing initiatives can guarantee and manage both content and executable. And it’s worth noting that free software participates little, other than on the side of prevention with apps such as ClamAV, in the spawning mass of viral nature. That’s very much a proprietary affair, which is not to say that viruses cannot be written to run on GNU/Linux. Examples exist, yet there can be little doubt that the viral, as obfuscated and self reproducing executable segment, exists in strange relation to open code. devices under which the card will receive and share in all network trafﬁc. The intended recipient, the trusted and known partner, is irrelevant. Promiscuous computing, in common with efforts such as the GNU/ Hurd which attempt to wrestle control from the hands of a privileged and monolithic kernel, is all about freedom, addressing the segregation of functionalities at the stacked levels of network, user and code or process. Talk of segmentation in the kernel source code and within CPU design is talk of segregation. And Robert Slade traces the roots of the term worm to the wormhole like debugging traces of rogue programs which had escaped from within their boundaries or partitions. Sacriﬁcing banal functionality in favour of open experiment are the watchwords of a move towards promiscuous computing which recognises that code and kernel policy are political matters.
The culture of the virus
28 LinuxUser & Developer
From humble and inauspicious beginnings rooted within academic recreation and imaginative ﬁction, the culture of the computer virus has exploded to embrace hardcore scientiﬁc research, forensics, serious networked security issues and an expanding and highly questionable underground movement with increasingly opaque motivations. The symbiotic relationship between the virus detection, and protection industries and this burgeoning and highly explosive subculture proves a highly rewarding area for further study, with both parties locked in cold war style escalations little assisted by industry hyperbole.
LinuxUser & Developer
The culture of the virus
The culture of the virus
At a reductive level it would appear that the multi-million pound anti-virus industry exists solely thanks to the efforts of a rather unhealthy gaggle of rebellious teenagers. If we can compare virus writing to say tagging it appears as a pretty lucrative paint removal business. Yet though easily and perhaps correctly viewed as digital vandalism, in common with grafﬁti, it is also a culture and has rarely been viewed from such a perspective. Parallelling the contemporary histrionic rise of scamming, phishing and spamming the viral also enters economy at another serious level other than that of Symantec and co. Writers are beginning to ply their trade for hard cash. And at the same time cunning technology is being replaced by embedded and heftily remote social engineering. The virus can now be viewed as social software running on the insecure OS of misinformation. Yet rather than attacking virus authors from the sheer perspective of supposed and inﬂicted damages, it’s easy to prove from both technological and cultural perspectives that the virus is as natural to computation as it is to our own bodies and cells. The viral, by way fo Joseph Von Neumann and cellular automata, is embedded within the history of computation, and within core technologies. Nearly all computation involves replication, with software copied across media, disk, memory and processor cache. And the compiler is totally implicated within the viral scene. In both human and machine instances a virus is of course seriously harmful but it does pay to consider the wider context free from hot blooded assumption. The virus shares much with other contemporary demons with the war on terrorism presenting another battle against an ill speciﬁed, largely invisible and in some cases ﬁctional target laden with emotion and politics.
Biennale.py source code
WORD MADE FLESH
In throwing the spotlight on a tight knit of ﬁction, economics, culture, community and code, Bliss could easily be regarded within the frame of contemporary aesthetics, which often attempt such feats but rarely succeed. One decent example, again prompting panic amongst the uninitiated and amply demonstrating how taboo the topic of the viral, except from the supposedly scientiﬁc viewpoint of the heatedly anti-viral, is the biennale.py work fake virus distributed in textual form on T-shirts by hardcore artist group 0100101110101101.ORG. With source code making textual reference to sexual promiscuity by way of a party variable and fornicate function amongst others, biennale.py neatly wraps up viral issues of responsibility and distribution. It’s enough to mention the words artist and virus in the same breath to cause the very heat death of unknowing media. That biennale.py was largely a hoax, and parallels with the T-shirt distribution of DeCSS source, make of it a neat conceit. Yet, biennale.py was by no means the ﬁrst of such viraloccupied artistic pranks. In the eyes of net art critics such as Tilman Baumgartel and Florian Cramer, the MacMag virus, itself one of the ﬁrst to attack a personal computer, pipped it to the post by a good 13 years. MacMag was distributed as a HyperCard ﬁle, which when opened installed an extension which would cause the machine to display a cheesy new age style message on startup. MacMag was reproductive, spreading by way of exchanged system disks and the author, or rather commissioner of code, publisher of Montreal-based MacMag magazine Richard Brandow was eager to claim responsibility. He claimed alternately that the value of the virus lay in its message promoting world peace, and that, in the words of Slade “he wanted to make a statement about piracy and copying of computer programs.” Stallman’s attitude to such issues could easily be inserted here, alongside his assertion, repeated within the context of an early anthology of essays on computer viruses, that security is a sickness rather than a cure, MacMag has since been reclaimed as authored in the pranksterish spirit of Neoism, itself a viral and nihilist movement of shifting intent and technique rising from the ashes of Dada and situationism. William Burrough’s language as virus, alongside the literature of the quine extended into the realm of mass media, stand proud within such a context. And Cramer writes of the virus, considered as a contemporary literature of the net, as a virulent example of the word made ﬂesh within the executable. A word made ﬂesh of explosive power given the sheer size of a global infrastructure dependent on the network. It’s high time to rethink not only literature but all viral matters in this light.
For the viral erupts on a vast terrain of property, ownership and thus of boundaries. It questions what it means to own hardware, who controls software and what happens as soon as we plug into a vast network of unseen possibilities, of corporate control, of spam bots, and of the viral; where the only contact with the human is through socially engineered ﬁnancial loss. Who pushes the buttons? Code or user. Who owns and is responsible for this spawning code, and where is the boundary of
individual hardware marked under a network considered by many as one vast machine with scripted web pages and remote applications paving the ﬁrst steps for a road into purely viral territory? The network, executable code and the viral are all concerned with visibility. Viruses are by their nature hidden and free software in relation to property rights is inextricably united with this domain in a battle of wildly changing frontiers, of impossible ethics and questionable
responsibilities. It may well be up to user to keep her own machine secured yet parallels with real world activity and physical law are largely inappropriate and should be left well at home in some dusty corner of aged and inappropriate metaphor. There are no doors being left open and Richard Stallman presents a good range of arguments in such a debate around the core concern of free computing. The virus presents a rich thematic embracing the historical, cultural, linguistic, and aesthetic, exposing boundaries and privacies, networks, as well as participating in the exposure offered by crash, and economies of productivity and cash.
Deﬁnitions of, and indeed the sheer difﬁculty of adequately and scientiﬁcally deﬁning, the phenomenon which is well intuited in a matter of seconds, are well rehearsed elsewhere with the key ﬁgure of Fred Cohen presiding over ceremonies. In his seminal paper dating back over twenty years to 1984 he deﬁnes the term, attributed to Len Adleman and describes how coders toiled over a “heavily loaded VAX 11/750 system running Unix” for eight hours to produce an experimental virus, for use as example
AT THE FRONTIER
Viral authors may well be operating through sheer malice or under corrupt and misguided ﬁnancial inﬂuence but truly the investigation of this magical reproduction, of the cellular in a parallel world, is an intriguing proposition. We could scarcely critique a contemporary Von Neumann investigating self-reproducing automata within the vast ﬁeld of possibilities opened up by the network.
Perpetual Self Dis/ Infecting Machine. Custom made computer infected with the virus Biennale.py
within a subsequent security seminar. A virus was thus deﬁned as “a program that can infect other programs by modifying them to include a possibly evolved copy of itself.” And it’s worth noting with reference to freedom and viral nature that Cohen himself writes that “... prevention of computer viruses may be infeasible if widespread sharing is desired...” Eugene Spafford also notes rewarding parallels between the viral and the realm of artiﬁcial life. The difference between a worm and a virus, which is interesting to dissect with regard to social engineering and free software, boils down to one of distribution, how the software reproduces and thus spreads. Originally pinned down on a sneakerled divide, with virus in the domain of the ﬂoppy and worm on newly minted net, a worm is now classiﬁed as a subset of the viral. Yet the main difference comes down to human intervention. A virus attaches to a program or ﬁle, yet cannot spread until the infected ﬁle is executed in some manner. By contrast a worm can spread between machines with no human agency other than that of its creator. Worms exist as standalone creatures with the historic Morris worm of 1988 as prime example in relation to a Unix operating system.
Yet, it’s also worth noting that the worm term has few negative connotations and was ﬁrst used to benign effect; software would occupy otherwise idle machines for useful purpose. Such research took place in the early 80s at the important Xerox Palo Alto facility on a closed network. Within the context of a global network, the power of the worm, to inundate, multiply, spread and thus clog networks, is immense.
VIRAL NATURE The evolution of the computer virus does show that healthy experiment and the same prankster spirit that is embedded within the hacker ethic so dear to the free software community lie at the origins of the computer virus
In contrast, the true virus exists thanks to an unsuspecting and ill informed user bewildered within a vast realm of hoax and deterministic GUI. Within such a world of ﬁction and simulation all is to be untrusted. At the same time, the ﬂattening enacted by the possibly unknown executable, unknown as to its code and effects, tied to a speciﬁc, and again possibly unknown, architecture deﬁnes a region haunted by the viral; viruses without notation whose effects can only be known at execution time. Thus perhaps the main reason that nearly all viruses in the wild target the Windows family lies not solely in their popularity nor in the lack of knowledge of users, but rather through the proprietary nature of OS and executables all Windows apps are
30 LinuxUser & Developer
LinuxUser & Developer
The culture of the virus
obfuscated code? On a side note it’s worth referencing a recent Underhanded C contest, inspired by the Obfuscated C affairs, which sets a challenge to write code which performs some covert function, yet which stands up to close visual scrutiny. And at the same time, most systems aren’t truly open to their very roots. The realm of the executable lies within the physical arena of hardware after all. It’s hardly surprising given the embedding of copying within hardware, that the most common computing architecture today is that designed by Von Neumann, a ﬁgure obsessed with self-replicating systems. Alongside Stanislaw Ulam, co-inventor of the hydrogen bomb, he is credited as kicking off cellular automata, building on his work with self reproducing automata comprised of three main components; a universal machine, universal constructor, and information on tape. In 1967 Robert Schrandt talks of ﬁghts between automata. The measure of control is slipping. From here we can readily jump into both Conway’s Game of Life, precursor of other viral experiments and intellectual exercises such as Core Wars, and into the viral ﬁeld of artiﬁcial life, with spawning cellular software embedded in the sandboxes of Tom Ray’s Tierra. The ghost is very much in the machine.
executable, in truly rendering executable, is the most vulnerable and most trusted component. After all even if we live in a hallowed land of totally open source code, the compiler is the only thing we only need to compile once, and which can infect all our precious source, or rather binary brethren. The mystery of the executable is well exposed here. All code is untrustworthy unless self created. At the same time, a compiler can well be considered as a virus under Cohen’s deﬁnition through being self reproducing. Though by the same deﬁnition we could also include the editor, in conjunction with, say, a shell code interpreter. Yet Cohen’s further conclusion, arguing for stronger punishment of virus authors in comparison of such acts with joyriding and physical vandalism are open to question within the context of ownership in a shifting digital economy. Just as those who refer to piracy and stealing content rely on a narrow range of metaphors identifying these with the purely physical, so the ﬁeld of the viral is not at all free from political bias. As code becomes more autonomous who can be blamed for its wayward antics?
It’s readily acknowledged that the virus was christened within ﬁction, within stories such as The Shockwave Rider in 1975, which spoke of a tapeworm bringing down a totalitarian network, and When Harley was One in 1972, and indeed occupies a realm of ﬁction, the FUD of the anti-viral industries, and simulation. It’s all about deceit on all sides. The virus was born within the closed world of simulation, as academic or hacker exercise; a world of quines, or self printing programs,
At the junction of source code and executable lies the compiler; true viral technology as identiﬁed within UNIX guru Ken Thompson’s seminal 1984 paper, entitled Reﬂections on Trusting Trust. In this Turing Award acceptance speech, he concisely relates how he modiﬁed the C compiler to insert a backdoor and further to throw his
viral, potentially. Shareware ready to wreak havoc on a speciﬁc date. It’s an environment under which freshly downloaded apps need to be x-rayed, scanned, tested and emulated by competing anti-viral apps. The viral
Life Sharing screenshots
Contemporary networked fears reﬂecting nothing more than an age-old recurring panic over promiscuity
loves the darkness of impenetrable assembly language, of unknown opcodes, and of proprietary code. Software without source code is inherently viral Yet open systems are not immune to the spawning virus. The viral is natural. Shadiness in code is always possible, and the move to obfuscation is a move to the binary. After all what is an executable if not heavily modiﬁcations into any compiler compiled using his modiﬁed version. He walks through his elegant quineled demonstration in just eight pages, yet the technological and cultural implications are vast and his conclusion packs in dubious morals. The compiler is a core viral technology enabling reproduction by way of execution. The compiler, in bridging to the of Darwin, expounding competition between self-reproducing programs, at Bell labs in 1971 and of similar Core Wars sessions a decade later. We can readily trace the rise of the computer virus within common computing culture, as coders sought to make real the promise of When Harley was One, recreating a Creeper program which copied itself across host systems. The anti-viral arms race
32 LinuxUser & Developer
The culture of the virus
was also thus started with subsequent Creeper stalking Reaper code. And within the pages of a trilogy of articles published in Scientiﬁc American in the early 70s discussing the hacker pursuit Core Wars, under which sandboxed code segments battle for CPU supremacy, we can see how readers responded to the challenge of the viral, transposing the game into the real machine world. The virus was born from a software ﬁction. And it’s easy to see how such early experiments within a closed domain, and more functional and necessary code, the early Rabbits and other animals which made sure of a clean slate for code on early mainframes by copying a singular instruction across memory, were all to eager to expand as computing accrued the encrustations of both physical and social networks. Distribution is central to the viral and it’s an easy route from ﬂoppy to network. The computer virus changes in connotation and meaning as the context shifts from academic experiment or prank to the World Wide Web where it now accrues criminal intent, with Morris worm as transition point; the worm unleashed by student Robert Morris Jr. straight out of academia. The history of this viral expansion is well repeated elsewhere and does make for interesting reading with repeated, fugal characters and themes; a family tree of virus methodologies for example with comebacks such as Linux/ADM repeating the Morris worm of ten years previous.
Robert Slade traces the roots of the term worm to the wormhole like debugging traces of rogue programs which had escaped from within their boundaries or partitions
Bliss, picked up way back in 97, wasn’t the ﬁrst virus targeting the GNU/Linux platform, that dubious position is reserved for Staog, but it was the most well commentated and ﬁrst to receive the attentions of industry, making visible the differing cultural conditions and economies which condition the viral under open as opposed to proprietary systems. The story is well related online with full correspondence between Alan Cox and others on various kernel and security newsgroups dissecting the virus and arguing over terminology as to whether it is truly viral or rather a Trojan. Some of this history is well worth repeating as a demonstration of how the anti-viral industry simply mis-judged the free software
community in lumbering into what it simply saw as a new ﬁeld ripe for exploitation. The story of Bliss also proves interesting within the somewhat comical frame of an open source, community developed virus. Indeed Bliss was much praised at the time in both showing that GNU/ Linux was now a popular platform, a false argument always given for the prevalence of Microsoft-targeted viruses, and for demonstrating that it’s wrong to run untrusted binaries as root. Bliss was ﬁrst released, as an alpha version, in 1996 and infection of a random machine was reported on the linux-security list in early 97. Major GNU player Alan Cox responded intelligently as follows, “In theory you can write a virus for any OS if the owner is dumb enough to install unchecked binaries as root.” The ﬁnger is very much pointed at the binary. Yet on the same day, the Bliss author, posted to the comp.security.unix newsgroup, exhibiting great concern that an alpha version of his code had been released the year before, though thankfully it had gone largely unnoticed. He attached an encoded binary 0.4.0 release, helpfully compiled with full “debugging verbosity on,” after issuing profuse descriptions of what the code actually does, and warning any reader not to run this tough to unscramble binary. A new version, which further commentators speculated may be under a GPL license, was mooted and the conceptual nature of the exercise can well be gleaned from the author’s assertion that little if anything is Linux-speciﬁc in the code, which can and has been ported to a range of other OSes. The point heftily underlined here being that the viral is deeply intrinsic to computation, before we even throw networks into the equation, and that viral efﬁcacy or magnitude is purely a matter of culture. Bliss makes such apparent. Far from malignant in both description and traced dissection, and even including a disinfection command line option, Bliss has an altogether different agenda than digital tagging.
in response to this one lone sighting, McAfee, leading vendor of anti-virus software, released a lengthy press release, boasting of their quick response to this major threat. Bliss, in their own words the ﬁrst virus for Linux, could now be detected and treated by McAfee’s own VirusScan for LINUX software. And again within such an extreme realm of the absurd, it’s too tempting not to repeat gems such as the following: “McAfee researchers believe that one reason this virus has begun to spread is because Linux users who are playing computer games over the Internet, such as DOOM, must play the game in the Linux’s administrator mode, which is called ‘root.’” - a response to arguments that Unix systems are difﬁcult to infect because the virus must run as privileged. The community responded adequately to what now appears a well played out farce which easily demonstrates both the anti-virus protective racket, reliant on fear and ignorance, and the foundation of such an industry on poor practise and poor software, aside from any questions of property, of doors open or doors closed. The exquisitely well documented Bliss episode illuminates a misjudged symbiosis between viral subculture and antiviral software industry in relation to free software as open code.
Life Sharing www.0100101110101101.org/home/life_ sharing Robert Slade sun.soci.niu.edu/~rslade/rms.htm Fred Cohen www.all.net/books/virus/part5.html Morris Worm: world.std.com/~franl/worm.html Tierra www.his.atr.jp/~ray/tierra Reﬂections on Trusting Trust www.acm.org/classics/sep95 Core Wars www.koth.org Unix Virus Bibliography www.users.qwest.net/~eballen1/virefs.html Bliss math-www.uni-paderborn.de/~axel/bliss Neoism www.neoism.net Biennale.py www.0100101110101101.org/home/biennale_ py/index.html MacMag www.neoism.net/macmag_virus_-_history_ of_computer_viruses_1.html
HELP HELP? HAH! READ THE SOURCE!
Enter McAfee. Again, on the very same day, the 5th of February, and
34 LinuxUser & Developer
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.