Section: Scientific Foundations

Computer Virology

From a historical point of view, the first official virus appeared in 1983 on Vax-PDP 11. In the very same time, a series of papers was published which always remain a reference in computer virology: Thompson  [75] , Cohen  [43] and Adleman  [32] .

The literature which explains and discusses practical issues is quite extensive, see for example Ludwig's book  [64] or Szor's one  [73] and all web sites...But, we think that the best references are both books of Filiol  [47] (English translation  [48] ) and  [50] . However, there are only a few theoretical/scientific studies, which attempt to give a model of computer viruses.

A virus is essentially a self-replicating program inside an adversary environment. Self-replication has a solid background based on works on fixed point in λ-calculus and on studies of Von Neumann [79] . More precisely we establish in  [38] that Kleene's second recursion theorem  [62] is the cornerstone from which viruses and infection scenarios can be defined and classified. The bottom line of a virus behavior is

  1. A virus infects programs by modifying them

  2. A virus copies itself and can mutate

  3. Virus spread throughout a system

The above scientific foundation justifies our position to use the word virus as a generic word for self-replicating malwares. (There is yet a difference. A malware has a payload, and virus may not have one.) For example, worms are an autonous self-replicating malware and so fall into our definition. In fact, the current malware taxonomy (virus, worms, trojans, ...) is unclear and subject to debate.