Q&A with Ray Tomlinson on Creeper “Virus”

by js on

In the course of writing a research paper on possible new methods to reduce and eradicate computer virus threats, I came across a bit of intriguing history whose available details did not satisfy my curiosity, and I needed to know more than what the internet had to offer. The event in question was the creation of Creeper, a piece of software created in 1971 by Bob Thomas that has since been commonly accepted as the world’s first computer virus. What Wikipedia and the rest of the internet will tell you is that Creeper was created to “infect” computers running the TENEX operating system on ARPAnet, the predecessor to the internet. It would cause the machine to print “I’M THE CREEPER. CATCH ME IF YOU CAN.” Then Ray Tomlinson created Reaper whose sole purpose was to seek out and remove Creeper from the machines it had “infected”– so all at once, the first virus (more accurately a worm, if that) and the first helpful worm were created.  However, I’m beginning to think journalistic sensationalism has turned Creeper into something it’s not, especially by today’s standards– that is, malware. Regardless, this was all still interesting.

Ray Tomlinson -- Creator of email and the Reaper "virus"I wanted to know more, though. Why was Creeper created in the first place? Did it cause problems? Was it an annoyance?  Should it really be considered the first virus? So I found contact information for Ray Tomlinson, asked him if I could ask a few questions about Creeper and Reaper, and he very kindly obliged. Below is an email Q&A session with Ray himself, and I think the details he reveals about this piece of history are very interesting and enlightening; they also cast it in an entirely different light. Also, Ray sent me a link before I asked him my questions that contained the best information I could thus far find online; this information helped me form some of these questions in a better way as it helped me realize that Creeper wasn’t a malevolent or even jovial practical joke as it is sometimes painted. The link he sent is available here.

Q. The Creeper started out as more of an experiment according to available resources. What happened that led up to this experiment? Do you know what Bob Tomas’ motives were? Or was it more of a spur of the moment thing on Bob’s part?

A. The contract that Bob was working on was to develop a resource-sharing capability (named RSEXEC) so that users could develop applications that could move to and run on another computer. The motive being to run on a computer that was lightly loaded — a computer on the west coast where it is still early morning rather one on the east coast where everyone is busily computing away, or to run on the computer that has the data that needs processing rather than moving all the data to the user’s computer. Creeper was a demonstration of this capability. Creeper moved because it could, not because it was advantageous to do so. It was a demo and wouldn’t be very interesting if it didn’t do anything.

Q. You’re credited with altering the Creeper at least in such a way so that it would sometimes replicate itself instead of simply “jumping”.  Was there more to it than that? What was the motive behind altering the Creeper? And how did you “capture” it when it at the time was only jumping from one machine to another, one at a time?

A. I don’t recall specifically why replication seemed interesting. I think I envisioned applications where one thing leads to another. For example, an application analyses data that indicate the existence of additional data located elsewhere so it splits off an alter ego to go process that data while the existing instance continues the analysis of the data in hand. In such a case the applications instances would naturally terminate as they concluded their analyses so capture was not necessary as long as there were no malfunctions. But, software has bugs. For example, the application might fail to realize it had already visited a data set and run forever repeatedly replicating and jumping from site to site. This possibility led to Reaper, which went looking for instances of Creeper to terminate them. It had the problem of knowing when its job was finished, but it was a simple program so it could keep track of the hosts it was visiting and since there were only 28 or so it would be pretty trivial to visit them all unless the network became disconnected.

Q. Do you know about how many machines the Creeper infected?

A. “Infected” is journalistically interesting, but inaccurate. Creeper was more like an allergy test than a common cold. But, to answer the intent of your question, no more that 28 machines could have been visited by Creeper since that is the number of ARPAnet sites running the TENEX operating system at the time.

Q. Did Creeper ever cause any unintended problems on any or all of the systems it infected?

A. No.

Q. Creeper is generally attributed as the world’s first virus. Of course computer viruses didn’t exist when the Creeper was hopping around, so it wasn’t called a virus until later. How do you feel about its classification?

A. The terminology is squishy and evolving. Technically, Creeper was a “worm”. It was its own vector moving itself from machine to machine. Viruses need a vector such as a floppy disk (a highly advanced data storage device at the time and so very uncommon) or thumb drive. There is also the issue of intent. In the present day, viruses (and worms) are regarded as malevolent by all except those for whom they are tools for their illegitimate purposes. This was not the case in the days of Creeper. The community was small and malicious activity was not tolerated so Creeper was at most a neat hack. (Even “hacking” has evolved in meaning; hacking was good then, now — not so much.)

Q. According to other online resources, the main way one could know if a machine had run or was currently running Creeper was to see the following printed out: “I’M THE CREEPER. CATCH ME IF YOU CAN.” Do you know what the general reception of Creeper was of the other owners/operators of TENEX machines on ARPAnet? Did they recognize the positive capabilities that Creeper was built to demonstrate, or was it seen as more of an annoyance in the end?

A. The operators of these other machines were collaborators in this effort. We needed their permission to install RSEXEC in the first place. Since the demo did nothing else interesting we only ran it a few times mostly on our own machines for debugging and then a couple of times to make sure it worked in the wider context and finally a couple of times for the demo itself. So it never became a nuisance.

Q. I see on the link you had sent me that Creeper was mainly intended as a demonstration of the ability for applications to be moved from one machine to another on the ARPAnet in order to more or less distribute computing load between machines running out of resources and machines that were idle or minimally in use. Was this idea picked up in later projects?

A. Not so much. The power of computers and networks advanced quickly enough that the economic benefit it provided never truly dominated the simpler solution of buying another computer or moving the data around.

Q. What do you think about the way the world is moving further and further into cloud computing?

A. Cloud storage and computing is a very nice solution to many kinds of problems. It stumbles when it comes to sensitive data and application.

Q. You solely created the Reaper to eradicate the Creeper, yes? What was the motive behind creating the Reaper?

A. The motive was purely to get the satisfaction of having done it.

Q. How did the Reaper track down and remove Creeper through the network?

A. The RSEXEC provided an API so an application could package itself and its data up and ship itself to another RSEXEC instance on another computer which would unpack and fire up the application on the other computer. That is RSEXEC provided the infrastructure for the purpose. Creeper and Reaper were not subverting some other mechanism to achieve their ends.

Q. The Creeper would be considered a benign virus today in comparison with the thousands of different kinds of malevolent viruses constantly moving about networks. Have you ever thought about the implications if someone developed a Reaper of sorts (or multiple types of Reapers, as it would likely have to be) that would track down and remove these viruses from networks in today’s world? Do you think it may be a plausible way to reduce the virus problem?

A. I haven’t thought about it, but now having done so for about 45 seconds, I don’t think it is practical.

Q. This is sort of unrelated, but I’m curious. I keep an old Macintosh Plus from 1986 and pull it out once in a while for sentimental reasons—I grew up with the machine, and they just don’t make them like that anymore. Do you own any archaic technology for sentimental purposes?

A. Not really. I do have a circuit board from a personal computer I designed and built back around 1979, but it is useless without everything else around it.

Q. If you do keep any archaic technologies, do you happen to still have code from Creeper, Reaper, or other original projects from back in the day of the technological frontier? If not you, then perhaps BBN or other companies might have some of these old projects stored away somewhere?

A. No code, either.

Q. I sometimes like to imagine myself in an ARPAnet world—blazing technological trails and exploring or creating capabilities. Do you ever miss the days of the wild technological frontier? If so, are there specific things that you miss? If not, are there specific reasons why?

A. What I miss most is the uniqueness of that time and being on the frontier — doing things that no one else could do or wanted to do. There are new frontiers, but they don’t seem quite the same. I’m not sure why. Perhaps it is just the passing of four decades.

Q. Are there any other thoughts you’d like to share—on this subject or otherwise?

A. Not that I can think of…