In the early days of computing, many end-users would have a common fear of receiving a virus on their PC. Some would go to great lengths to protect their computers, paying for antivirus software such as McAfee, Norton, and Avast in order to keep their desktop clear of a Trojan Virus. However, regardless of what lengths people went to in order to avoid a virus, getting a virus was inevitable. This resulted in users enabling Safe Mode, delete recently downloaded files, and run virus scans in hopes that no data was lost or corrupted. In today’s society, however, the thought of getting a virus on your PC rarely crosses our minds. Many people have even stopped purchasing antivirus software. While the threat of getting a virus is still possible, it isn’t as prominent as it used to be. What is more threatening to users now is data breaches, as well as protecting their privacy. It is clear that there are many vulnerabilities. But traditional computer viruses aren’t seen as often as they were back in the late ‘90s or early 2000s. So what exactly happened?
The Documentation of Computer Viruses.
The timeline of computer viruses should be considered before addressing the question that this article asks. Computer viruses have been around for a long period. The earliest virus documented is “Creeper” which dates back to 1971. The mechanics of this virus are fairly simple. Once the virus was placed inside a local drive, it would continue to replicate itself until the given computer ran out of space and became inoperable. At this point, the virus would taunt the user with a message that reads “I’M THE CREEPER. CATCH ME IF YOU CAN.” Fortunately, Creeper wasn’t built with malicious intentions. Creeper served the purpose of demonstrating basic computer vulnerabilities and how these shortfalls can be addressed. However, the days of benign experimental viruses did not last long. Once computers were considered to be a household item rather than something used at work or school, a new subset of people generally referred to as “Hackers” started reverse engineering code. As a result, more malicious viruses were now being seen.
An example of this is the first malicious virus called “Brain” which appeared in January 1986. Unlike Creeper, Brain did not serve the purpose of wasting space. This virus would corrupt your computer by infecting your Boot Disk. From this point, Brain would move your Boot Sector to another location. Additionally, Brain would override your original Boot Sector with the virus making it impossible to boot the computer. By doing so, these viruses can execute malicious code and maintain persistence on the system, making them difficult to detect and remove. Boot Sector viruses and Bootkits have been known to cause various issues, including system instability, data corruption, and unauthorized access to sensitive information.
Another prominent computer virus is the “Michelangelo virus” which made its debut in 1991. Michelangelo worked in a similar fashion, with some differences. Rather than corrupting the computer when making contact, Michelangelo would wait until March 6th, of every year to activate payloads. This way no one was aware of how much the virus had spread. On March 6th, the virus would override the first 100 sectors with zeros. As a result, everyone who was infected would encounter data corruption. To protect against the Michelangelo Virus, users were advised to use updated antivirus software, exercise caution when handling floppy disks, and regularly back up their data. Later, another virus would seem to be more effective than these last two mentioned.
The CIH virus, also known as the Chernobyl Virus, was a highly destructive computer virus that emerged in 1998. It was named after the infamous Chernobyl nuclear disaster that occurred in Ukraine in 1986. The CIH Virus was created by a Taiwanese programmer named Chen Ing-hau, who was a college student at the time. The motive that is speculated at the moment is that the college student wanted to put overconfident software engineers in their place. It is safe to say that goal was destroyed. Once CIH made contact with a user’s computer, it would override the Hard Drive, Boot Sector, and BIOS. Similar to Michelangelo, CIH was designed to remain dormant for one month before activating its payloads. When the virus was triggered, it would end up infecting 60 million computers and causing $1 billion worth of damages. As a result, computer viruses would be considered an international threat and would only increase with the internet. Up until this point, the main culprit spreading viruses were shared floppy disks, but the internet became more viral.
The first prominent internet virus seen in 1999 was named “Melissa.” Melissa was distributed through email and once you received Melissa, it would automatically be sent to your contacts. Fortunately, Melissa was not malicious. As some would consider Melissa to be a social experiment that distributed passwords to adult pornographic websites. Its successor, however, “iloveyou” in 2000 wasn’t nearly as kind. On the surface, iloveyou was a simple .txt file that was spread through email. Behind the scenes, it was a VBS file that could override Office, image, and audio files. In a period of 10 days, iloveyou would spread to 50 million computers. This marked the beginning of the peak computer virus era. However, within the next 10 to 15 years, this fear would disappear almost as if it never existed.
The Possible Eradication of Viruses.
While these viruses are notably no longer a threat to end-users, they notably spread through two distinct ways. These two ways are Shared Storage Devices, and online through the Internet. Thanks to the internet, the first medium was eliminated. Now that people had the ability to email each other, there’s no need to share Floppy Disks as well as external devices such as USB Drives. Should a device be shared, it would contain confidential files that would be at risk of interception if emailed. The “Storage Device Medium” died out and is only used for commercial purposes. The internet however still poses a threat to end-users and is difficult to address. A lot of this process consisted of security improvements in the form of updates to operating systems and browsers alike. However, there was a pinpointable event that improved security online. This is known as the ditching of Internet Explorer. Around the year 2004, the Market Share of Internet Explorer peaked at 95%. Many people, including myself, remember IE as a slow internet browser. But it was much worse when it came to security vulnerabilities. Internet Explorer not only allowed for the execution of Javascript, IE also allowed for the execution of VBScripts which gave the browser access to the computer. This would allow websites to accomplish more advanced tasks as they had access to the computer. However, this also allows these websites to accomplish much more nefarious tasks, which is what happened. Microsoft did not do much to address the problem other than publishing a tutorial on how to disable VBScripts execution. But the average end-user would not go to these extents to protect their PCs, nor would they take the time the learn to perform such a task. Average end-users however migrated to Google Chrome. Unlike Microsoft, Chrome did not support VBScripts. Which put many people at ease. These threats were effectively cut off. This however still leaves userts with the “Download Medium” threat. While this isn’t as threatening as it used to be, updates to programs including the operating system put many people at ease.
Before 2010, scheduled updates weren’t around. It was common to purchase a version of Windows that was installed on your new computer, and you would stay on that version until you bought a new PC. Granted you could check Microsoft’s website for Windows updates, but many people never took the time to bother with updating Windows. This would later change with the introduction to Windows ME which allowed users to update Windows within the operating system. Overtime, this would be revised with Windows 7 and 10. Constant updates could be seen more within Windows 7’s release in late 2009. From then on, security updates to Windows were seen more often. While people believe that they occur at the worst time, it is a sort of response from Microsoft fixing security vulnerabilities within Windows. It is also worth noting that corporations have recently been setting cybersecurity as a priority. Between the years 2010 and 2018, spending for cybersecurity accelerated from $24.4 billion to $66 billion. Furthermore, these companies have built cybersecurity departments which are made up of well paid engineers. For example, security analysts at Microsoft are paid $272,000 on average. As for compensation, companies are diverting hackers in exchange for money. For example, Google offers $1 million if you can hack Google Chrome. Similarly, Apple is offering $1.5 million if you can hack the iPhone. On an annual basis, these companies pay people millions of dollars. In return, they’re able to prevent exploits that could possibly harm several end-users. In the meantime, users have become more familiar with technology and protecting their devices. It’s worth mentioning that internet usage has become much more focused. While we all spend much more time than ever on the internet, virtually all of our usage has to do with reputable companies such as Google, Amazon, Microsoft, etc. While viruses are still a threat, the chances of encountering one is much lower than a decade ago. One could consider this a “virus free” era. However, the times have changed.
Shifting Motives.
None of this is to say that computer viruses are no longer around. The number of threats are larger than ever. This is because viruses no longer target regular end-users. Back then, the only incentive for creating a virus was to gain traction. However, hacking is more profitable as far as user data. As well as operating international cybercrime rings. Considering the times, this makes sense. After discovering an exploit in Windows, would you rather spread it to other users? Or would you target large corporations. Stealing data from others is more valuable and effective than corrupting someone’s PC. This information is worth well over millions of dollars. Given that it will more than likely be sold through dark avenues, you’ll have to accept a deep discount. However, the money you will receive is more than what companies will offer for that exploit. Should common end-users be the target, the objective would not be to corrupt their machine. As you would not want the end-user to notice. While traditional viruses are seen on a desktop, these types of viruses are now making their way to the mobile community with spam text messages that contain links that collect your data. Along with scam calls impersonating tech corporations such as Apple. Or phone providers.
Ideally, this virus should have the ability to permanently collect data and not inhibit any functionality whatsoever. If you are able to do this in an appropriate manner, you can have constant streams of data from many people. Thanks to cryptocurrency, hackers are able to transact an insane amount of money with ease. For example, someone claims to own $7 billion worth of Bitcoin, making them the 369th richest person in the world. While viruses may not directly effect users as much as they used to, they are still a major threat. Ultimately, we all remember computer viruses as a symbol of computers throughout the 2000s. With cybersecurity now becoming a priority online, updates to programs, and much more users being more tech savvy, traditional computer viruses are in the past. This does not mean that cybersecurity threats are completely eliminated. Rather, they have shifted in their form and motive. Viruses today don’t aim to slow down or corrupt your computer. They aim to steal your data and sell it online. Judging by the many data breaches that occur on a regular basis, there is still a long way to go. But running your PC in Safe Mode is in the past.
