There will be more viruses – that’s an easy prediction. How many more is a difficult call, but over the last five years, the number of viruses has been doubling every year or so. This surely must slow down. If we say 1,500 viruses in mid-1992, and 3,000 in mid-1993, then we could imagine 5,000 in mid 1994 and we could expect to reach the 8,000 mark some time in 1995. Or perhaps we are being optimistic? [CKnow: The number topped 10,000 in 1996. It continues to go up. See the topic on number of viruses.]
The glut problem will continue, and could get sharply worse. Whenever a group of serious anti-virus researchers meet, we find an empty room, hang “Closed for cleaning” on the door, and frighten each other with “nightmare scenarios.” Some of the older nightmare scenarios have already come true, others have not, but remain possibilities. The biggest nightmare for all anti-virus people is glut. There are only about 10-15 first class anti-virus people in the world, and most of the anti-virus companies have just one of these people (some have none). It would be difficult to create more, as the learning curve is very steep. The first time you disassemble something like Jerusalem virus, it takes a week. After you’ve done a few hundred viruses, you could whip through something as simple as Jerusalem in 15 minutes.
The polymorphic viruses will get more numerous. It turns out that they are a much bigger problem than the stealth viruses, because stealth is aimed at checksummers, but polymorphism is aimed at scanners, which is what most people are using. And each polymorphic virus will be a source of false alarms, and will cause the researchers much more work than the normal viruses.
The polymorphic viruses will also continue to get more complex, as virus authors learn the technique, and increasingly try to ensure that their viruses cannot be detected.
Scanners will get larger – more code will be needed because more viruses will need hard coding to scan for them. The databases that scanners use will get larger; each new virus needs to be detected, identified and repaired. Loading the databases will take longer, and some programs will have memory shortage problems. [CKnow: Indeed, this has forced anti-virus firms to combine more sophisticated techniques with simple database scanning.]
As Windows becomes more popular, people will be increasingly reluctant to run scanners under DOS. But if you are running Windows, you have run software on the hard disk, and if one of the things you’ve run is infected by a virus, you have a virus in memory. If there is a virus in memory, you cannot trust what the computer is saying – it could be a stealth virus. Windows will make antivirus software less secure.
The R&D effort to keep scanners up-to-date will get more and more. Some companies won’t be able to do it, and will decide that scanning is outdated technology, and try to rely on checksumming. Other companies will license scanners from one of the few companies that still maintains adequate R&D (we’ve already started seeing some of this). Some companies will decide that the anti-virus business isn’t as profitable as they had thought, and will abandon their anti-virus product, and go back to their core business.
Users will get a lot more relaxed about viruses. We’ve long since passed the stage where a virus is regarded as a loathsome disease, to be kept secret. But we’re increasingly seeing people who regard a virus on their system with about the same degree of casualness as a bit of fluff on their jacket. Sure, they’ll wipe it off, but there’s not real need to worry about it happening again. This is perhaps a bit too relaxed an attitude, but what can you expect if a user keeps on getting hit by viruses, and nothing terrible ever seems to result.
Anti-virus products will mature a lot. Those without any kind of decent user interface will have a hard time competing against the pretty ones. Those with a long run time will be rejected in favour of those that run in seconds. Exactly which viruses are detected will have far less emphasis (it is very difficult for users to swallow claims about so many thousands of viruses) than the ease of use of the product, and the amount of impact it has on the usability of the computer.
New products will keep arriving, as each company invents the product that makes all previous products obsolete. Sometimes the magic ingredient will be software (AI, neural nets, whatever is the latest buzzword) and sometimes it will be hardware (which can never be infected, except that that isn’t the problem). These products will burst on a startled world in a blaze of publicity, and vanish without trace when users find that installing them makes their computer unusable, or else it doesn’t find any viruses, or both. But new ones will come along to take their place.
Gradually, people will trade up from DOS to whatever takes its place; OS/2, Windows-NT or Unix, and the DOS virus will become as irrelevant as CP/M. Except that DOS will still be around 10 or even 20 years from now, and viruses for the new operating system will start to appear as soon as it is worth writing them.
Some computers are already being built with ingrained resistance to viruses. Some brands of computer are already immune to boot sector viruses, provided you make a simple choice in the CMOS setup (don’t boot from the floppy). [CKnow: “Immune” is probably too strong as a multipartite virus can still drop a boot sector infector from a file even if the CMOS is set to only boot from the hard disk.] Right now, very few users are being told that these computers can be set up that way, but people are gradually finding out for themselves. This doesn’t solve the virus problem, but anything that makes the world a difficult place for viruses must be a help.
The virus problem will be with us forever. It isn’t the dramatic, worldshaking kind of problem that Michelangelo was made out to be; nor is it the fluff-on-your-jacket kind of problem. But as long as people have problems with computers, other people will be offering solutions for those problems.
The information in this section was provided by and used with permission of Dr. Solomon Software. Please do not further use the material without obtaining your own permission to use it.
Thank you Dr. Solomon.
Now you might want to continue to Robert Slade’s history to get a different viewpoint and some additional details.
|Dr Solomon History|
|1993 Polymorphics and Engines||Robert Slade Computer Virus History|