Following my blog at http://www.eset.com/threat-center/blog/2009/12/18/a-trojan-anniversary, I came across a blog by Kurt Wismer that picked up the theme. As it happens, though I don't think we've ever met, Kurt and I have corresponded from time to time for quite a few years (fourteen, apparently), so I guess it's not so surprising that he also dates his entry into the anti-malware field back to 1989.

Kurt also pointed out that Eddy Willems (another veteran of alt.comp,virus) also posted a blog in which he too dates his entry into the field to 1989: apparently the AIDS Trojan was even more of a baptism of fire for him, After all the years I've been meeting Eddy at conferences, I can't believe we never compared notes on our "entry points" before, but then, the big conferences are often like those parties where you get to to talk to people for two minutes at a time till they wander off to another corner of the room to top up their drinks. Like speed-dating, but without the commitment. ;-)

I'm sure I've recommended Kurt's blog at http://anti-virus-rants.blogspot.com/ here before and will again. He made an interesting point: was there a particular significance in events in 1989 that sparked people's interest in the field? Well, clearly Eddy and I had a push from Dr. Popp, but a sample of three is kind of small to come to conclusions on. However, it happens that there was a thread on an industry list back in the summer about this.

While I can't quote individuals because of the nature of the list, it certainly seems that there was a cluster of people from "our" generation entering the field between 1988 and 1991 (there were, of course, people who'd been in the field for some years before, and new people are coming in all the time). Most people were kickstarted by a close encounter with a specific instance of malware, though it wasn't always a big name like the Morris Worm or the AIDS Trojan. (Many took the route into analysis and development. Personally, I took a more convoluted route by way of systems administration: by 1991 I was building shell systems to make fairly basic scanners more "real-time" but always found myself being steered back to user support and documentation.)

Even though I think you can look at specific malware in retrospect and think "Ah, that was an indicator of things to come" (as I did in my earlier blog with the AIDS Trojan), I think Kurt is probably right when he suggests that the real significance of that particular period is that "that's about when awareness of the malware problem ... was reaching the critical mass necessary to entrench itself firmly in the general public's consciousness - first as an obscure curiosity, but as an increasingly real and oftentimes personal annoyance ..."

David Harley
Director of Malware Intelligence