While computer science had theorized self-replicating computer programs since the late 1940s, it was only in 1971 that the first virus, called Creeper, was created.
Creeper did not do any particular harm; it could only display a message. The second computer virus in existence, dubbed Reaper, was created with the sole purpose of destroying Creeper.
It was another 15 years of mostly harmless and experimental viruses before Brain was born. Brain was a virus written by two Pakistani brothers in 1986, intended to track pirated copies of their heart-monitoring program. Things escalated quickly and Brain spread to many more machines than anticipated. The writers released the virus with no malicious intent. Indeed, they even included their names, address, and phone numbers in the software.
The Morris Worm was the first computer virus
Just two years later, in November 1988, the first virus spread across the Internet. The writer, Robert Tappan Morris, did not intend harm either, but that didn’t protect him from being the first person convicted under the new 1986 Computer Fraud and Abuse Act.
Though the Morris Worm was not built to create damage, a few programming errors allowed it to disable over 6,000 computers in just a few hours — around 10% of the size of the Internet at the time. It’s estimated the worm caused between 100 thousand and 10 million USD in damages. The irony is that we know the scale of the attack because of the Morris worm, as the virus was created to calculate the size of the Internet.
The Morris worm was a wake-up call for many, and it helped kickstart the emerging antivirus industry. John McAfee founded the eponymous company that made him famous in 1987, and more antivirus companies emerged shortly after; in 1988, Avira was founded in Germany by Tjark Auerbach. Then, later the same year, Pavel Baudiš and Eduard Kučera created avast! in the Czech Republic. Just a couple of years later, In 1991, Norton Antiviruswas founded in the United States.
How antivirus programs work
Antivirus programs typically work by maintaining a list of all known viruses. Every digital file can be identified by what is called a hash and each hash uniquely represents a known virus.
Hashes are always only a few characters long, no matter how large the file is, and they can be calculated relatively easily. This makes it possible to store many such hashes in a downloadable database.
The hash approach worked particularly well when there were only a limited number of viruses. AV-Test, one of the popular maintainers of such databases, reported in 1994 to have just over 28,000 viruses on file. By 1999, that number was close to 100,000.
Despite slow beginnings, the number of viruses started growing exponentially. By 2014, there were 37 million virus hashes, just a year later there were 64 million. That’s an increase of over 70,000 per day.
Viruses have become largely polymorphic, which means they behave like a biological organism and will mutate slightly each time it replicates. While the essential function of the virus will stay intact, it can no longer be identified uniquely by its hash.
Because of these mutations, Antivirus programs also monitor the behavior of software in general. Unfortunately, it becomes tough to separate the behavior of a legitimate application from an illegitimate one, as no programming functions can be uniquely attributed to viruses. As a result, Antivirus programs either tend to miss threats or detect false positives.
Frequent false positives can easily train a user to quickly approve a potential threat found by the antivirus software, a bit like the boy who cried wolf.
‘Allow all’ antivirus became ‘deny all’ browsers
Modern operating systems and browsers are built with polymorphic viruses in mind. While the old security model often evolved around a philosophy of ‘allow all, then add exceptions,’ today’s applications and systems are built to deny everything until the user specifically allows it.
Threats such as viruses and hacking attempts have become so numerous that even antivirus dictionaries with millions of entries will likely miss some, and viruses evolve so quickly that no iterations are the same.
The best ways to keep your system safe
A backed up, and up-to-date operating system is the forefront of defense against unwanted code running on your computer.
1. Keep your system up to date
Any threat to your system will look to find little bugs and loopholes to exploit. While bugs are not particularly rare, they are usually patched fast enough to stop the vulnerabilities becoming a large scale security issue.
It’s important to keep your phone, your computer, and all apps and programs running on them, up to date too, to defend against malware. This can sometimes be tiresome, but it is the most important thing to keep you safe.
2. Make regular backups
Even if you keep your system up to date, there is still a tiny chance that you will be infected with a virus. There are constant new threats that have yet to be analyzed and discovered and potentially even ones specifically targeting you. It is not likely that your Antivirus will be able to defend you against all such threats.
Make regular backups of all your data and keep them on a separate drive, ideally unplugging the drive after you make the backup. This will allow you to start quickly again with a fresh installation of your operating system, often the only guaranteed way to get rid of a virus.
Does a VPN protect me against viruses?
While a VPN makes it impossible for your local Internet Service Provider or Wi-FI provider to inject malicious code into your browsing sessions, a VPN does not protect you against viruses by itself.
Even when using a VPN, you still need to be careful with email attachments and downloads. You should never open files with suspicious formats such as .exe, .jar or .js, and only open files from sources that you trust. When in doubt about an attachment from a trusted contact, try reaching out to them through a separate channel to verify the authenticity of their message.
Yes, you should still run antivirus software
There is no harm in running an antivirus program, as long as it is only one (two such programs will very likely interfere with each other).
Running an antivirus program largely helps protect those around you with unpatched and outdated systems, and it makes sure you do not inadvertently spread virus corrupted files, even when they cannot infect your computer.
Antivirus can also help you identify threats that are buried deep in your backups or other files. Even if they cannot infect your updated computer, you probably don’t want them on your system.
This article was originally written by Lexie and the original article can be found here on the conversation.