Here’s a blast from the IT past of Japan:
The Ministry of Economy, Trade and Industry (METI) of Japan published a guideline on what to do to prevent computer systems from getting infected with malware and what to do when they are infected.
You can find the guide here: コンピュータウイルス対策基準
The guide was first published in 1995 and last updated in December 2000. That that doesn’t change much about how malware behaves, and how to keep your devices from getting infected.
Here’s their definition of a computer virus right in the beginning:
(1)自己伝染機能
自らの機能によって他のプログラムに自らをコピーし又はシステム機能を利用して自 らを他のシステムにコピーすることにより、 他のシステムに伝染する機能(2)潜伏機能
発病するための特定時刻、一定時間、処理回数等の条件を記憶させて、発病するまで 症状を出さない機能(3)発病機能
プログラム、データ等のファイルの破壊を行ったり、設計者の意図しない動作をする 等の機能
Which roughly means:
- A computer virus can copy itself to other places and spread.
- The computer virus lays dormant until a certain moment and tries to be undetectable.
- After laying dormant, the virus emerges and destroys files or performs other actions that the user did not intend.
Looking, for example at the Mirai malware described on Wikipedia, we see that
[1.] Mirai […] identifies vulnerable IoT devices […] and logs into them to infect them. […]
[2.] Infected devices will continue to function normally, except for occasional sluggishness […]
[3.] […] monitor a command and control server which indicates the target of an attack. […]
That has more or less been the same for the last 30 years then.
What are some of the tips that the METI has in terms of prevention?
Use a difficult to guess password:
不正アクセスによるウイルス被害を防止するため、パスワードは容易に推測されない ように設定し、その秘密を保つこと。
Don’t share your credentials with other people:
不正アクセスによるウイルス被害を防止するため、システムのユーザIDを共用しな いこと。
Don’t leave your devices unlocked for other people to use:
システムを悪用されないため、入力待ちの状態で放置しないこと。
Don’t use software that you don’t trust or don’t know where it comes from:
ウイルス感染を防止するため、出所不明のソフトウェアは利用しないこと。
Make backups so you don’t lose your files:
ウイルスの被害に備えるため、ファイルのバックアップを定期的に行い、一定期間保 管すること。
Some other things show their age, charmingly, like calling anti-virus software “vaccines”.
If anything, this makes documents like these serve as a historical artifact showing us what cybersecurity threats users in the 90s had to deal with.