Fred Cohen

Last updated
Frederick B. Cohen
Alma mater University of Southern California (Ph.D., 1986)
University of Pittsburgh (M.S., 1980)
Carnegie-Mellon University B.S.E.E., 1977) [1]
Known for Computer virus research
Scientific career
Fields Computer virology

Frederick B. Cohen (born 1956) is an American computer scientist and best known as the inventor of computer virus defense techniques. [2] He gave the definition of "computer virus". [3] Cohen is best known for his pioneering work on computer viruses, the invention of high integrity operating system mechanisms now in widespread use, and automation of protection management functions.

In 1983, while a student at the University of Southern California's School of Engineering, he wrote a program for a parasitic application that seized control of computer operations, one of the first computer viruses, in Leonard Adleman’s class. He wrote a short program, as an experiment, that could "infect" computers, make copies of itself, and spread from one machine to another. It was hidden inside a larger, legitimate program, which was loaded into a computer on a floppy disk.[ citation needed ]

One of the few solid theoretical results in the study of computer viruses is Cohen's 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses. [4]

Cohen also believed there are positive viruses and he had created one called the compression virus which spreading would infect all executable files on a computer, not to destroy, but to make them smaller. [5]

During the past 10 year[ when? ] of his research work, Fred Cohen wrote over 60 professional publications and 11 books. [6]

Papers

Related Research Articles

<span class="mw-page-title-main">Computer worm</span> Self-replicating malware program

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

In computing, a Trojan horse is any malware that misleads users of its true intent by disguising itself as a standard program. The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.

The Morris worm or Internet worm of November 2, 1988, is one of the oldest computer worms distributed via the Internet, and the first to gain significant mainstream media attention. It resulted in the first felony conviction in the US under the 1986 Computer Fraud and Abuse Act. It was written by a graduate student at Cornell University, Robert Tappan Morris, and launched on 8:30 p.m. November 2, 1988, from the Massachusetts Institute of Technology network.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptosystems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

Elk Cloner is one of the first known microcomputer viruses that spread "in the wild", i.e., outside the computer system or laboratory in which it was written. It attached itself to the Apple II operating system and spread by floppy disk. It was written around 1982 by programmer and entrepreneur Rich Skrenta as a 15-year-old high school student, originally as a joke, and put onto a game disk.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

Stoned is a boot sector computer virus created in 1987. It is one of the first viruses and is thought to have been written by a student in Wellington, New Zealand. By 1989 it had spread widely in New Zealand and Australia, and variants became very common worldwide in the early 1990s.

<span class="mw-page-title-main">Robert Slade</span> Canadian information scientist

Robert Michael Slade, also known as Robert M. Slade and Rob Slade, is a Canadian information security consultant, researcher and instructor. He is the author of Robert Slade's Guide to Computer Viruses, Software Forensics, Dictionary of Information Security and co-author of Viruses Revealed. Slade is the author of thousands of technical book reviews, today published on the techbooks mailing list and in the RISKS Digest, and archived in his Internet Review Project. An expert on computer viruses and malware, he is also the Mr. Slade of "Mr. Slade's lists".

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

<span class="mw-page-title-main">Microsoft Security Essentials</span> Discontinued antivirus product for Microsoft Windows

Microsoft Security Essentials (MSE) is a discontinued antivirus software (AV) product that provides protection against different types of malicious software, such as computer viruses, spyware, rootkits, and Trojan horses. Prior to version 4.5, MSE ran on Windows XP, Windows Vista, and Windows 7, but not on Windows 8 and later versions, which have built-in AV components known as Windows Defender. MSE 4.5 and later versions do not run on Windows XP. The license agreement allows home users and small businesses to install and use the product free of charge.

Andries Evert Brouwer is a Dutch mathematician and computer programmer, Professor Emeritus at Eindhoven University of Technology (TU/e). He is known as the creator of the greatly expanded 1984 to 1985 versions of the roguelike computer game Hack that formed the basis for NetHack. He is also a Linux kernel hacker. He is sometimes referred to by the handle aeb.

<span class="mw-page-title-main">Operation Denver</span> KGB disinformation campaign claiming that HIV was a U.S. bioweapon

Operation Denver was an active measure disinformation campaign run by the KGB in the 1980s to plant the idea that the United States had invented HIV/AIDS as part of a biological weapons research project at Fort Detrick, Maryland. Historian Thomas Boghardt popularized the codename "INFEKTION" based on the claims of former East German Ministry for State Security (Stasi) officer Günter Bohnsack, who claimed that the Stasi codename for the campaign was either "INFEKTION" or perhaps also "VORWÄRTS II". However, historians Christopher Nehring and Douglas Selvage found in the former Stasi and Bulgarian State Security archives materials that prove the actual Stasi codename for the AIDS disinformation campaign was Operation Denver. The operation involved "an extraordinary amount of effort — funding radio programs, courting journalists, distributing would-be scientific studies", according to journalist Joshua Yaffa, and even became the subject of a report by Dan Rather on the CBS Evening News.

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, multiple independent news organizations recognize Stuxnet to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

The notion of a self-reproducing computer program can be traced back to initial theories about the operation of complex automata. John von Neumann showed that in theory a program could reproduce itself. This constituted a plausibility result in computability theory. Fred Cohen experimented with computer viruses and confirmed Neumann's postulate and investigated other properties of malware such as detectability and self-obfuscation using rudimentary encryption. His 1988 Doctoral dissertation was on the subject of computer viruses.

ANTI is a computer virus affecting Apple Macintosh computers running classic Mac OS versions up to System 6. It was the first Macintosh virus not to create additional resources within infected files; instead, it patches existing CODE resources.

Fileless malware is a variant of computer related malicious software that exists exclusively as a computer memory-based artifact i.e. in RAM. It does not write any part of its activity to the computer's hard drive, thus increasing its ability to evade antivirus software that incorporate file-based whitelisting, signature detection, hardware verification, pattern-analysis, time-stamping, etc., and leaving very little evidence that could be used by digital forensic investigators to identify illegitimate activity. Malware of this type is designed to work in memory, so its existence on the system lasts only until the system is rebooted.

References

  1. Cf. CV at all.net
  2. A short biography
  3. Cohen, Fred (1984). "Computer Viruses - Theory and Experiments" . Retrieved January 13, 2014.
  4. An Undetectable Computer Virus (academic paper)
  5. Burger, Ralph, 1991. Computer Viruses and Data Protection, pp. 19-20
  6. "Interview Fred Cohen". Archived from the original on 2014-01-13. Retrieved 2014-01-13.