Lifelong Fighting Against Computer Viruses
By Ning Ken
One day in 1996,Wang Jiangmin took a ride in a yellow taxi to Zhongguancun,a technology hub in Haidian District,Beijing,where he was hired to tackle a computer virus.Computers were still in an early stage at that time,and so were computer viruses.No one had ever thought at that point that cyber security could be a lifelong career.
Fighting with Disability
At 3 years old,Wang suffered from polio and lost the use of his legs.He had always believed that disability shouldn’t be a habitual excuse for not fighting in life—it was irrelevant for fighters like Wang.
While most advised against climbing and cycling,he decided to do just that,fighting against his fate.He did everything he was told not to do—and he did even better in some areas than others without a disability.While he certainly earned many bumps and bruises,he had an explosive power and speed that was not only physical,but also intellectual.That intellectual power grew more intense and demonstrative as he got older.When he was only 11 years old and still in grade-4,Wang had already developed the hobbies of assembling gadgets and self-learning science and technology without a teacher.That year,he assembled a dual-band 8-transistor radio,transceiver,and record player.As a result,he earned the nickname of “little radioman.”
In 1989,Wang started engaging in research and development of software for industrial use.Unfortunately,as the software he developed often contracted viruses,users distrusted that he could develop good software.That year,China defined computer viruses for the first time,but Wang had already discovered the Ping-Pong virus and the Stoned virus.Wang had a very instinctive sensitivity; he couldn’t help but think that while he could not remove the poliomyelitis virus from his own body,could he destroy viruses in machines?Could it be that viruses,both in his body and on computers,were his fated lifelong struggle? With these questions in mind,he decided to devote all his efforts to the fight against computer viruses.
Wang first used Debug to identify viruses manually,and then wrote a program to wipe out viruses in the 1990s.The first virus that he programmed to remove was the 1741 virus.Every time he removed a virus,he published an article in newspapers and announced his anti-virus program.As time went by,Wang had written more and more anti-virus programs.However,he felt that these separate anti-virus programs were very troublesome to operate,so he integrated six anti-virus programs into one,and named it KV6.It was later developed into a series,including KV8,KV12,KV18,and KV20.
王江民3 岁时患小儿麻痹症,腿部残疾。
有人说,腿不好不能爬山,他偏喜欢爬山;不能学骑自行车,他偏要骑。不能干什么偏干什么,有些项目甚至比常人干得还好。他常常摔得鼻青脸肿,眼冒金星,但是某种爆发力与速度惊人。不仅身体上,智力上的反对显得更加激烈。还在上小学四年级时,年仅11 岁的王江民就无师自通,攒出了双波段8 个晶体管的收音机、无线电收发机,以及电唱机,是20 世纪60年代初的小无线电人儿。
王江民先是用Debug 手工杀病毒,然后是写一段程序杀一种病毒。这时已进入20 世纪90年代,王江民第一次编程序杀的病毒是1741病毒。每杀一种病毒他就在报刊上发表一篇文章,公布这段杀毒程序。杀毒程序写多了,王江民觉得这些各自独立的杀毒程序用起来很麻烦,就把6 个杀不同病毒的程序集成到一起,命名为KV6,后来发展到KV8、KV12、KV18、KV20。
王江民的KV 系列杀毒软件虽然凶猛,但也和其他杀毒软件一样存在反应滞后的问题。当病毒刚出现尚未蔓延开来,能不能在报纸上一个星期公布一次新病毒特征码,让KV 用户自己升级?这接近防疫措施。王江民将自己的病毒防疫想法连同开放式、可扩充的KV100 软件一起寄给《软件报》,还为它起了个名字叫“超级巡警”。《软件报》认为这是一个很好的想法,1994年7月15日首次发布了《反病毒公告》。
KV100 在《软件报》上一炮打响,在没有互联网和光盘传播的时候,报纸的《反病毒公告》发挥了巨大作用。很多单位的主管要求计算机管理员把每一期报纸上的《公告》都剪下来,把新病毒特征码加上去。王江民如同防疫站的首席科学家,声名鹊起,令人信赖。
Although Wang’s KV series of anti-virus software functioned strongly and robustly,they suffered the shortcoming of lagging response,as with all antivirus software.He then came up with a countermeasure code that worked on viruses that had not yet spread—if he could publish the new virus attribute code in newspapers once a week,then users could upgrade their KVs themselves.This countermeasure seemed like an epidemic prevention measure.Wang sent his anti-virus ideas together with his open and expandable KV100 design to a newspaper called“Software Weekly,” and named his anti-virus software the “Anti-Spyware Toolkit.”Software Weeklythought highly of his idea and published an “Anti-Virus Bulletin” for the first time on July 15,1994.
KV100 was a hit inSoftware Weekly.In a time when the Internet had not come into being and there was a lack of CDROMs in China,the newspaper’s“Anti-Virus Bulletin” played a big role.In many companies and organizations,directors even required their computer managers to keep up with the posts from every issue of the newspaper and update new virus attribute codes from time to time.Wang Jiangmin,like a chief scientist at an epidemic prevention station,rose to fame and became a trusted name in the field.
March into Zhongguancun
When Wang Jiangmin first contacted Huaxing Company through a friend’s introduction,Huaxing had not yet realized the great value of KV100 then.One day,in a large foreign company’s branch in China,more than 20 computers were unexpectedly hit by a virus.The hard disks of the computers could not be booted as a result.The employees seemed stuck in limbo,as contracts valued over one hundred million dollars could not be printed out for the parties to sign.They were desperate for someone who could remove the virus.However,even the most pioneering anti-virus software developed by foreign countries had failed to meet the challenge.Without other means available,the company had to convene a meeting of computer service companies to seek help,and promised that in the future it would buy products from whoever could help solve the problem.Huaxing was one of the company’s hardware suppliers.Hearing the news,Huaxing made a longdistance call to Wang,and also hired an American anti-virus expert for 20,000 US dollars.When Wang came to the company in Beijing,he was just scoping the scene,while the American expert was investigating the virus.
As more of a “back-up expert,”Wang waited in the lounge for more than an hour.He was so bored that he went to the toilet several times.Seeing his physical inconvenience,a serviceman came forward to help him.However,Wang refused politely.He never wanted help.
In the end,the handsome American expert was not handsome at all,but kept snarling inside the room:“No! No!Format! Format!” He yelled with frustration and finally stormed out angrily.
It was Wang’s turn.He quickly identified that the machine had contracted the Torch virus.This virus only erased the disk partition table (DPT) and didn’t destroy data.In just 10 minutes,he successfully rebooted the virus-contracted machine.In over 20 minutes,he instructed the company’s employees how to remove the virus from all of the 20+ infected machines.Huaxing asked for 20 sets of KV100 from Wang and started selling them on the spot.
王江民第一次通过朋友介绍和华星公司接触时,华星公司还没特别意识到KV100 的巨大价值。有一天,一家国外大公司在华分公司的20 多台电脑突染病毒,硬盘启动不了。公司员工都傻了,几亿元的合同打印不出来,急得要命,四处找人杀毒救急,结果国外最先锋的反病毒软件都没有解决问题。没法子,该公司召集提供外围技术支持的计算机公司开了一个会,承诺谁帮助解决了这次问题,以后的硬件就从谁那儿买。作为该公司硬件供应商之一的华星公司将长途电话打到王江民这里,还请了一个美国反病毒专家,开价两万美元。王江民来到北京这家外围大公司时,正碰上美国专家在查解病毒。
轮到王江民了,他很快判定机器感染的是火炬病毒,这个病毒只抹去硬盘分区表,不破坏数据。10分钟,王江民就让病毒已经发作的机器重新启动起来;20 多分钟,王江民指导该公司的人把20 多台机器上的病毒全部清除干净。华星公司当场留下了20 套KV100,并开始接受转让,销售KV100。
为了避免市场混乱,王江民在销售KV200 时,决定由自己统一发放激光防伪,统一市场,统一价格。为了捍卫自己的权益,他用升级的办法争取主动:等硬盘分区表修复技术成熟后,把KV200 升级到KV300。也就是升级为KV300 这一年,王江民乘着那时风行北京的一辆黄色“面的”进军中关村,以50万元的资金注册了自己的公司——江民公司。
不同于别人,王江民有备而来,资金虽然不多,但凭成熟技术吃饭,足以创业。到中关村没几天,王江民就注意到中关村的商家喜欢“拼货”,就是多家经销商联起手来加大进货数额,求一个好的批发价格。他及时跟进,将批发价定得很诱人,两个“拼货”的大单子下来,就挣了100 万元。中关村的舞台太大了,仅一周他便旗开得胜。
随着互联网技术的日渐成熟,病毒本身已不是问题,问题在于病毒延伸出来的挑战。王江民反病毒,中国那些写病毒的人、制造病毒的人也在想方设法对付王江民。著名的“合肥1 号”病毒作者向王江民下了战书:他居然将KV300 解密,把“合肥1 号”嵌入KV300 之中,然后把带有“合肥1 号”病毒的KV300 解密放到网络论坛上传播。病毒发作后,“合肥1 号”病毒的作者在网上大肆宣传KV300 中藏有病毒。制病毒与反病毒的斗争被推到了台前。绝顶之上的华山论剑真实地出现在IT 江湖上。这是华山之约,王江民也如同温瑞安笔下四大名捕之“无情”,虽残疾,但风驰电掣,武功诡异绝伦,一招便将“合肥1 号”制伏于IT 业的华山之巅。
王江民把“合肥1 号”病毒杀了之后,它的作者马上在网上跳出来说:为什么只有王江民能杀这个病毒,而别人杀不了?那是因为王江民自己编了这个病毒!这个病毒应该叫KV300 病毒。他一边叫嚷,一边又炮制出“合肥2 号”病毒,这是最难解、最厉害的Joke 病毒,它有无数次变形,几乎把加密学上的所有加密手段都用上了。王江民头疼了三天,用破解密码的方法才把它杀了。
紧接着又出现“上海1 号”病毒、“上海2 号”病毒、“上海3 号”病毒。“上海3 号”干脆把病毒发作信息写作王江民的汉语拼音字母“wangjiangmin”,以恶心王江民。王江民把这三个病毒归纳了一下,出了一组反“上海病毒”的广谱代码。这之后再没有出现“上海4 号”病毒,因为这个病毒的作者所写的病毒格式,再怎么改,再怎么花样翻新,也逃不出王江民那一串《葵花宝典》般的广谱查毒代码。
2010年4月4日上午10点左右,王江民突然辞世,年仅59 岁。有人说,上帝的电脑中毒了,所以带走了王江民……
In order to protect his intellectual property and fight against piracy,he decided to uniformly label KV200 with an anti-counterfeiting laser mark and sold the new software at the same price.In order to protect his rights and interest,he also used an updating method to compete actively:He upgraded the KV200 to the KV300 after the disk partition table (DPT) repair technology was refined.In that year of the upgrading,Wang took a yellow taxi to Zhongguancun where he registered his company,Jiangmin Company,with a capital of 500,000 yuan.
Unlike others,Wang came prepared.Although the capital was not much,he could run a successful business with his unique technologies and expertise.Within a few days of arriving in Zhongguancun,Wang noticed that lots of merchants in Zhongguancun favored “Groupon buying goods,” that is to say,many dealers liked to make joint purchases that would increase the purchase quantity by which they could seek a good wholesale price.Wang grasped the chance in time and set the wholesale price very attractively.After making two big deals,he earned 1 million yuan.The arena of Zhongguancun was so big that he achieved success very quickly—in just one week.
Facing Various Challenges
With the maturing of Internet technologies,combating viruses was no longer a big problem.The new problems came from the challenges that the old,viruscombating issue extended.While Wang engineered antivirus programs,some hackers in China were trying to exchange blows with him.The author of the famous Hefei No.1 virus issued a statement to challenge Wang:He actually decoded the KV300,embedded Hefei No.1 into the KV300,and then spread the recoded KV300 on Internet forums.After the outbreak of the virus,he deceivingly posted on the Internet that there was a virus hidden in KV300.The rivalry between virus production and virus fighting was pushed to the front and center.Like a hero in a martial arts competition,with just one move,Wang subdued the Hefei No.1.
After being conquered by Wang,the author of the Hefei No.1 virus immediately posted on the Internet,questioning viciously:“Why can’t the others get rid of this virus,but Wang Jiangmin can? It’s because Wang himself created this virus! This virus should actually be named the KV300 virus.” While he was waging a campaign against Wang,the hacker concocted the Hefei No.2 virus.It was a most difficult and most powerful Joke virus.It could be varied with countless forms and used almost all encryption methods.Wang had suffered a headache for three days as he tried to conquer it,and after that,he cracked the code.
Immediately afterward,the Shanghai No.1,Shanghai No.2,and Shanghai No.3 viruses came one by one.The Shanghai No.3 virus even showed Wang’s full name in Pinyin on the screen of infected computers.It obviously aimed to sneer and antagonize him.
Wang accepted the challenge.He summarized these three viruses and produced a set of broadspectrum codes that removed all of the Shanghai viruses.After that,no Shanghai No.4 virus ever appeared,because no matter how the viruses changed and no matter how they were transformed,they could not escape Wang’s broadspectrum virus codes,which was as invincible as the almightySunflower Bible,a legendary martial art book mentioned in Louis Cha’s novel,The Legendary Swordsman.
Wang Jiangmin was ruthless in tackling viruses,and he made no secret of that.
At around 10 am on April 4,2010,Wang passed away suddenly at the age of 59.Some people said that it might be the computer of God contracted a virus,so he was summoned to help Him...
(FromZhongguancun Notes,Beijing October Literature and Art Publishing House.Translation:Xiao Jiayan)