Most IT support packages are designed around security first, as in an increasingly networked business world reliant on cloud services, there are both significant benefits and potential risks.
As many businesses will use some form of personal data, there needs to be a proportionate level of protection to avoid the potential legal and reputational consequences of a breach.
This can be prevented through a suite of security applications as well as training for employees to help them spot common social engineering tactics and avoid computer systems being infiltrated through other means.
All of this can be traced to a relatively harmless computer program that caused no damage, infected less than 30 computers and changed the course of IT history.
Catch Me If You Can
The concept of a computer virus, or a self-replicating computer program that could spread from system to system in a way that looked similar to a disease, has its origins in a series of lectures from the 1940s by pioneering computer scientist and polymath John von Neumann.
This became of particular interest to early computer users when these lectures were adapted into the article “Theory of Self-Reproducing Automata” in 1966 and the concept of a computer virus started to enter the minds of early computer scientists.
The first prototype virus based on this concept was Creeper by Bob Thomas of the research company Bolt, Beranek and Newman (now part of Raytheon).
BBN was the company that invented email in 1971 and Creeper was a test to see if a computer program could move between different computers on a network.
It could only spread between computers on ARPANET, an early network that would eventually form part of the Internet, and only to computers running the same TENEX operating system that Creeper was coded for. This was a total of 28 machines that could have been infected.
Ray Tomlinson, the inventor of email that also modified Creeper to self-replicate and become the first computer virus, noted that its only effect was to display a single line of text that dared the user to catch it if they could.
It needed permission to run on the other machines, had no unintended side effects, and everyone who was infected had also helped to work on the project.
The Reaper For Creeper
A year after the invention of Creeper, Reaper was created to travel across the ARPANET and delete all instances of Creeper, becoming the first-ever antivirus software in the process.
The concept of computer security was barely a consideration outside of physically locking computer rooms, and whilst Creeper itself was little more than a fascinating curiosity, it did start to inspire concerns for what would happen if such a piece of software was used maliciously.
The same year as Creeper, Alan Davies, then a graduate student at the University of Illinois, accidentally created a piece of malware that would steal all the disk space on an early computer, which was shared due to the lack of user account management at the time.
The exact impact of Creeper was uncertain, as whilst Ray Tomlinson claimed that there were literally no negative effects, other accounts claimed that it did cause wasted computer cycles, led to messages being printed out and affected productivity, although even in those cases the overall effect was minimal.
Were Lessons Learned From Creeper?
The true effects of Creeper and Reaper are found more in the unintentionally long shadow they cast over the computer world, as they proved the capacity for computer code to spread like a virus in the same way that bacteria and viruses can spread from person to person.
Pervading Animal was similarly harmless but would form the basis for trojan horse malware attacks, where a seemingly innocent download or link has unintended side effects that allow it to replicate or potentially cause harm to a system.
As is the case with many diseases, Creeper and Animal revealed very early on that the biggest risk factor to computer networks is an ignorance of the potential for software to replicate and cause unintended issues.
However, the limitations of ARPANET, which was limited to academics who were typically researchers and computer scientists themselves, meant that both any damage and any potential lessons were limited in scope.
It would take until Elk Cloner in 1982, a prank by a teenager that turned into the first-ever large-scale computer outbreak before the importance of computer security became clear, and it would not be until the latter part of the 1980s that the potential for malware to cause harm was more widely known.