Gibson declared antivirus software 'dead' — in 1992

Rob Rosenberger, Vmyths co-founder
Tuesday, 24 July 2001

MEDIA DARLING STEVE Gibson knows how to stir up a controversy in the computer security world. He most recently made headlines by predicting an Internet armageddon — just because Microsoft will (finally) follow a well-established Internet specification.

Today's antivirus technology died nine years ago according to Steve Gibson. Why didn't his ancient prophesy of doom come true?

Controversy is nothing new for Gibson. He has a long history of tirades against computer security and Microsoft operating systems. His doom & gloom dates back almost a decade. An article Gibson wrote for InfoWorld in 1992 reveals one of the messiah's early predictions for an armageddon. Back then he wailed about the "recently published [virus] source code for the Dark Avenger Mutation Engine." Gibson declared it "nothing less than a first-class code kernel that can be tacked onto any existing or future virus to turn it into a nearly impossible to detect self-encrypting virus." If you don't know about the Dark Avenger Mutation Engine, don't worry. It died soon after birth. But hey, it made for some great headlines back then. "My examination of a sample virus encrypted by the Mutation Engine" — Gibson's autopsy skills were self-legendary even in 1992 — "revealed alarming capabilities. Not only do the Dark Avenger Mutation Engine viruses employ all of the capabilities I outlined in last week's column, but they also use a sophisticated reversible encryption algorithm generator." Hmmm. Makes you wonder what an irreversible encryption algorithm looks like, doesn't it? Gibson went on to babble some boring technical details. Then:

It is clear that the game is forever changed; the sophistication of the Mutation Engine is amazing and staggering. Simple pattern-matching virus scanners will still reliably detect the several thousand well-known viruses; however, these scanners are completely incapable of detecting any of the growing number of viruses now being cloaked by the Dark Avenger Mutation Engine.

Translation: antivirus software could no longer save the world from evildoers as of 1992. "So what can we ultimately do to thwart current and future software viruses? After brainstorming through the problem with some of our industry's brightest developers and systems architects," Gibson declared, "I've reached several conclusions. First, scanning for known viruses within executable program code is fundamentally a dead end." "Nearly impossible to detect." "Alarming capabilities." "The game is forever changed." "Amazing and staggering." "Completely incapable." "Fundamentally a dead end." Gibson mastered the art of trigger phrases at least nine years ago.
"THE DETECTORS CAN only find the viruses they are aware of, and new developments such as the Mutation Engine render even these measures obsolete," Gibson blabbed. "With time the viruses will simply circumvent the detectors, at which time the detectors will only misfire," he brazenly predicted.

"Only a next-generation protected-mode operating system can enforce the levels of security required to provide complete viral immunity," Gibson declared in 1992.

Sadly, all of those next-generation products include ... raw sockets! Memo to Gibson: be careful what you wish for.

Scanning for known viruses within executable program code remains the standard in today's most popular antivirus software. This leads us to ask an utterly obvious question. "Why didn't virus writers take over the world as predicted?" Gibson himself believed no weapon back then could strike down the Dark Avenger Mutation Engine ... yet the computing world thrives fully nine years after he labeled it a sitting duck. Computer users and antivirus venture capitalists still think inside the box after all this time. Those who think outside the box (Central Command and Tegam and Finjan and MessageLabs come to mind) play a tiny role in the antivirus world. Yet Gibson's prophesy of doom remains unfulfilled. Go figure. Gibson's 1992 tirade included an obligatory slam against a Microsoft operating system. "The Achilles' heel of our current DOS-based PC is its entirely unprotected nature," he wailed. "As long as executable programs (such as benign and helpful system utilities) are able to freely and directly access and alter the operating system and its file system, our machines will be vulnerable to deliberate attack." Hmmm. I can't really argue with Gibson on this point. His decade-old flagship product works only because it can "freely and directly access and alter the operating system and its file system." Antivirus vendor Symantec made a fortune in the early days because their then-flagship product, Norton Utilities, enjoyed the same techno-freedoms. And of course, antivirus software itself demands unrestricted system access. "Only a next-generation protected-mode operating system can enforce the levels of security required to provide complete viral immunity," Gibson declared in 1992. Sadly, all of those next-generation protected-mode operating systems include ... raw sockets! Memo to Gibson: be careful what you wish for.
WE LONG AGO surpassed the "several thousand" different viruses Gibson mentioned in 1992. Today's number now approaches sixty thousand. Popular antivirus software detects known viruses just as it did nine years ago, yet we continue to avoid an armageddon. The "amazing and staggering" Dark Avenger Mutation Engine exists only as a long-forgotten prophesy of doom. As for Gibson? Oh, he continues to predict the end of the world. And reporters adore him for it. They love it when he shouts trigger phrases. He's a media darling, you know.