Nachenberg has produced a reasonably clear and succinct, although poorly edited, overview for the nonspecialist of the current status of the conflict between those who create computer viruses and those who wish to avoid becoming their victims.
Early computer viruses were easy to detect because they occurred in predictable places and bore unchanging code that simple antivirus programs could find and eliminate. As antivirus programs became more effective, virus writers countered by developing techniques that allowed their products to escape detection. The cycle of threat and response continues today. “Coevolution” is the author’s apt term for the never-ending threat-response cycle in which attackers and defenders engage. The term is consistent with the biological metaphor implicit in the term “computer virus.”
The author calls viruses of the newest type he describes “polymorphic,” because their code changes as they propagate. They encrypt their invariant code under different keys for each instantiation. Even the embedded decryption routines vary, because they are made up of different sequences of instructions with the same effect. The antivirus programs that can detect polymorphic viruses use what the author calls “generic decryption”: they emulate the target computer to produce the underlying invariant code without actually executing it.
The author ends with some speculation about the inevitable next rounds in this war without end. His well-grounded speculation will, regrettably, not fill readers with optimism.