Вы находитесь на странице: 1из 4
The culture of the virus The anti-viral industries are engaged in a battle against the

The culture of the virus

The anti-viral industries are engaged in a battle against the natural. Self reproduction is embedded deep within the technology of computation and by default its history and culture. Martin Howse sieves out the viral seed under both open and closed coding models

AGAINST NATURE The culture of the virus
AGAINST NATURE
The culture of the virus

28 LinuxUser & Developer

The culture of the virus 28 LinuxUser & Developer F ree software exposes code and illuminates

F ree software exposes code and illuminates context, shedding a wide light on technologies and extruded economies, rewriting histories and creating a meaningful culture. In the field of the viral episodes such as the Bliss affair, in which free

software rubbed shoulders with the anti-viral industry, exposing hype and deception, prove particularly illuminating. Free software also provides a handy lens with which to view both code and its culture as inherently viral. And of course the GPL as virus is a common theme kicked off by Microsoft and subsequently embraced by both the Free Software movement and its opponents, yet there can little doubt of its concrete viral nature in reproducing a license text file across thousands of software directories and which implicates subsequent code releases. Though implying damaged nature, with roots in Latin referring to poison and venom, the viral can well be viewed as benign in this light - and the evolution of the computer virus does show that healthy experiment and the same prankster spirit that is embedded within the hacker ethic so dear to the free software community lie at the origins of the computer virus. Such histories need to be teased out and contrasted against the tedious contemporary machinations of script kiddies and the like unknowingly implicated within vast machinations set in motion by morphing executables and resulting in escalating security measures eroding the freedoms of the user. After all, DRM and trusted

The culture of the virus

user. After all, DRM and trusted The culture of the virus At the same time, viral

At the same time, viral technologies could readily be explored and exploited within an open context and under the heading of a new notion of promiscuous computing. One example within contemporary aesthetics is the project ‘Life Sharing’ from 0100101110101101.ORG which opens up all the artist’s machines for free access. Parallels abound with the totally open and password free ITS or Incompatible Time Sharing system which pioneer hackers such as Richard Stallman used back in the day at MIT. The link to free software is both historic and essential. Computer viruses can readily be viewed in this openly reproductive light, with contemporary networked fears reflecting nothing more than an age-old recurring panic over promiscuity. It’s now a question of electronics, of the free exchange and flow of information, and it’s interesting to note that headline searches under google for the term promiscuous reveal no salacious details, rather affording somewhat dry coverage of a mode for wireless

The viral, as obfuscated and self reproducing executable segment, exists in strange relation to open code

computing initiatives can guarantee and manage both content and executable. And it’s worth noting that free software participates little, other than on the side of prevention with apps such as ClamAV, in the spawning mass of viral nature. That’s very much a proprietary affair, which is not to say that viruses cannot be written to run on GNU/Linux. Examples exist, yet there can be little doubt that the viral, as obfuscated and self reproducing executable segment, exists in strange relation to open code.

LIFE SHARING

From humble and inauspicious beginnings rooted within academic recreation and imaginative fiction, the culture of the computer virus has exploded to embrace hardcore scientific research, forensics, serious networked security issues and an expanding and highly questionable underground movement with increasingly opaque motivations. The symbiotic relationship between the virus detection, and protection industries and this burgeoning and highly explosive subculture proves a highly rewarding area for further study, with both parties locked in cold war style escalations little assisted by industry hyperbole.

devices under which the card will receive and share in all network traffic. The intended recipient, the trusted and known partner, is irrelevant. Promiscuous computing, in common with efforts such as the GNU/ Hurd which attempt to wrestle control from the hands of a privileged and monolithic kernel, is all about freedom, addressing the segregation of functionalities at the stacked levels of network, user and code or process. Talk of segmentation in the kernel source code and within CPU design is talk of segregation. And Robert Slade traces the roots of the term worm to the wormhole like debugging traces of rogue programs which had escaped from within their boundaries or partitions. Sacrificing banal functionality in favour of open experiment are the watchwords of a move towards promiscuous computing which recognises that code and kernel policy are political matters.

LinuxUser & Developer 29

The culture of the virus SOCIAL SOFTWARE At a reductive level it would appear that

The culture of the virus

SOCIAL SOFTWARE

At a reductive level it would appear that the multi-million pound anti-virus industry exists solely thanks to the

efforts of a rather unhealthy gaggle of rebellious teenagers. If we can compare virus writing to say tagging

Biennale.py source code

compare virus writing to say tagging Biennale.py source code it appears as a pretty lucrative paint
it appears as a pretty lucrative paint removal business. Yet though easily and perhaps correctly
it appears as a pretty lucrative paint
removal business. Yet though easily
and perhaps correctly viewed as
digital vandalism, in common with
graffiti, it is also a culture and has
rarely been viewed from such a
perspective. Parallelling the
contemporary histrionic rise of
scamming, phishing and spamming
the viral also enters economy at
another serious level other than that
of Symantec and co. Writers are
beginning to ply their trade for hard
cash. And at the same time cunning
technology is being replaced by
embedded and heftily remote social
engineering. The virus can now be
viewed as social software running on
the insecure OS of misinformation.
Yet rather than attacking virus
authors from the sheer perspective of
supposed and inflicted damages, it’s
easy to prove from both technological
and cultural perspectives that the
virus is as natural to computation as it
is
to our own bodies and cells. The
to computation as it is to our own bodies and cells. The viral, by way fo

viral, by way fo Joseph Von Neumann and cellular automata, is embedded within the history of computation, and within core technologies. Nearly all computation involves replication, with software copied across media, disk, memory and processor cache. And the compiler is totally implicated within the viral scene. In both human and machine instances a virus is of course seriously harmful but it does pay to consider the wider context free from hot blooded assumption. The virus shares much with other contemporary demons with the war on terrorism presenting another battle against an ill specified, largely invisible and in some cases fictional target laden with emotion and politics.

AT THE FRONTIER

For the viral erupts on a vast terrain of property, ownership and thus of boundaries.
For the viral erupts on a vast terrain
of property, ownership and thus of
boundaries. It questions what it
means to own hardware, who
controls software and what happens
as soon as we plug into a vast
network of unseen possibilities, of
corporate control, of spam bots, and
of the viral; where the only contact
with the human is through socially
engineered financial loss. Who pushes
the buttons? Code or user. Who owns
and is responsible for this spawning
code, and where is the boundary of

individual hardware marked under a network considered by many as one vast machine with scripted web pages and remote applications paving the first steps for a road into purely viral territory? The network, executable code and the viral are all concerned with visibility. Viruses are by their nature hidden and free software in relation to property rights is inextricably united with this domain in a battle of wildly changing frontiers, of impossible ethics and questionable

changing frontiers, of impossible ethics and questionable Viral authors may well be operating through sheer malice

Viral authors may well be operating through sheer malice or under corrupt and misguided financial influence but truly the investigation of this magical reproduction, of the cellular in a parallel world, is an intriguing

 

proposition. We could scarcely critique

Perpetual Self Dis/ Infecting Machine.

a

contemporary Von Neumann

Custom made

investigating self-reproducing automata within the vast field of possibilities opened up by the network.

computer infected with the virus Biennale.py

30 LinuxUser & Developer

The culture of the virus

30 LinuxUser & Developer The culture of the virus WORD MADE FLESH In throwing the spotlight
WORD MADE FLESH In throwing the spotlight on a tight knit of fiction, economics, culture,
WORD MADE FLESH
In throwing the spotlight on a tight knit of fiction,
economics, culture, community and code, Bliss could easily
be regarded within the frame of contemporary aesthetics,
which often attempt such feats but rarely succeed. One
decent example, again prompting panic amongst the
uninitiated and amply demonstrating how taboo the topic
of the viral, except from the supposedly scientific viewpoint
of the heatedly anti-viral, is the biennale.py work fake virus
distributed in textual form on T-shirts by hardcore artist
group 0100101110101101.ORG. With source code making
textual reference to sexual promiscuity by way of a party
variable and fornicate function amongst others, biennale.py
neatly wraps up viral issues of responsibility and distribution.
It’s enough to mention the words artist and virus in the
same breath to cause the very heat death of unknowing
media. That biennale.py was largely a hoax, and parallels
with the T-shirt distribution of DeCSS source, make of it a
neat conceit.
Yet, biennale.py was by no means the first of such viral-
occupied artistic pranks. In the eyes of net art critics such as
Tilman Baumgartel and Florian Cramer, the MacMag virus,
itself one of the first to attack a personal computer, pipped
it to the post by a good 13 years. MacMag was distributed
as a HyperCard file, which when opened installed an
extension which would cause the machine to display a
cheesy new age style message on startup. MacMag was
reproductive, spreading by way of exchanged system disks
and the author, or rather commissioner of code, publisher of
Montreal-based MacMag
magazine Richard Brandow was
eager to claim responsibility. He
claimed alternately that the value
of the virus lay in its message
promoting world peace, and that, in the
words of Slade “he wanted to make a
statement about piracy and copying of
computer programs.” Stallman’s
attitude to such issues could easily
be inserted here, alongside his
assertion, repeated within the context
of an early anthology of essays on
computer viruses, that security is a sickness rather
than a cure,
MacMag has since been reclaimed as authored in
the pranksterish spirit of Neoism, itself a viral and
nihilist movement of shifting intent and technique
rising from the ashes of Dada and situationism.
William Burrough’s language as virus, alongside the
literature of the quine extended into the realm of mass
media, stand proud within such a context.
And Cramer writes of the virus, considered as a
contemporary literature of the net, as a virulent example of
the word made flesh within the executable. A word made
flesh of explosive power given the sheer size of a global
infrastructure dependent on the network. It’s high time to
rethink not only literature but all viral matters in this light.

responsibilities. It may well be up to user to keep her own machine secured yet parallels with real world activity and physical law are largely inappropriate and should be left well at home in some dusty corner of aged and inappropriate metaphor. There are no doors being left open and Richard Stallman presents a good range of arguments in such a debate around the core concern of free computing. The virus presents a rich thematic embracing the historical, cultural, linguistic, and aesthetic, exposing boundaries and privacies, networks, as well as participating in the exposure offered by crash, and economies of productivity and cash.

WORM HOLES

Definitions of, and indeed the sheer difficulty of adequately and scientifically defining, the phenomenon which is well intuited in a matter of seconds, are well rehearsed elsewhere with the key figure of Fred Cohen presiding over ceremonies. In his seminal paper dating back over twenty years to 1984 he defines the term, attributed to Len Adleman and describes how coders toiled over a “heavily loaded VAX 11/750 system running Unix” for eight hours to produce an experimental virus, for use as example

within a subsequent security seminar. A virus was thus defined as “a program that can infect other programs by modifying them to include a possibly evolved copy of itself.” And it’s worth noting with reference to freedom and viral nature that Cohen himself writes that “ prevention of computer viruses may be infeasible if widespread sharing is ”

desired

rewarding parallels between the viral and the realm of artificial life. The difference between a worm and a virus, which is interesting to dissect with regard to social engineering and free software, boils down to one of distribution, how the software reproduces and thus spreads. Originally pinned down on a sneaker- led divide, with virus in the domain of the floppy and worm on newly minted net, a worm is now classified as a subset of the viral. Yet the main difference comes down to human intervention. A virus attaches to a program or file, yet cannot spread until the infected file is executed in some manner. By contrast a worm can spread between machines with no human agency other than that of its creator. Worms exist as standalone creatures with the historic Morris worm of 1988 as prime example in relation to a Unix operating system.

Eugene Spafford also notes

Yet, it’s also worth noting that the worm term has few negative connotations and was first used to benign effect; software would occupy otherwise idle machines for useful purpose. Such research took place in the early 80s at the important Xerox Palo Alto facility on a closed network. Within the context of a global network, the power of the worm, to inundate, multiply, spread and thus clog networks, is immense.

The evolution of the computer virus does show that healthy experiment and the same prankster spirit that is embedded within the hacker ethic so dear to the free software community lie at the origins of the computer virus

VIRAL NATURE

In contrast, the true virus exists thanks to an unsuspecting and ill informed user bewildered within a vast realm of hoax and deterministic GUI. Within such a world of fiction and simulation all is to be untrusted. At the same time, the flattening enacted by the possibly unknown executable, unknown as to its code and effects, tied to a specific, and again possibly unknown, architecture defines a region haunted by the viral; viruses without notation whose effects can only be known at execution time. Thus perhaps the main reason that nearly all viruses in the wild target the Windows family lies not solely in their popularity nor in the lack of knowledge of users, but rather through the proprietary nature of OS and executables all Windows apps are

LinuxUser & Developer 31

The culture of the virus viral, potentially. Shareware ready to wreak havoc on a specific

The culture of the virus

The culture of the virus viral, potentially. Shareware ready to wreak havoc on a specific date.

viral, potentially. Shareware ready to wreak havoc on a specific date. It’s an environment under which freshly downloaded apps need to be x-rayed, scanned, tested and emulated by competing anti-viral apps. The viral

Life Sharing - screenshots

obfuscated code? On a side note it’s worth referencing a recent Underhanded C contest, inspired by the Obfuscated C affairs, which sets a challenge to write code which performs some covert function, yet which stands up to close visual scrutiny. And at the same time, most systems aren’t truly open to their very roots. The realm of the executable lies within the physical arena of hardware after all. It’s hardly surprising given the embedding of copying within hardware, that the most common computing architecture today is that designed by Von Neumann, a figure obsessed with self-replicating systems. Alongside Stanislaw Ulam, co-inventor of the hydrogen bomb, he is credited as kicking off cellular automata, building on his work with self reproducing automata comprised of three main components; a universal machine, universal constructor, and information on tape. In 1967 Robert Schrandt talks of fights between automata. The measure of control is slipping. From here we can readily jump into both Conway’s Game of Life, precursor of other viral experiments and intellectual exercises such as Core Wars, and into the viral field of artificial life, with spawning cellular software embedded in the sandboxes of Tom Ray’s Tierra. The ghost is very much in the machine.

THE JOYRIDE

At the junction of source code and executable lies the compiler; true viral technology as identified within UNIX guru Ken Thompson’s seminal 1984 paper, entitled Reflections on Trusting Trust. In this Turing Award acceptance speech, he concisely relates how he modified the C compiler to insert a backdoor and further to throw his

executable, in truly rendering executable, is the most vulnerable and most trusted component. After all even if we live in a hallowed land of totally open source code, the compiler is the only thing we only need to compile once, and which can infect all our precious source, or rather binary brethren. The mystery of the executable is well exposed here. All code is untrustworthy unless self created. At the same time, a compiler can well be considered as a virus under Cohen’s definition through being self reproducing. Though by the same definition we could also include the editor, in conjunction with, say, a shell code interpreter. Yet Cohen’s further conclusion, arguing for stronger punishment of virus authors in comparison of such acts with joyriding and physical vandalism are open to question within the context of ownership in a shifting digital economy. Just as those who refer to piracy and stealing content rely on a narrow range of metaphors identifying these with the purely physical, so the field of the viral is not at all free from political bias. As code becomes more autonomous who can be blamed for its wayward antics?

VIRAL CULTURE

It’s readily acknowledged that the virus was christened within fiction, within stories such as The Shockwave Rider in 1975, which spoke of a tapeworm bringing down a totalitarian network, and When Harley was One in 1972, and indeed occupies a realm of fiction, the FUD of the anti-viral industries, and simulation. It’s all about deceit on all sides. The virus was born within the closed world of simulation, as academic or hacker exercise; a world of quines, or self printing programs,

Contemporary networked fears reflecting nothing more than an age-old recurring panic over promiscuity

loves the darkness of impenetrable assembly language, of unknown opcodes, and of proprietary code. Software without source code is inherently viral Yet open systems are not immune to the spawning virus. The viral is natural. Shadiness in code is always possible, and the move to obfuscation is a move to the binary. After all what is an executable if not heavily

32 LinuxUser & Developer

modifications into any compiler compiled using his modified version. He walks through his elegant quine- led demonstration in just eight pages, yet the technological and cultural implications are vast and his conclusion packs in dubious morals. The compiler is a core viral technology enabling reproduction by way of execution. The compiler, in bridging to the

of Darwin, expounding competition between self-reproducing programs, at Bell labs in 1971 and of similar Core Wars sessions a decade later. We can readily trace the rise of the computer virus within common computing culture, as coders sought to make real the promise of When Harley was One, recreating a Creeper program which copied itself across host systems. The anti-viral arms race

The culture of the virus was also thus started with subsequent Creeper stalking Reaper code.

The culture of the virus

was also thus started with subsequent Creeper stalking Reaper code. And within the pages of a trilogy of articles published in Scientific American in the early 70s discussing the hacker pursuit Core Wars, under which sandboxed code segments battle for CPU supremacy, we can see how readers responded to the challenge of the viral, transposing the game into the real machine world. The virus was born from a software fiction. And it’s easy to see how such early experiments within a closed domain, and more functional and necessary code, the early Rabbits and other animals which made sure of a clean slate for code on early mainframes by copying a singular instruction across memory, were all to eager to expand as computing accrued the encrustations of both physical and social networks. Distribution is central to the viral and it’s an easy route from floppy to network. The computer virus changes in connotation and meaning as the context shifts from academic experiment or prank to the World Wide Web where it now accrues criminal intent, with Morris worm as transition point; the worm unleashed by student Robert Morris Jr. straight out of academia. The history of this viral expansion is well repeated elsewhere and does make for interesting reading with repeated, fugal characters and themes; a family tree of virus methodologies for example with comebacks such as Linux/ADM repeating the Morris worm of ten years previous.

SISTER BLISS

Bliss, picked up way back in 97, wasn’t the first virus targeting the GNU/Linux platform, that dubious position is reserved for Staog, but it was the most well commentated and first to receive the attentions of industry, making visible the differing cultural conditions and economies which condition the viral under open as opposed to proprietary systems. The story is well related online with full correspondence between Alan Cox and others on various kernel and security newsgroups dissecting the virus and arguing over terminology as to whether it is truly viral or rather a Trojan. Some of this history is well worth repeating as a demonstration of how the anti-viral industry simply mis-judged the free software

Robert Slade traces the roots of the term worm to the wormhole like debugging traces of rogue programs which had escaped from within their boundaries or partitions

community in lumbering into what

it simply saw as a new field ripe for

exploitation. The story of Bliss also proves interesting within the somewhat comical frame of an open source, community developed virus. Indeed Bliss was much praised at the time in both showing that GNU/ Linux was now a popular platform, a false argument always given for the prevalence of Microsoft-targeted viruses, and for demonstrating that it’s wrong to run untrusted binaries as root. Bliss was first released, as an alpha version, in 1996 and infection of a random machine was reported on the linux-security list in early 97. Major GNU player Alan Cox responded intelligently as follows, “In theory you can write a virus for any OS if the owner is dumb enough to install unchecked binaries as root.” The finger is very much pointed at the binary. Yet on the same day, the Bliss author, posted to the comp.security.unix newsgroup, exhibiting great concern that an alpha version of his code had been released the year before, though thankfully it had gone largely unnoticed. He attached an encoded binary 0.4.0 release, helpfully compiled with full “debugging verbosity on,” after issuing profuse descriptions of what the code actually does, and warning any reader not to run this tough to unscramble binary. A new version, which further commentators speculated may be under a GPL license, was mooted and the conceptual nature of the exercise can well be gleaned from the author’s assertion that little if anything is Linux-specific in the

in response to this one lone

sighting, McAfee, leading vendor of anti-virus software, released a lengthy press release, boasting of their quick response to this major threat. Bliss, in their own words the first virus for Linux, could now be detected and treated by McAfee’s own VirusScan for LINUX software. And again within such an extreme realm of the absurd, it’s too tempting not to repeat gems such as the following:

“McAfee researchers believe that one reason this virus has begun to spread is because Linux users who are playing computer games over the Internet, such as DOOM, must play the game in the Linux’s administrator mode, which is called ‘root.’” - a response to arguments that Unix systems are difficult to infect because the virus must run as privileged. The community responded adequately to what now appears a well played out farce which easily demonstrates both the anti-virus protective racket, reliant on fear and ignorance, and the foundation of such an industry on poor practise and poor software, aside from any questions of property, of doors open or doors closed. The exquisitely well documented Bliss episode illuminates a misjudged symbiosis between viral subculture and antiviral software industry in relation to free software as open code.

Key Links Life Sharing www.0100101110101101.org/home/life_ sharing Robert Slade sun.soci.niu.edu/~rslade/rms.htm
Key Links
Life Sharing
www.0100101110101101.org/home/life_
sharing
Robert Slade
sun.soci.niu.edu/~rslade/rms.htm
Fred Cohen
www.all.net/books/virus/part5.html
Morris Worm:
world.std.com/~franl/worm.html
Tierra
www.his.atr.jp/~ray/tierra
Reflections on Trusting Trust
www.acm.org/classics/sep95
Core Wars
www.koth.org
Unix Virus Bibliography
www.users.qwest.net/~eballen1/virefs.html
Bliss
math-www.uni-paderborn.de/~axel/bliss
Neoism
www.neoism.net
Biennale.py
www.0100101110101101.org/home/biennale_
py/index.html
MacMag
www.neoism.net/macmag_virus_-_history_
of_computer_viruses_1.html
of_computer_viruses_1.html code, which can and has been ported to a range of other
of_computer_viruses_1.html code, which can and has been ported to a range of other
code, which can and has been ported to a range of other OSes. The point
code, which can and has been
ported to a range of other OSes. The
point heftily underlined here being
that the viral is deeply intrinsic to
computation, before we even throw
networks into the equation, and that
viral efficacy or magnitude is purely

a matter of culture. Bliss makes such apparent. Far from malignant in both description and traced dissection, and even including a disinfection command line option, Bliss has an altogether different agenda than digital tagging.

HELP HELP? HAH! READ THE SOURCE!

Enter McAfee. Again, on the very same day, the 5th of February, and

34 LinuxUser & Developer