If you read online IT publications and message boards, you’ll know the story: as soon as a new Trojan is reported, there’ll be a flood of comments along the lines of "That would never have happened with Linux!" And let's be honest: at least 99 % of the time this is true. The fact is that the majority of malicious programs identified to date (well over 2 million) target Windows. Linux, on the other hand, with a mere 1898 malicious programs targeting the operating system, appears to be relatively secure. And to date, only 48 malicious programs for Apple's OS X have been identified.
Turbulent beginnings
In the early 1970s - long before the appearance of Microsoft - the Creeper virus was infecting computers running DEC's TENEX operating system. This malware could be seen as being ahead of its time, as it used the ARPANET – the forerunner of today's Internet – to spread. Creeper was followed by Pervade in 1975. Pervade was coded for UNIVAC systems and had been created in order to distribute a game called "Animal". Finally, in 1982, it was Apple’s turn; users had the dubious pleasure of dealing with Rich Skrenta's Elk Cloner, a virus that spread via floppy disks and regularly caused systems to crash.
Fig.1 Back in the day…message displayed by the BHP virus
Four years later, C64 users joined the virus victims - the BHP virus (believed to have been created by the German "Bayerische Hacker Post" group) caused the screen to flicker at irregular intervals, greeting the unfortunate victim with a message which read “HALLO DICKERCHEN, DIES IST EIN ECHTER VIRUS!” (which translates as "HALLO FATTY, THIS IS A REAL VIRUS!"). The text was followed by a serial number, which increased by an increment of one with each new infection. The virus also ensured it would be able to survive a system reset by hooking a number of interrupts.
It was only in 1986 that the first MS-DOS-compatible malware finally appeared. Brain was a boot sector virus; conveniently, the malware code included the names, addresses and telephone numbers of its authors. Amjad and Basit Farooq Alvi were brothers who asserted they had created Brain in an effort to determine the level of computer piracy in India. However, they subsequently had to admit that they had lost control over their experiment.
In the years that followed, the virus scene really started to flourish, and soon there were viruses for every operating system. Over 190 pieces of malware were identified for the Commodore Amiga, with another two dozen targeting the Atari ST. These included the "C't" virus [http://www.stcarchiv.de/am88/06_viren.php], which was actually published in 1988 in iX's sister publication C't as an assembler listing that readers could reproduce - proof indeed of the casual attitude towards malware still prevalent at the time.
An undesirable malware monopoly
Viruses, worms, and other malware only really started to flourish when private households gained access to the World Wide Web. Previously, malicious code had only been able to crawl slowly from floppy disk to floppy disk, but now malicious programs such as Melissa or ILOVEYOU were able to travel around the world in a matter of minutes. An increased variety of platforms was to play a deciding role. Malware which spread by email was only able to realize its full potential (and pose a threat to the majority of Internet users) once Windows and Outlook gained a significant market share. The largely heterogeneous system landscape, typical of the private sector during the 1980s, was replaced by MS-DOS and Windows. And something else changed with the arrival of the Internet: for the first time, there was a way in which malicious programs could communicate with their creators.
While the spread of viruses and worms had previously been a matter of chance, and something that couldn’t be controlled, data could now be taken from a target computer or commands relayed to an agent on a remote hard disk. This created ideal conditions for DdoS attacks and mass spam mailings, and, in turn, created a golden opportunity to earn money by distributing malicious programs. Obviously, a person who earns their money from conducting attacks of this kind is always going to target which offers the greatest number of targets. For this reason, the millions of Trojans that are sent by email every day target Windows users - malicious code targeting BeOS or Plan 9 would be unlike to have the desired effect. Whether or not these systems are actually more secure than Windows XP is therefore a moot point - even if such a thing as an unhackable operating system existed, there would still be more than enough vulnerable applications on the hard drive with security loopholes that could be exploited for the purpose of attack.
The status quo
Microsoft Windows thus effectively became the standard for malware due to its high market share. Not only was the number of new malicious programs targeting Windows far higher than the number targeting non-Windows users, there was also a difference in the type of malware targeting each environment. Two distinct worlds were established.
No comments:
Post a Comment