Computer viruses and antivirus software have been intertwined since the dawn of the Internet, with the first iteration of what would evolve into McAfee antivirus emerging in 1987, just four years after the Internet’s inception. For many users, antivirus software often feels like an unwelcome guest, consuming valuable computer resources and generating perplexing pop-ups. Yet, these tools are indispensable, as nearly every computer today is safeguarded by some form of antivirus software, whether integrated into the operating system or sourced from third-party providers. Despite their prevalence, the intricacies of how these antivirus solutions are developed remain a mystery to many.
Insights from a Pioneer
Paul A. Gagniuc, a professor of bioinformatics and programming languages at the University Politehnica of Bucharest, is on a mission to illuminate this obscured domain. His fascination with viruses and antivirus software began in childhood, and it culminated in the publication of his book, Antivirus Engines: From Methods to Innovations, Design, and Applications, last October. In this work, he delves into the technical nuances of malware and strategies for combating it, drawing from his own experience of developing an antivirus engine from the ground up in the mid-2000s.
In a recent conversation with IEEE Spectrum, Gagniuc shared his journey as a lifelong computer enthusiast, discussing the evolution of antivirus software, the impact of cryptocurrencies on malware, and the challenges that lie ahead in the ongoing battle against cyber threats.
The Genesis of Interest
Paul Gagniuc: “Growing up during the Internet’s formative years felt like navigating a wild frontier, rife with security challenges. The field of cybersecurity was nascent, and even children had access to sophisticated open-source software. Understanding malware granted me a sense of empowerment, prompting me to explore coding from a young age. By the age of 12, I was already experimenting with various virus codes—not with malicious intent, but as a means of self-defense. My journey into antivirus development began in earnest around 2002, leading to the creation of Scut Antivirus between 2006 and 2008. While I was adept at programming, the business side of things proved challenging, as I lacked the necessary acumen.”
Technical Innovations
Gagniuc: “Scut Antivirus distinguished itself through its speed and minimal resource consumption. Unlike many contemporaneous solutions that bogged down user experience, my antivirus was designed to be nearly invisible, addressing a significant user concern.”
When it comes to the mechanics of antivirus software, Gagniuc explains, “The detection process involves extracting a snippet of code from a virus and cataloging it within an antivirus database. However, managing millions of distinct malware files poses a challenge. Older malware is often purged from databases as it becomes less relevant, while newer threats are prioritized. The Aho-Corasick algorithm, developed in the 1970s, facilitates rapid signature checks against suspected files, enabling the detection of numerous viruses simultaneously.”
The Evolution of Malware
Gagniuc notes a significant shift in the malware landscape, particularly with the advent of Bitcoin. “Before 2009, malware was diverse, with various types serving specific purposes. Ransomware existed but was largely playful, as it required a means of payment that was traceable. The introduction of Bitcoin changed everything; it allowed hackers to operate anonymously, transforming all types of malware into ransomware.”
Looking Ahead
Gagniuc: “While the future of antivirus software remains uncertain, its necessity is undeniable. Antiviruses are here to stay, and the integration of artificial intelligence will likely play a pivotal role in their evolution. However, I harbor concerns about a potential loss of technical knowledge. Since around 2008, there seems to have been a decline in the proficiency of young engineers, with many focusing solely on high-level languages like Python, which limits their understanding of lower-level programming concepts. This trend could lead to a de-professionalization in technology.”
When asked if his book aims to address this knowledge gap, Gagniuc responds, “Absolutely. By sharing experiences and insights, we can counteract this loss of expertise. Even if my work primarily serves an audience of artificial intelligence, it contributes to a broader understanding of the field.”
