Virus-L


I already mentioned that, when I was interning at IBM, I had access to the company’s worldwide network. That network wasn’t the internet, nor did it use the same systems or protocols: it was a proprietary network, based on mainframes and on the standards IBM had defined during the ’70s and ’80s. Even so, there were connection points between that network and the internet, used to exchange information.

It was through that network that I got in touch with other people inside IBM interested in computer viruses, including researchers in the field. From those exchanges, I discovered the most important mailing list on the topic at the time: Virus-L. It was a mailing list that brought together the leading antivirus researchers and companies in the world. It was not a place for sharing samples — no viruses going around there, only conversations and analyses.

At IBM, it was possible to access the Virus-L digest. There was a service that pulled the digests directly from the internet and distributed them internally to anyone who subscribed. So during all my time at IBM, I could follow the discussions, download the messages, save them on floppies, and take them home.

That list, with the quality and caliber of the people involved, was an incredible source of learning. The antivirus world was still young: few companies, few researchers, and many open questions. With a bit of effort, it was possible to follow even the more “advanced” discussions of the time. Maybe not in depth, but enough to understand the direction the field was heading. To give you a sense: we’re talking about 1991, and the first commercial antivirus, McAfee, had been released in 1987.

Among the most active participants were figures who would become legendary. One of them was Fridrik Skúlason himself (the “Frisk” I mentioned earlier, developer of F-Prot. Another big name was Vesselin Bontchev, a Bulgarian researcher who, at the time, was associated with the Virus Test Center at the University of Hamburg. He had recently published an article explaining the social and economic conditions that led countries like Bulgaria and Russia to become major producers of computer viruses. His theory combined highly qualified labor, few job opportunities, low wages, and a healthy dose of boredom.

In the Virus-L discussions, the name Fred Cohen also came up frequently. I didn’t know much about him at the time, but he is the researcher who defined the term “computer virus.” Cohen’s 1984 paper is considered the founding milestone of the field. To get a sense of how recent all this was: in 1984 the concept was defined, in 1987 the first antivirus appeared, in 1988 the list started up, and in 1991 there I was, reading all of this on Virus-L.

The most interesting thing about Cohen’s theory (something I only really understood after many years of studying Computer Science) is that he proved, based on the concept of Turing machines, that it is impossible for a program to exist that detects every possible virus. In slightly more formal terms, the problem of detecting any and all viruses is undecidable (cannot be decided by a computer that is modelled as a Turing Machine). It’s an intriguing idea, one that still fascinates me. Deep down, it defines cybersecurity as an endless struggle, an effort of containment rather than eradication. It was maybe the first time I came across that kind of negative determinism. Anyone who works in security knows: there’s a lot of Sisyphus in our trade, pushing the rock up the mountain knowing it will always roll back down.

When my internship ended, I lost access to Virus-L, since I no longer had access to IBM’s network or the internet. Luckily, the following year I started university, and there was internet access there, so I was only disconnected for a few months.

Virus-L was also an excellent source on the antivirus products available at the time and their updates, as well as behind-the-scenes stories from the community. It was through it that I got to know names like McAfee, Dr. Solomon’s Antivirus, and the already familiar F-Prot and IBM Antivirus.

One of the more curious stories was actually about John McAfee himself. Today we know he was an eccentric figure, to put it mildly, but back then Silicon Valley stories didn’t make it so easily into magazines and newspapers. I discovered through the list that, around 1985, before founding the antivirus company, McAfee had created an “AIDS testing club.” It was the height of the AIDS epidemic, with no effective treatment, and the disease dominated headlines and the collective imagination. The club charged a small fee and issued a little card proving the bearer had been tested and received a negative result.

Virus-L was, without a doubt, my first contact with the state of the art in cybersecurity. And it was one of the great influences on the journey through my academic experience and my choice of career.

Next: From 1992 to 1996 › Chapter 9.
Internet without Web
Previous: From 1992 to 1996 › Chapter 7.
The Dark Side