Security

Computer security is a paradoxical term. The vast network of networks known as the Internet is complex, and it is open. As many have observed, without those two characteristics in place, there is no Internet. But with both present, there can be no perfect security, especially since there are many people on the Internet who have an interest in exploiting its [Page 404]weaknesses for simple amusement, for criminal purposes, or even for waging war.

Computer security threats take several forms. First, there are hackers, computer-savvy individuals using their skills to break into computer networks to steal or alter data, or simply to experience the thrill of virtual cat-burglary. Next, there are viruses, destructive programs designed to attach to system files or other handy files in a computer; a virus lies dormant until the file is accessed, and then executes its destructive functions. Third, there are worms, powerful programs that usually gain access to computers through the Internet—often through email, sometimes by Web browsing. Many operate autonomously, but some, like the famous Internet Relay Chat–based PrettyPark worm, are executed only on the command of a hacker. Once worms infect a terminal, they usually seek other computers on the Internet to infect. Some worms, like the email-driven Code Red, have been known to cause many millions of dollars in damage, especially to corporations experiencing expensive down time and the destruction of valuable equipment and data.

Security has been an issue almost as long as there have been networked computers. In 1980, John Shoch and Jon Hupp of Xerox Palo Alto Research Center (PARC) in California created the first malicious worm by accident. Their idea was for the worm, as they called it, to automatically install Ethernet performance-measurement tools on 100 PARC computers, so the duo wrote a program capable of sending and installing itself across Xerox's closed network. However, as Robert Lemos recounted for CNET in March 2001, the program contained a bug, and bad code spread to each computer. Each time a terminal would install the worm, it would start to run, then crash the computer. Before long, Shoch and Hupp had rendered 100 Xerox computers useless.

In 1987, the first worm hit a public network, the IBM-only Internet precursor known as BITNET. The “Christmas Tree virus” drew a picture of a Christmas tree on an infected computer's screen before mailing itself to other computers. It eventually clogged IBM's entire international network.

In 1988, 23-year-old Cornell University graduate student Robert Morris wrote a worm that exploited “sendmail” flaws in the UNIX operating system. Like Shoch and Hupp, however, Morris wrote inadvertent bugs in the worm's code that caused it to propagate much faster than intended, according to Tangled Web author Richard Power. The Cornell worm spread rapidly, overloading between 3,000 and 4,000 servers, roughly 5 percent of the servers then present on the Internet.

Malicious programmers learned much from the Christmas Tree and Cornell worms. Because of their self-perpetuating properties and destructive capabilities, worms have become the weapon of choice for those bent on creating havoc on the Internet.

...