Against Nature

Anti-viral industries are engaged in a battle against the natural. Self reproduction is embedded deep within the technology of computation and by default its history and culture. Martin Howse sieves out the viral seed under both open and closed coding models


Free software exposes code and illuminates context, shedding its wide light on technologies and extruded economies, rewriting histories and creating a meaningful culture. In the field of the viral episodes such as the Bliss affair, in which free software rubbed shoulders with the anti-viral industry, exposing hype and deception, prove particularly illuminating. Free software also provides a handy lens with which to view both code and its culture as inherently viral. And of course the GPL as virus is a common theme kicked off by Microsoft and subsequently embraced by both the Free Software movement and its opponents, yet there can little doubt of its concrete viral nature in reproducing a license text file across thousands of software directories and which implicates subsequent code releases. Though implying damaged nature, with roots in Latin referring to poison and venom, the viral can well be viewed as benign in this light and the evolution of the computer virus does show that healthy experiment and the same prankster spirit which is embedded within the hacker ethic so dear to the free software community lie at the origins of the computer virus. Such histories well need to be teased out and contrasted against the tedious contemporary machinations of script kiddies and the like unknowingly implicated within vast machinations set in motion by morphing executables and resulting in escalating security measures eroding user's freedoms. After all, DRM and trusted computing initiatives can guarantee and manage both content and executable. And it's worth noting that free software participates little, other than on the side of prevention with apps such as ClamAV, in the spawning mass of viral nature. That's very much a proprietary affair, which is not to say that viruses cannot be written to run on GNU/Linux. Examples exist, yet there can be little doubt that the viral as obfuscated and self reproducing executable segment exists in strange relation to necessarily open code.

From humble and inauspicious beginnings rooted within academic recreation and imaginative fiction, the culture of the computer virus has exploded to embrace hardcore scientific research, forensics, serious networked security issues and an expanding and highly questionable underground movement with increasingly opaque motivations. The symbiotic relationship between the virus detection ,and protection industries and this burgeoning and highly explosive subculture proves a highly rewarding area for further study, with both parties locked in cold war style escalations little assisted by industry hyperbole.

At the same time, viral technologies could readily be explored and exploited within an open context and under the heading of a new notion of promiscuous computing. One example within contemporary aesthetics is the project Life Sharing from 0100101110101101.ORG which opens up all the artist's machines for free access. Parallels abound with the totally open and password free ITS or Incompatible Time Sharing system which pioneer hackers such as Richard Stallman used back in the day at MIT. The link to free software is both historic and essential.

Computer viruses can readily be viewed in this openly reproductive light, with contemporary networked fears reflecting nothing more than an age-old recurring panic over promiscuity. It's now a question of electronics, of the free exchange and flow of information, and it's interesting to note that headline searches under google for the term promiscuous reveal no salacious details, rather affording somewhat dry coverage of a mode for wireless devices under which the card will receive and share in all network traffic. The intended recipient, the trusted and known partner, is irrelevant. Promiscuous computing, in common with efforts such as the GNU/Hurd which attempt to wrestle control from the hands of a privileged and monolithic kernel, is all about freedom, addressing the segregation of functionalities at the stacked levels of network, user and code or process. Talk of segmentation in the kernel source code and within CPU design is talk of segregation. And Robert Slade traces the roots of the term worm to the wormhole like debugging traces of rogue programs which had escaped from within their boundaries or partitions. Sacrificing banal functionality in favour of open experiment are the watchwords of a move towards promiscuous computing which recognises that code and kernel policy are political matters.

Social software

At a reductive level it would appear that the multi-million pound anti-virus industry exists solely thanks to the efforts of a rather unhealthy gaggle of rebellious teenagers. If we can compare virus writing to say tagging it appears as a pretty lucrative paint removal business. Yet though easily and perhaps correctly viewed as digital vandalism, in common with graffiti, it is also a culture and has rarely been viewed from such a perspective. Parallelling the contemporary histrionic rise of scamming, phishing and spamming the viral also enters economy at another serious level other than that of Symantec and co. Writers are beginning to ply their trade for hard cash. And at the same time cunning technology is being replaced by embedded and heftily remote social engineering. The virus can now be viewed as social software running on the insecure OS of misinformation.

Yet rather than attacking virus authors from the sheer perspective of supposed and inflicted damages, it's easy to prove from both technological and cultural perspectives that the virus is as natural to computation as it is to our own bodies and cells. The viral, by way fo Joseph Von Neumann and cellular automata, is embedded within the history of computation, and within core technologies. Nearly all computation involves replication, with software copied across media, disk, memory and processor cache. And the compiler is totally implicated within the viral scene. In both human and machine instances a virus is of course seriously harmful but it does pay to consider the wider context free from hot blooded assumption. The virus shares much with other contemporary demons with the war on terrorism presenting another battle against an ill specified, largely invisible and in some cases fictional target laden with emotion and politics.

Viral authors may well be operating through sheer malice or under corrupt and misguided financial influence but truly the investigation of this magical reproduction, of the cellular in a parallel world, is an intriguing proposition. We could scarcely critique a contemporary Von Neumann investigating self-reproducing automata within the vast field of possibilities opened up by the network.

For the viral erupts on a vast terrain of property, ownership and thus of boundaries. It questions what it means to own hardware, who controls software and what happens as soon as we plug into a vast network of unseen possibilities, of corporate control, of spam bots, and of the viral; where the only contact with the human is through socially engineered financial loss. Who pushes the buttons? Code or user. Who owns and is responsible for this spawning code, and where is the boundary of individual hardware marked under a network considered by many as one vast machine with scripted web pages and remote applications paving the first steps for a road into purely viral territory?

The network, executable code and the viral are all concerned with visibility. Viruses are by their nature hidden and free software in relation to property rights is inextricably united with this domain in a battle of wildly changing frontiers, of impossible ethics and questionable responsibilities. It may well be up to user to keep her own machine secured yet parallels with real world activity and physical law are largely inappropriate and should be left well at home in some dusty corner of aged and inappropriate metaphor. There are no doors being left open and Richard Stallman presents a good range of arguments in such a debate around the core concern of free computing. The virus presents a rich thematic embracing the historical, cultural, linguistic, and aesthetic, exposing boundaries and privacies, networks, as well as participating in the exposure offered by crash, and economies of productivity and cash.

Worm holes

Definitions of, and indeed the sheer difficulty of adequately and scientifically defining, the phenomenon which is well intuited in a matter of seconds, are well rehearsed elsewhere with the key figure of Fred Cohen presiding over ceremonies. In his seminal paper dating back over twenty years to 1984 he defines the term, attributed to Len Adleman and describes how coders toiled over a "heavily loaded VAX 11/750 system running Unix" for eight hours to produce an experimental virus, for use as example within a subsequent security seminar. A virus was thus defined as "a program that can infect other programs by modifying them to include a possibly evolved copy of itself." And it's worth noting with reference to freedom and viral nature that Cohen himself writes that "... prevention of computer viruses may be infeasible if widespread sharing is desired..." Eugene Spafford also notes rewarding parallels between the viral and the realm of artificial life.

The difference between a worm and a virus, which is interesting to dissect with regard to social engineering and free software, boils down to one of distribution, how the software reproduces and thus spreads. Originally pinned down on a sneaker-led divide, with virus in the domain of the floppy and worm on newly minted net, a worm is now classified as a subset of the viral. Yet the main difference comes down to human intervention. A virus attaches to a program or file, yet cannot spread until the infected file is executed in some manner. By contrast a worm can spread between machines with no human agency other than that of its creator. Worms exist as standalone creatures with the historic Morris worm of 1988 as prime example in relation to a Unix operating system. Yet, it's also worth noting that the worm term has few negative connotations and was first used to benign effect; software would occupy otherwise idle machines for useful purpose. Such research took place in the early 80s at the important Xerox Palo Alto facility on a closed network. Within the context of a global network, the power of the worm, to inundate, multiply, spread and thus clog networks, is immense.

Viral nature

In contrast, the true virus exists thanks to an unsuspecting and ill informed user bewildered within a vast realm of hoax and deterministic GUI. Within such a world of fiction and simulation all is to be untrusted. At the same time, the flattening enacted by the possibly unknown executable, unknown as to its code and effects, tied to a specific, and again possibly unknown, architecture defines a region haunted by the viral; viruses without notation whose effects can only be known at execution time. Thus perhaps the main reason that nearly all viruses in the wild target the Windows family lies not solely in their popularity nor in the lack of knowledge of users, but rather through the proprietary nature of OS and executables all Windows apps are viral, potentially. Shareware ready to wreak havoc on a specific date. It's an environment under which freshly downloaded apps need to be x-rayed, scanned, tested and emulated by competing anti-viral apps. The viral loves the darkness of impenetrable assembly language, of unknown opcodes, and of proprietary code. Software without source code is inherently viral

Yet open systems are not immune to the spawning virus. The viral is natural. Shadiness in code is always possible, and the move to obfuscation is a move to the binary. After all what is an executable if not heavily obfuscated code? On a side note it's worth referencing a recent Underhanded C contest, inspired by the Obfuscated C affairs, which sets a challenge to write code which performs some covert function, yet which stands up to close visual scrutiny.

And at the same time, most systems aren't truly open to their very roots. The realm of the executable lies within the physical arena of hardware after all. It's hardly surprising given the embedding of copying within hardware, that the most common computing architecture today is that designed by Von Neumann, a figure obsessed with self-replicating systems. Alongside Stanislaw Ulam, co-inventor of the hydrogen bomb, he is credited as kicking off cellular automata, building on his work with self reproducing automata comprised of three main components; a universal machine, universal constructor, and information on tape. In 1967 Robert Schrandt talks of fights between automata. The measure of control is slipping. From here we can readily jump into both Conway's Game of Life, precursor of other viral experiments and intellectual exercises such as Core Wars, and into the viral field of artificial life, with spawning cellular software embedded in the sandboxes of Tom Ray's Tierra. The ghost is very much in the machine.

At the junction of source code and executable lies the compiler; true viral technology as identified within UNIX guru Ken Thompson's seminal 1984 paper, entitled Reflections on Trusting Trust. In this Turing Award acceptance speech, he concisely relates how he modified the C compiler to insert a backdoor and further to throw his modifications into any compiler compiled using his modified version. He walks through his elegant quine-led demonstration in just eight pages, yet the technological and cultural implications are vast and his conclusion packs in dubious morals. The compiler is a core viral technology enabling reproduction by way of execution.

The compiler, in bridging to the executable, in truly rendering executable, is the most vulnerable and most trusted component. After all even if we live in a hallowed land of totally open source code, the compiler is the only thing we only need to compile once, and which can infect all our precious source, or rather binary brethren. The mystery of the executable is well exposed here. All code is untrustworthy unless self created. At the same time, a compiler can well be considered as a virus under Cohen's definition through being self reproducing. Though by the same definition we could also include the editor, in conjunction with, say, a shell code interpreter.

Yet Cohen's further conclusion, arguing for stronger punishment of virus authors in comparison of such acts with joyriding and physical vandalism are open to question within the context of ownership in a shifting digital economy. Just as those who refer to piracy and stealing content rely on a narrow range of metaphors identifying these with the purely physical, so the field of the viral is not at all free from political bias. As code becomes more autonomous who can be blamed for its wayward antics?

Viral culture

It's readily acknowledged that the virus was christened within fiction, within stories such as The Shockwave Rider in 1975, which spoke of a tapeworm bringing down a totalitarian network, and When Harley was One in 1972, and indeed occupies a realm of fiction, the FUD of the anti-viral industries, and simulation. It's all about deceit on all sides. The virus was born within the closed world of simulation, as academic or hacker exercise; a world of quines, or self printing programs, of Darwin, expounding competition between self-reproducing programs, at Bell labs in 1971 and of similar Core Wars sessions a decade later. We can readily trace the rise of the computer virus within common computing culture, as coders sought to make real the promise of When Harley was One, recreating a Creeper program which copied itself across host systems. The anti-viral arms race was also thus started with subsequent Creeper stalking Reaper code. And within the pages of a trilogy of articles published in Scientific American in the early 70s discussing the hacker pursuit Core Wars, under which sandboxed code segments battle for CPU supremacy, we can see how readers responded to the challenge of the viral, transposing the game into the real machine world. The virus was born from a software fiction.

And it's easy to see how such early experiments within a closed domain, and more functional and necessary code, the early Rabbits and other animals which made sure of a clean slate for code on early mainframes by copying a singular instruction across memory, were all to eager to expand as computing accrued the encrustations of both physical and social networks. Distribution is central to the viral and it's an easy route from floppy to network. The computer virus changes in connotation and meaning as the context shifts from academic experiment or prank to the World Wide Web where it now accrues criminal intent, with Morris worm as transition point; the worm unleashed by student Robert Morris Jr. straight out of academia. The history of this viral expansion is well repeated elsewhere and does make for interesting reading with repeated, fugal characters and themes; a family tree of virus methodologies for example with comebacks such as Linux/ADM repeating the Morris worm of ten years previous.

Sister Bliss

Bliss, picked up way back in 97, wasn't the first virus targeting the GNU/Linux platform, that dubious position is reserved for Staog, but it was the most well commentated and first to receive the attentions of industry, making visible the differing cultural conditions and economies which condition the viral under open as opposed to proprietary systems. The story is well related online with full correspondence between Alan Cox and others on various kernel and security newsgroups dissecting the virus and arguing over terminology as to whether it is truly viral or rather a Trojan. Some of this history is well worth repeating as a demonstration of how the anti-viral industry simply mis-judged the free software community in lumbering into what it simply saw as a new field ripe for exploitation. The story of Bliss also proves interesting within the somewhat comical frame of an open source, community developed virus. Indeed Bliss was much praised at the time in both showing that GNU/Linux was now a popular platform, a false argument always given for the prevalence of Microsoft-targeted viruses, and for demonstrating that it's wrong to run untrusted binaries as root.

Bliss was first released, as an alpha version, in 1996 and infection of a random machine was reported on the linux-security list in early

  1. Major GNU player Alan Cox responded intelligently as follows, "In theory you can write a virus for any OS if the owner is dumb enough to install unchecked binaries as root." The finger is very much pointed at the binary. Yet on the same day, the Bliss author, posted to the comp.security.unix newsgroup, exhibiting great concern that an alpha version of his code had been released the year before, though thankfully it had gone largely unnoticed. He attached an encoded binary 0.4.0 release, helpfully compiled with full "debugging verbosity on," after issuing profuse description what the code actually does, and warning any reader not to run this tough to unscramble binary. A new version, which further commentator's speculated may be under a GPL license, was mooted and the conceptual nature of the exercise can well be gleaned from the author's assertion that little if anything is Linux specific in the code, which can and has been ported to a range of other OSes. The point heftily underlined here being that the viral is deeply intrinsic to computation, before we even throw networks into the equation, and that viral efficacy or magnitude is purely a matter of culture. Bliss makes such apparent. Far from malignant in both description and traced dissection, and even including a disinfection command line option, Bliss has an altogether different agenda than digital tagging.

Help help? hah! read the source!

Enter McAfee. Again, on the very same day, the 5th of February, and in response to this one lone sighting, McAfee, leading vendor of anti-virus software, released a lengthy press release, boasting of their quick response to this major threat. Bliss, in their own words the first virus for Linux, could now be detected and treated by =McAfee='s own VirusScan for LINUX software. And again within such an extreme realm of the absurd, it's too tempting not to repeat gems such as the following "McAfee researchers believe that one reason this virus has begun to spread is because Linux users who are playing computer games over the Internet, such as DOOM, must play the game in the Linux's administrator mode, which is called 'root.'"; a response to arguments that Unix systems are difficult to infect because the virus must run as privileged. The community responded adequately to what now appears as well played out farce which easily demonstrates both the anti-virus protective racket, reliant on fear and ignorance, and the foundation of such an industry on poor practise and poor software, aside from any questions of property, of doors open or doors closed. The exquisitely well documented Bliss episode illuminates a misjudged symbiosis between viral subculture and antiviral software industry in relation to free software as open code.

Word made flesh

In throwing the spotlight on a tight knit of fiction, economics, culture, community and code, Bliss could easily be regarded within the frame of contemporary aesthetics, which often attempt such feats but rarely succeed. One decent example, again prompting panic amongst the uninitiated and amply demonstrating how taboo the topic of the viral, except from the supposedly scientific viewpoint of the heatedly anti-viral, is the biennale.py work fake virus distributed in textual form on T-shirts by hardcore artist group 0100101110101101.ORG. With source code making textual reference to sexual promiscuity by way of a party variable and fornicate function amongst others, biennale.py neatly wraps up viral issues of responsibility and distribution. It's enough to mention the words artist and virus in the same breath to cause the very heat death of unknowing media. That biennale.py was largely a hoax, and parallels with the T-shirt distribution of DeCSS source, make of it a neat conceit.

Yet, biennale.py was by no means the first of such viral-occupied artistic pranks. In the eyes of net art critics such as Tilman Baumgartel and Florian Cramer, the MacMag virus, itself one of the first to attack a personal computer, pipped it to the post by a good 13 years. MacMag was distributed as a HyperCard file, which when opened installed an extension which would cause the machine to display a cheesy new age style message on startup. MacMag was reproductive, spreading by way of exchanged system disks and the author, or rather commissioner of code, publisher of Montreal-based MacMag magazine Richard Brandow was eager to claim responsibility. He claimed alternately that the value of the virus lay in its message promoting world peace, and that, in the words of Slade "he wanted to make a statement about piracy and copying of computer programs." Stallman's attitude to such issues could easily be inserted here, alongside his assertion, repeated within the context of an early anthology of essays on computer viruses, that security is a sickness rather than a cure,

MacMag has since been reclaimed as authored in the pranksterish spirit of Neoism, itself a viral and nihilist movement of shifting intent and technique rising from the ashes of Dada and situationism. William Burrough's language as virus, alongside the literature of the quine extended into the realm of mass media, stand proud within such a context.

And Cramer writes of the virus, considered as a contemporary literature of the net, as a virulent example of the word made flesh within the executable. A word made flesh of explosive power given the sheer size of a global infrastructure dependent on the network. It's high time to rethink not only literature but all viral matters in this light.

key links

Life Sharing: http://www.0100101110101101.org/home/life_sharing

Robert Slade: http://sun.soci.niu.edu/~rslade/rms.htm

Fred Cohen: http://www.all.net/books/virus/part5.html

Morris Worm: http://world.std.com/~franl/worm.html

Tierra: http://www.his.atr.jp/~ray/tierra

Reflections on Trusting Trust: http://www.acm.org/classics/sep95

Core Wars: http://www.koth.org

Unix Virus Bibliography: http://www.users.qwest.net/~eballen1/virefs.html

Bliss: http://math-http://www.uni-paderborn.de/~axel/bliss

Neoism: http://www.neoism.net

Biennale.py: http://www.0100101110101101.org/home/biennale_py/index.html

MacMag: http://www.neoism.net/macmag_virus_-_history_of_computer_viruses_1.html