In November 1984, Fred Cohen, an electrical engineering student from USC, performed an experiment for a weekly seminar on computer security. It took Cohen eight hours to develop a new program called 'vd" which displayed Unix file structures graphically. He provided the program on a Unix system bulletin board and once programmers downloaded it to their system, Cohen was able to acquire, without the knowledge of the users, the system rights to their machines. After the success of the experiment on the Unix system, it became apparent that the same techniques would work on many other systems.
Len Adleman, a colleague of Cohen, called the new technique a 'virus."
From the experiment, Cohen concluded, 'Viral attacks appear to be easy to develop in a very short time, can be designed to leave few if any traces in most current systems, are effective against modern security policies for multilevel usage, and require only minimal expertise to implement." Cohen was right. Three years later, the first PC virus, known as Brain, was written in Pakistan and ushered in a new age of economic terrorism. It is estimated that between 2001-2003, PC viruses cost businesses 98 billion dollars.
Computer viruses provide a model for the interconnection between an inherent trait of human nature (malevolence) and newly harnessed biological concept (self-replication). Viruses have no purpose other than destruction and require for their creation nothing more than a programmer with a malicious intent. Considering the fact that there are over 60,000 such viruses in existence, there appears to be no lack of would-be evil geniuses ready to unleash their monsters on the world.
But what gives the programs their power is their ability to self-replicate. The viruses not only infect a computer or a system but have the ability to recreate themselves in order to infect others. This provides an exponential increase in their destructive impact. Self-replication has an incredible power that, once unleashed, is nearly impossible to control. When unleashed in the form of a computer virus the power can bring computer systems to a grinding halt, causing significant expense and reductions in productivity. But what will happen when self-replication is combined with other forms of technology? As Sun Microsystems cofounder Bill Joy wrote almost four years ago*:
Accustomed to living with almost routine scientific breakthroughs, we have yet to come to terms with the fact that the most compelling 21st-century technologies - robotics, genetic engineering, and nanotechnology - pose a different threat than the technologies that have come before. Specifically, robots, engineered organisms, and nanobots share a dangerous amplifying factor: They can self-replicate. A bomb is blown up only once - but one bot can become many, and quickly get out of control.
Much of my work over the past 25 years has been on computer networking, where the sending and receiving of messages creates the opportunity for out-of-control replication. But while replication in a computer or a computer network can be a nuisance, at worst it disables a machine or takes down a network or network service. Uncontrolled self-replication in these newer technologies runs a much greater risk: a risk of substantial damage in the physical world.
What was different in the 20th century? Certainly, the technologies underlying the weapons of mass destruction (WMD) - nuclear, biological, and chemical (NBC) - were powerful, and the weapons an enormous threat. But building nuclear weapons required, at least for a time, access to both rare - indeed, effectively unavailable - raw materials and highly protected information; biological and chemical weapons programs also tended to require large-scale activities.
…
The 21st-century technologies - genetics, nanotechnology, and robotics (GNR) - are so powerful that they can spawn whole new classes of accidents and abuses. Most dangerously, for the first time, these accidents and abuses are widely within the reach of individuals or small groups. They will not require large facilities or rare raw materials. Knowledge alone will enable the use of them.
Thus we have the possibility not just of weapons of mass destruction but of knowledge-enabled mass destruction (KMD), this destructiveness hugely amplified by the power of self-replication.
At the time the article was written it would have been easy to dismiss Joy as a Cassandra ranting against technological progress. After 9/11, though, ignoring such claims as the musings of a Luddite are both dangerous and naïve. Though we are unlikely to give up our idol of technological progress we can at least prepare for the inevitable unintended consequences that will emerge. Such exercises in foresight, however, should not lead us to despair. As Italian revolutionary Antonio Gramsci said, 'I'm a pessimist because of intelligence, but an optimist because of will." We also must have the courage to face the truth about the future while never losing the will to change it for the better.
Next we’ll examine how the self-replication and the synthetic biology revolution may pose a greater threat than nuclear weapons.
*Link via: Daniel McConchie
Sounds kind of like hope for the best and be prepared for the worst, like any good boy scout will be.
Technically, that was a trojan horse, not a virus.
BTW, I run Linux, I am (still, presently) immune from virii. If companies were to dump criminal Microsoft, they would be performing due diligence against both massive insecurity, instability on the server platform, virii (etc.) and cost on behalf of their clients and stock-holders. Linux and BSD would be good, free (as in beer) choices.
I know of a major research hospital that insists on using IIS and XP resulting not only in higher costs, but has also had a negative impact on patient care.
Granted that if Linux and free BSDs were heavily adopted, there would be attempts at virii, worms and trojan horses. But the inherent nature of UNIX -based OS's is that if permissions are set up correctly (and this is nearly always the default installation), they can do very little damage.
When I read what Bill Joy wrote four years ago in Wired, I thought then what's been confirmed for me in subsequent Bill Joy comments. Although I'm sure there's a seed of truth to what he says that shouldn't be ignored, I find his comments to be a curious mixture of endless hand-wringing and intellectual arrogance.
Yes - there are some implications to what he says but I don't expect computers to become "self-aware" and start wreaking havoc on the universe any time soon. (either with or without the help of would be terrorists.)
-Jim.
PS: I run linux too and I generally think Bill Gates and his minions are evil. :)