More than just an Antivirus, p.1: When and why antiviruses appeared

Is it still correct to use the term “antivirus?” Cybersecurity today is much more than just antiviruses; still essential, but alone it is no longer enough.

From time to time, this discussion gets reignited: Is it still correct to use the term “antivirus?” Does it still make any sense to call a security solution an “antivirus,” or we should take a shovel and bury it in the salt. Going ahead, we are by no means burying it. Cybersecurity today is much more than just antiviruses, even though these two terms used to be synonymous. Antivirus is still essential, a base, but alone it is no longer enough.

By inertia

The general public and businesses still use the word “antivirus” to describe any kind of security solution. And there are a few reasons for this. The first is, of course, inertia. For many years “an antivirus” and “a security solution” were totally synonymous. And while today the security vendors are well aware that their products are much more than just an antivirus, the public may not know it (or may not care). And the word lives on.

The second reason is the fact that “an antivirus” has fewer syllables than “a security solution.” People cling to the “antivirus” word for their comfort, which generates a lot of uncomfortable confusion afterwards. There is an antivirus, which is alive and kicking, contrary to popular opinion; but besides that there are many other tools created to counter modern threats. And as such a threat, the viruses per se are currently the tip of the iceberg.

While clients have gotten used to calling the security vendors “antivirus companies”, they may be well aware that “antivirus” is not enough today. And the security vendors have to explain to their clients (every time) that they actually provide an antivirus and so much more.

That’s why this post is here. We’d like to dust off some long-standing terms so that there is less confusion. We’d rather discourage users from calling modern security solutions “antiviruses,” altogether, but for the reasons mentioned above, the word has stuck.

What is an antivirus?

Strictly speaking, an antivirus is a program written with a specific purpose: to neutralize other malicious programs written to inflict harm. The term “computer virus” itself was coined in early 1980s after Jürgen Kraus wrote his diploma thesis “Self-reproduction of programs” at the University of Dortmund. In this work, Kraus mentioned that computer programs can behave in a way similar to biological viruses.

The term got fixed after 1984 when Fred Cohen from the University of Southern California wrote his paper “Computer Viruses – Theory and Experiments”, where the experimental program was called “a virus” (as introduced by Cohen’s mentor Leonard Adleman).

In fact, by that time, self-replicating programs already existed, with theoretical work done as early as 1949. At that time John von Neumann at the University of Illinois gave lectures about the “Theory and Organization of Complicated Automata”, and later published a work “Theory of self-reproducing automata” wherein he had actually described a self-reproducing program – the first “computer virus”.

Then in 1970 there was Creeper, an experimental virus for DEC PDP-10 computers. It was infecting machines running the TENEX operating system connected to ARPANET. It copied itself to the remote system and displayed a message there: “I’m the creeper, catch me if you can!”

And here, ladies and gentlemen, we welcomed the program called Reaper, written with the sole purpose of eradicating Creeper. The first antivirus, it was a program designed to remove an undesirable software.

Creeper was harmless, but its multiple self-replicating successors were not: By the end of the 1980s, they were a source of very serious threats, as the computer viruses deleted data, trashed entire disks and floppies, and, living up to its name, they were spread via removable media (floppy disks at that time). Then the Internet arrived and viruses received a new way of fast distribution, which in part led to their further evolution. But even ahead of that, viruses became a problem that required counter-action.

Eugene Kaspersky started working on antivirus software in the late 1980s, producing AVP 1.0 in 1992 – the product that eventually evolved into Kaspersky Anti-Virus.

The need for a shield

It would be safe to assume that an attack tool comes first, protective measures second. Humanity first invented a sharp-edged stone attached to a long stick and only much later found out about shields, etc.

An antivirus initially was a “reactive” tool, with a purpose to clean up the virus from the system, restoring it to normal, if possible.

Early antivirus packages worked strictly by the code signatures of the viruses, which meant they were supposed to be intercepted and analyzed by antivirus developers, then the data is added to the antivirus bases, and those are distributed this or that way (over the Internet, once it arrived) to the end users and businesses.

The Internet has changed a lot: not only has it opened the way for virus epidemics (with self-propagating worms), to a degree it has also increased the speed of malware evolution. Soon it was not just viruses or worms; and so the necessity for an antivirus to grow into something more had become apparent too.

Does “growing into something more” mean that the antivirus itself becomes obsolete and dies out? Nope. But this will be covered in the next post of the series. Stay tuned!

Tips