Worms, Bugs, and Viruses: Lime Disease on the Information Sidewalk

  1. A New Language
  2. Can’t get there
  3. Identity

Occasionally, newbies to the Internet will experience computer trouble at the same time that they start using electronic mail--with a million new users every month, this is going to happen to someone purely by chance--and they wonder if they’ve been infected with a computer virus through e-mail.

This is pretty unlikely. Most e-mail is pure text, and computer viruses are computer programs, which can’t be active in pure text (!). But as we expand e-mail into video, audio, and interactivity? Computer mail will have to include computer programs, and there will be viruses in them. Think about that before you read mail from a hypochondriac.(?)

Now, while that specific scenario--electronic mail hashing your hard drive--hasn’t happened yet, something pretty damn close has. It happened to Microsoft, of course. Microsoft, in their mad dash to catch up on the Internet, has been making all of their software “Internet-capable” willy-nilly. Their software already has extensive programming languages built in to them. So here’s what this worm did: if you received the message using Microsoft’s electronic mail software, it would be saved, and automatically opened, as a Microsoft Word file. It would then, using Microsoft Word’s programming language... bet you didn’t know you could program Word? But the hackers know, and that’s the important bit, eh, Bill? Using Microsoft Word’s programming language, it would call back to Microsoft’s electronic mail software, grab your address book, compose a message to three of your friends, and use Microsoft’s e-mail software to send that message out. If your friends also use Microsoft’s e-mail software and Microsoft Word, this new message will do the same on their computers.

Trivial to program. And whoever did it must have some sort of hacker conscience, because once you get access to Word’s programming language you can do whatever you want, including trash the hard drive. This virus didn’t do anything except have children and send them off into the world. This is what makes it a worm. Worms and virii don’t have to do anything bad; they simply need to propagate.

On November 2, 1988, Robert Morris (who?) sent a worm across the burgeoning expanse of the pre-pubescent Internet. It spread across the country in hours and brought the Internet completely to its knees. Sites that were lucky enough to receive e-mail warnings about the worm before they received the worm itself promptly disconnected themselves from the net, so that even the sites that weren’t hit by the worm were isolated from the rest of the world. Morris, it turns out, had goofed: his worm, meant to attack all computers on the net, wasn’t quite finished. The code for Unix was working, but the code for such things as VMS and CMS was only partially completed. He had wanted a test run, to see how the worm might fare. He popped it off, went out for dinner, and came back to discover that his worm had toppled the world--and that he was now the most famous worm writer of all time.

A dubious distinction, since good worm writers aren’t supposed to get caught. He came back from dinner a wanted man, and panicked so badly he tried to send an anonymous message out over the network, instructing system administrators how to kill his own child. The worm had brought the net so far down, however, that this message didn’t arrive anywhere until it was too late. Morris was later convicted of a federal felony and fined $10,050, but he didn’t have to pick up the trash. You can get anything you want on Alice’s Internet.

Robert Morris was a graduate student at Cornell University, and over at the alma mater there is still a residual pride for what he did. So far, no one else has come close to wreaking the havoc that Morris did on his dinner break. One group of wits even wrote a memorial poem, playing on the nearness to Christmas:

“The Worm Before Christmas”
by Clement C. Morris (*)
(a.k.a. David Bradley, Betty Cheng, Hal Render, Greg Rogers, and Dan LaLiberte)

‘Twas the night before finals, and all through the lab
Not a student was sleeping, not even McNabb.
Their projects were finished, completed with care
In hopes that the grades would be easy (and fair).

The students were wired with caffeine in their veins
While visions of quals nearly drove them insane.
With piles of books and a brand new highlighter,
I had just settled down for another all nighter--

When out from our gateways arose such a clatter,
I sprang from my desk to see what was the matter;
Away to the console I flew like a flash,
And logged in as root to fend off a crash.

The windows displayed on my brand new Sun-3,
Gave oodles of info--some in 3-D.
When, what to my burning red eyes should appear
But dozens of “nobody” jobs. Oh dear!

With a blitzkrieg invasion, so virulent and firm,
I knew in a moment, it was Morris’s Worm!
More rapid than eagles his processes came,
And they forked and exec’ed and they copied by name:

“Now Dasher! Now Dancer! Now, Prancer and Vixen!
On Comet! On Cupid! On Donner and Blitzen!
To the sites in .rhosts and host.equiv
Now, dash away! dash away! dash away all!”

And then in a twinkling, I heard on the phone,
The complaints of the users. (Thought I was alone!)
“The load is too high!” “I can’t read my files!”
“I can’t send my mail over miles and miles!”

I unplugged the net, and was turning around,
When the worm-ridden system went down with a bound.
I fretted. I frittered. I sweated. I wept.
Then finally I core dumped the worm in /tmp.

It was smart and pervasive, a right jolly old stealth,
And I laughed, when I saw it, in spite of myself.
A look at the dump of that invasive thread
Soon gave me to know we had nothing to dread.

The next day was slow with no network connections,
For we wanted no more of those pesky infections.
But in spite of the news and the noise and the clatter,
Soon all became normal, as if naught were the matter.

Then later that month while all were away,
A virus came calling and then went away.
The system then told us, when we logged in one night:
“Happy Christmas to all! (You guys aren’t so bright.)”

Silicon SWAT

The Morris Worm spawned an Internet SWAT called CERT: the Computer Emergency Response Team. CERT provides a clearinghouse for information about computer break-ins and security. When a new security hole is discovered, CERT quietly informs system administrators about the hole and the ‘fix’ to plug the hole. CERT is an all-volunteer group composed of netizens from around the world, the “seven samurai” of the Internet.

But how much do we really have to worry about computer security? In 1994, CERT recorded some 2,241 Internet security breaches (?)--out of millions of Internet computers. This number only doubled from the previous year, whereas the number of computers on the net jumped by far more than that. “Computer Emergency Response Teams” promise to be big money in the future. Both the original CERT and the federal government want in.

Still, with all the fuss about computer security and the lack thereof, “you have more chance of getting your credit-card number stolen in a restaurant or on a phone in Grand Central Station than you do of having it stolen on the Internet,” (?) and some people think that our focus is on the wrong problem. The more we depend on computers, the more we depend on computer programmers and builders. Morris’s worm brought the net down for a day. When Intel announced that their new “superchip”, the Pentium, had a ‘bug’ that made it perform some mathematical operations incorrectly, hundreds, if not thousands, of scientists and researchers had to throw out, in some cases, six months and more of work. (!)

On National Public Radio’s Fresh Air, Joshua Quittner said “I don’t believe we have much to fear” about computer hacking. “We have more to fear from computer programmers writing faulty programs and computers that don’t work the way they’re supposed to than we do with computer hackers.” (?)

An American Airlines jet crashed in December of 1995, because the jet’s software used poor defaults. The pilot punched an “r”. This was ambiguous: it could have pointed to either Cali or Bogota, and the software decided on Bogota, rather than asking for more information. So the plane turned towards Bogota and crashed into a mountain. (New York Times 8/24/96)

The biggest disaster in the telephone industry--cutting off long distance service for far more people than were inconvenienced by Morris’s worm--wasn’t the fault of any computer hackers, but the result of a programming bug: human error from computer programmers. And it was a comma that should have been a semicolon that sent a spacecraft hurtling into Venus: another programmer error. We have more to fear from incompetence than we do from evil.

This is a lesson we still haven’t learned in politics, after thousands of years of lessons. There’s no likelihood that we’ll learn any better on the net.

There’s a new virus going around now, as more and more people make it on the net. “Chain mail” is making its way around the net the same way it used to go through FAX machines. You’ve got the Craig Shergold chain mail, the $500 Cookie Recipe, and the bland and boring “good luck/bad luck” chains. The computer age has added a new one that the FAX didn’t have, and that’s the “virus warning” chain mail. This type of virus, halfway between a “real” virus and just plain spam, hasn’t been named yet. I’ve taken to calling them idiot viruses, because that’s the mode of infection. It takes idiots to transfer them. Some idiot gets a message, they have no idea where it came from originally, and it asks them to send it on to all their friends. And so they do. This type of virus is unique in that it doesn’t use computer code to replicate itself. It uses human psychology, and the knowledge that there will always be enough idiots willing to send it on.


The newspaper today has a big story about crackers (?) breaking through the Maginöt lines spread up and down the net: firewalls. Well, it was a big story in the computer section. It was resolutely (and rightly so) ignored in the rest of the paper. Compared to burglars breaking windows, nobody really cares about this, not even the owners of the computers that were broken into (which might explain why it’s so easy...).

A firewall is a computer standing between one group of computers and another group of computers. In its simplest form, you have a bunch of computers in one organization on one end (inside the firewall) and the rest of the Internet on the other (outside the firewall). The firewall doesn’t let any computer on the outside get in. Sometimes they do let computers on the inside get out. The solution the hackers have found is elegant in its confuscability. They just trick the firewall into thinking they’re on the inside. How the hell they do that is beyond me. It’s like tricking the bolt on your door into unhooking itself on its own. Or the security guard into letting you in because you’re not outside. “Knock knock.” “Who is it?” “I’m inside.” “Cool, come on in.”

These are firewalls based in trust, like the rest of the Internet. Like the security door in The Lord of the Rings which required simply that you “say friend and enter”, the firewalls were asking the incoming site where that site was. Part of the problem is that computer programs tend to trust every part of the computer that exists ‘below’ them. The people writing the firewall didn’t insert a line of code that said “ask them who they are”. Their code asked their own computer where the incoming call was from. And their own computer dutifully went and asked the incoming call, which dutifully lied. Another popular security scheme had the same problem. It needed a random number to be truly secure; it asked the computer for a random number among billions. The computer, however, took a short cut and gave an answer from a pool of “only” millions. The discrepancy was enough to let unwanted visitors break in. (Chronicle of Higher Education 3/1/96)

If we’re going to fix security problems on computers, we have to stop trusting computers to be right. “Right” and “wrong” are not things that computers know about.


  1. Though it is possible for them to lie, dormant, waiting for you to drop them on StuffIt Expander and activate them.
  2. In the months since I wrote that, we’ve seen Java take off on the world-wide web. Java is a “scripting language” for the world wide web. If you use a “Java-compliant” web browser, you’re allowing anyone on the net to take control of your computer. As long as the browser authors did their job, you’ll be fine--alien software won’t be allowed to do ugly things to your computer. But if they mucked up--and no one in their position in the history of computer hasn’t mucked up--you’ll end up with your “Great American Novel” replaced with “all work and no play...”.
  3. Son of NSA mogul Robert Morris, Sr., head of the National Computer Security Center.
  4. As posted on rec.humor.funny, December 9, 1988. At the time, their computers were in fact named dasher, dancer, prancer, etc. Don’t laugh. At the University of San Diego, all our Macintoshes are named after long dead Popes.
  5. Amy Cortese, “Warding Off the Cyberspace Invaders”, BusinessWeek, March 13, 1995, p. 92.
  6. ComputerWorld, May 29, 1995, p. 96, quoting Ted Prince.
  7. That Intel knew about this bug in their hardware for months previous made a lot of these researchers even more angry.
  8. Joshua Quittner, on Fresh Air with Nina Totenberg, National Public Radio, January 23, 1995. Joshua Quittner and Michelle Slatalla wrote Masters of Deception: The Gang That Ruled Cyberspace . It was also excerpted in Wired, December 1994.
  9. Crackers are hackers who ‘crack’ into computer systems, usually for evil purposes. When ‘hackers’ break into computer systems, they’re always doing it for the betterment of mankind, womankind, and computerkind.
  1. A New Language
  2. Can’t get there
  3. Identity