Book Review:
It's Alive! The New Breed of Living Computer Programs
by Frederick B. Cohen
John Wiley & Sons
160 pages
ISBN: 0-471-00860-5

Review by
Douglas Crockford
Electric Communities

What is multimedia? Is it function buttons obscuring a distracting picture? Is it shovelware stamped onto a CD-ROM? Or is it just an assortment of technologies and techniques, some that are thrilling and powerful, and others that are worse than useless? Which brings us to Dr. Frederick B. Cohen's book of popular computer viruses, It's Alive!

Cohen claims that computer viruses are living things, and attempts to prove it by fooling around with an inadequate definition of "life." The reasoning goes something like this: If fire and chain letters are alive, then computer viruses are alive, too. His definition of life has holes big enough to drive a truck through. After all, a truck has locomotion; it consumes fuel; it produces waste; it ages with time; it even reproduces itself through a symbiotic relationship with the people living within it. I'm not making this up. It's on page 17.

What is life? "Life" is one of those words (like "love," "art," "time," "obscenity," and "multimedia") for which there is no completely adequate definition, even though we make constant use of it and the concepts behind it. We manage to understand each other pretty well, even when we use terms which resist definition. A remarkable thing, that.

Cohen's real purpose is to legitimize the field of computer viruses. The definitional games are intended to justify a more acceptable handle for computer viruses, namely "live programs," which are in some sense as alive as living bras. He knows that the threat of computer viruses sends chills down our spines. He is hopeful that if he can get acceptance of a friendlier synonym for "computer virus," then we will learn to stop worrying and love the bug.

Cohen claims that no general purpose computer can ever prevent viruses from spreading unless it prevents the sharing of information or the writing of programs. He writes that he proved this in 1985, but that the proof is too boring to repeat in this book. As a practical matter, as long as we live in a Unix[1] and Windows[2] world, I agree that we'll always be plagued by viruses. However, I am optimistic that it is possible to build reliable systems. I am doubtful that his 1985 proof is as correct as it is boring.

Cohen defines two types of computer viruses: benign and malicious. The difference, as far as I can tell, is in the intent of the hacker. Benign viruses can and have been as destructive as malicious viruses. Cohen even cites an example of his own benign virus which corrupted every /etc/passwd file on his network. He dismisses the damage and inconvenience his live program caused, perhaps because the harm was unintended.

He includes source code for a few virulent shell scripts. The scripts each contain an IF statement that Cohen calls a "safety," which is intended to keep the virus scripts in check. He warns: "Even experienced researchers in this field have let viruses get away from them, but with these safeties in place, the only way a virus can escape is through neglect or malice." This is not reassuring.

Cohen's particular interest is in computer viruses that evolve, hoping to prove the fundamental possibility of efficiency significant enough to balance out the inherent risks. But of course that won't happen. There are better ways to develop adaptive, distributed programs. Systems based on agoric principles, for example, may achieve the fabled efficiency without the risks. And more fundamentally, the risks are intolerable. Reliability and integrity are much too important to trade away. And while evolution is a really cool thing, it follows its own purpose.

Cohen makes many of the same claims for the ultimate potential of his evolving viruses as used to be made for AI. The difference is that computer viruses are not expected to be intelligent.

This book may be of interest to novice virus hackers, and there are a few passages about Commander Data that might be of interest to very hardcore trekkies.

I should confess a bias that I have: I have been the victim of computer viruses. I hate them. Viruses are bad, nasty, wicked things. They are terrorism without motive. There is no ransom, no negotiation, no recognition, no gain, just anonymous, automatic acts of evil. Viruses benefit no one, except perhaps the people who sell virus remedies and a few consultants, including Cohen, who in this book has nothing bad to say about them. I think it is consistent with his view to say: They aren't bad programs...they're just misunderstood.

The book comes with a floppy. Mine is still sealed safely in its little prophylactic, glued to the back of the book. There is no way that I'm going to run one of Cohen's programs on my computer. No way.

[1] Unix was a trademark of AT&T.
[2] Windows might possibly be a trademark of Microsoft Corporation.