**************************************************************  
*                                                            *  
*                         CYBERSPACE                         *  
*         A biweekly column on net culture appearing         *  
*                in the Toronto Sunday Sun                   *  
*                                                            *  
* Copyright 1999 Karl Mamer                                  *  
* Free for online distribution                               *  
* All Rights Reserved                                        *  
* Direct comments and questions to:                          *  
*   <kamamer@yahoo.com>                                      *  
*                                                            *  
**************************************************************  
  
Ever since the Michelangelo virus hype of the early '90s, I 
cringe whenever the popular media picks up on a virus scare. 
These scares always generate a bothersome  amount of email 
forwarded to me from people who barely know how to trim 
multiple levels of quote symbols. People, right before my 
lunch, will come running into my office waving floppy disks 
with anti-virus software they got from their cousin who 
downloaded it from a virus-infested school computer and expect 
me to install it then and there while they look over my 
shoulder.

The "cure" is sometimes worse than the virus, particularly when 
you practise safe computing. I scan everything and I don't 
launch EXE or DOC files from untrusted sources (i.e., clueless 
people).

The recent Melissa virus scare was a bit troublesome. The virus 
is spread via a Microsoft Word document attached to an email. 
If you open the document, a Word macro reads your personal 
email address book and forwards copies of itself to the first 
50 people on the list. The virus inserts the infected person's 
name after the subject line "Important message from".

Though I never received it, the Melissa virus may have been one 
that would slip under my mental and visceral anti-virus radar. 
A lot of people I get regular emails from I still wouldn't 
consider a trusted source. There are one or two I might trust 
enough to open a Word document. Of course, those same people 
are expressive enough with language that they'd never use an 
open ended subject like "Important message". They'd write 
something like "I'll buy lunch today" or "Must cancel on you 
for Swan Lake".

I detest meaningless subject lines so much that my home email 
account automatically trashes anything with "read this" in the 
subject line. That I like you is reason enough for me to read 
your email. Don't beg.

The Melissa virus was, thankfully, not destructive, just 
malicious. The danger was in its self-replicating nature. In 
computer parlance, a virus like Melissa is known as a "worm". 
As it replicates, it worms its way through the network until 
every infected system's resources get locked up doing nothing 
but trying to replicate the worm and pass it on.

Melissa 's actual coding wasn't particularly clever. Word 
macros are not difficult to write. The cleverest virus to ever 
infect the Internet, and probably the first time the word 
"Internet" was widely used by main stream media, was the worm 
(know by many as "The Great Worm") created by Robert Morris, 
Jr. in 1988.

Morris was a graduate student at Cornell. On November 2, 1988 
Morris "accidentally" released a computer virus onto the net. 
Once a computer was infected, it began endlessly replicating 
the virus and transmitting copies to other computers via email. 
The worm quickly ate up processor time and brought the net to a 
screeching halt. 

A cure for Morris' virus was quickly devised. Unfortunately, 
the only way to widely disseminate the solution was via email, 
the very thing the worm was attacking. Doh! Many system 
administrators disconnected their sites from the net until the 
worm was completely eradicated.

Unlike the Melissa virus which exploits individual 
carelessness, the Great Worm exploited a little known security 
hole in a Unix email utility. "Security through obscurity" is 
pretty cost effective until word gets out.

In 1988, the list of possible suspects for the Great Worm was 
pretty narrow. Unix security expert and author of /The Cuckoo's 
Egg/ and /Silicon Snake Oil/ Clifford Stoll was fingered 
initially. Suspicion eventually turned to Morris, a young man 
in a rather unique position.

Morris Jr. was no ordinary computer science student. His dad, 
Morris Sr., was the chief scientist at the National Security 
Agency's National Computer Security Center. Morris Jr.'s first 
encounters with breaking security came when his dad brought 
home one of the original World War II era Enigma cryptographic 
machines. As a teenager, Morris had an account at Bell Labs and 
was able to hack the network, giving himself access to system 
administrator commands.

Morris was eventually smoked out, do to the partially efforts 
of his father, and sentenced to 3 years probation. He went on 
to complete a Ph.D. at Harvard.

Morris has kept a low profile since his conviction. You can 
view his own personal web page at www.eecs.harvard.edu/~rtm. 
Despite being behind a major landmark in net history, Morris 
makes no mention on his page of the Great Worm of '88.