Rob Rosenberger is a computer consultant who maintains the Computer Virus Myths Homepage. He replies:
The roots of the modern computer virus go back to 1949, when computer pioneer John von Neumann presented a paper on the "Theory and Organization of Complicated Automata," in which he postulated that a computer program could reproduce. Bell Labs employees gave life to von Neumann's theory in the 1950s in a game they called "Core Wars." In this game, two programmers would unleash software "organisms" and watch as they vied for control of the computer. You can read about Core Wars in the May 1984 issue of Scientific American.
Strangely enough, two science-fiction books in the 1970s helped to promote the concept of a replicating program. John Brunner's Shockwave Rider and Thomas Ryan's Adolescence of P-1 depicted worlds where a piece of software could transfer itself from one computer to another without detection. Back in the real world, Fred Cohen presented the first rigorous mathematical definition for a computer virus in his 1986 Ph.D. thesis. Cohen coined the term "virus" at this point and is considered the father of what we know today as a computer virus. He sums it up in one sentence as "a program that can infect other programs by modifying them to include a, possibly evolved, version of itself."
The media seldom mentioned computer viruses in the mid-1980s, treating the whole concept as an obscure theoretical problem. The media's perception of viruses took a dramatic turn in late 1988, when a college student named Robert T. Morris unleashed the infamous "Internet Worm." (Some trivia: Morris's father had a hand in the original Core Wars games.) Reporters grew infatuated with the idea of a tiny piece of software knocking out big mainframe computers worldwide. The rest, as they say, is history.
V.I.R.U.S. Protection, by Pamela Kane. Bantam Books, New York, 1989.
"Computer Viruses: Theory and Experiments," described by Frederick B. Cohen in A Short Course on Computer Viruses. ASP Press, Pittsburgh, 1990.
Steven White, manager of IBM Research's Massively Distributed System Group, offers some complementary information:
The term "computer virus" was coined in the early 1980s. Fred Cohen, then a Ph.D. student at the University of Southern California, came up with the idea of using self-replicating software, which spreads by attaching itself to existing programs as a way of attacking the security of multi-user computing systems. He showed this idea to Len Adleman, his thesis advisor. Adleman pointed out the similarity to a biological virus, which uses the resources of the cell it attacks to reproduce itself, and the term "computer virus" began its journey into everyday English.
Since then, computer viruses have mimicked their biological namesakes, spreading digital disease around the world. And here at IBM Research, we are taking inspiration from biological defenses to viruses and creating a kind of immune system for cyberspace, which will be able to find, analyze and eliminate new computer viruses from the world's computers quickly and automatically.
Alex Haddox is product manager of the Symantec AntiVirus Research Center, which manufactures Norton AntiVirus products. He adds:
The history of the computer virus began in the 1940s when John von Neumann published a paper called "Theory and Organization of Complicated Automata," which documented the possibility of replicating computer programs. John Conway is credited with creating the first "virus" in the form of a life emulating program called the "Game of Life" in the 1960s. In the 1970s the first true self-replicating programs, referred to as "organisms," were written as experiments in artificial intelligence on UNIX systems and used in small, isolated network type games by large research companies. In 1983 the term "virus" was first coined to describe self-replicating programs by Frederick Cohen and his colleague, Len Adleman. The first reports of serious damage from a PC virus occurred in 1986; the infection was caused by the "Pakistani Brain" virus, which was written by two brothers, Basit and Amjad Farooq Alvi, of Lahore, Pakistan.
A final reply comes from Jacob Motola of Integralis, a software security company:
The concept behind the first malicious computer programs was described years ago in the Computer Recreations column of Scientific American. The metaphor of the "computer virus" was adopted because of the similarity in form, function and consequence with biological viruses that attack the human system. Computer viruses can insert themselves in another program, taking over control or adversely affecting the function of the program.
Like their biological counterparts, computer viruses can spread rapidly and self-replicate systematically. They also mimic living viruses in the way they must adapt through mutation to the development of resistance within a system: the author of a computer virus must upgrade his creation in order to overcome the resistance (antiviral programs) or to take advantage of new weakness or loophole within the system.
Computer viruses also act like biologics in the way they can be set off: they can be virulent from the outset of the infection, or they can be activated by a specific event (logic bomb). But computer viruses can also be triggered at a specific time (time bomb). Most viruses act innocuous towards a system until their specific condition is met.
The computer industry has expanded the metaphor to now include terms like inoculation, disinfection, quarantine and sanitation. Now if your system gets infected by a computer virus you can quarantine it until you can call the "virus doctor" who can direct you to the appropriate "virus clinic" where your system can be inoculated and disinfected and an anti-virus program can be prescribed.
Answer originally posted September 2, 1997.