1997 Interview with Mr.Alex Haddox,Product Manager of Symantec AntiVirus Research Center (SARC) Q: An active speaker and lecturer on virus related topics worldwide, member of some of the most prestigious Virus Forum Boards in the world which include the Advisory Board for Virus Bulletin and the National Computer Security Association Antivirus Developers Council (NCSA AVPD) AND most importantly a world-recognized virus researcher and expert. Mr. Alex Haddox, Product Manager of Symantec AntiVirus Research Center (SARC) will be answering our questions. Q: When and what exactly made you choose a line that was devoted to "undoing" the damages of malacious programmers? Alex Haddox: I've always liked puzzles, and computers were a big hobby of mine. When I came down with my first computer virus back in 1989, it just came all together. When I started my career with Symantec, "official" computer virus research really caught my attention and I've been doing it ever since. Q: And you have been doing a great job with that! :) Q: Nearly every user knows or has at least heard about viruses. However many people still get confused between user errors and viruses. What is your definition of a virus and what exactly does a virus do? Alex Haddox: A virus is something very specific and defined. A virus is a program, _written_ by someone, to move from host program to host program and computer to computer without the user's knowledge or consent. Computer viruses don't happen by accident. They are not some sort of mutation of a good program...they have to be written with the intent of being a virus. Unfortunately, it is difficult for the novice user to discern between a program crashing and virus activity. When the virus conflicts with a good program (like your word processor) it can cause errors that look IDENTICAL to a standard crash. Q: Could you give our audience an insight into how exactly does your research team go about isolating, identifying and bringing out a possible cure for a "new" type of virus? Alex Haddox: At SARC (the Symantec AntiVirus Research Center), we have the largest dedicated anti-virus research team in the world. We have around 30 members, worldwide and a $4 million annual budget. Our offices are located in Santa Monica, CA (WW HQ), Tokyo, Japan; Sydney, Australia; and Leiden, The Netherlands. We gather virus samples for all sorts of sources, including the Internet, banks, government, online services, corporations and end users. We use our artificial intelligent systems to automatedly analyse the samples, or in the case of the more difficult ones, our researchers pick them apart by hand. Using either method, the goal is to discover the unique feature of the virus, the "fingerprint" and build a database of that knowledge for our programs, The Norton AntiVirus. We then make that protection database of detection and repair information available to our customers, for free, each month. Q: Which type of viruses do you think present the maximum amount of danger to users operating computers? And why? Alex Haddox: The greatest threat we see today, without a doubt, is Macro Viruses. Macro viruses are the latest class of computer virus, first discovered, by Symantec, in August of 1995. Historically, viruses were restricted to attaching themselves to program files (executable). These were the only file types that had the "hooks" required for viruses to attach themselves. Viruses work like parasites and piggyback/attach themselves to a viable host. With macro viruses, MS Word documents became viable hosts. The macro language, based on Visual Basic, became powerful enough to provide those "hooks." Viruses now had the opportunity to travel along with the most commonly traded files in the world - information files in the most popular data format: MS Word and Excel. Q: In your opinion, why do you think people design viruses? How exactly would you suggest that these people be tackled and should be dealt with? Do you think virus programmers should undergo the criminal proceedings? (internationally) Alex Haddox: That is a long answer... but in short: Virus writers have no goal other than self promotion and/or random destruction. And from my understanding, deliberate destruction of someone else's property is criminal in any country. We have to update the laws to include better representation of "intellectual" and electronic property.