Reaper: The First Antivirus Was Written to Fight the First Virus
Zusammenfassung
The first computer antivirus program, “Reaper,” was written in 1971–1972 specifically to hunt and delete “Creeper” — widely considered the first computer worm. Creeper spread through ARPANET, displaying the message “I’m the creeper, catch me if you can!” Reaper spread through ARPANET in the same way, deleting Creeper when it found it. The cybersecurity arms race — malware and countermeasures locked in continuous mutual escalation — began before most people knew computers existed, in a government research network with a few dozen nodes and no commercial users.
Creeper: The First Worm
Creeper was written in 1971 by Bob Thomas at BBN Technologies — the same company that built the ARPANET Interface Message Processors. Creeper ran on DEC PDP-10 computers running the TENEX operating system and used ARPANET’s RSEXEC protocol to copy itself from machine to machine.
The program’s purpose was experimental: Thomas wanted to demonstrate that a self-replicating program could move between machines and maintain presence across a network. Creeper was not destructive — it only displayed its message and continued spreading. Earlier versions may have moved (deleted itself from the source machine when copying to a new one) rather than copied.
Creeper was not designed as malware. It was a demonstration project, likely related to research on migrating software between machines — an early form of what would later be called mobile agents.
Reaper: The First Response
Reaper was written by Ray Tomlinson — the same engineer who invented network email — or by engineers working with him at BBN. The date is approximately 1972. Reaper spread through ARPANET using the same mechanism as Creeper, specifically targeted Creeper installations, deleted them, and then deleted itself.
Reaper was the first antivirus program in the sense of being the first software designed specifically to find and remove another piece of malicious (or at least unwanted) software. It worked.
The Pattern It Established
The Creeper/Reaper pair established the structural pattern of every subsequent malware/antivirus interaction:
- Malware exploits a system’s capabilities to spread and execute.
- Antivirus uses the same capabilities to identify and remove the malware.
- Malware authors adapt to evade the antivirus.
- Antivirus adapts to detect the new malware.
This cycle has been running continuously since 1971, with each generation more sophisticated and the stakes higher. The 1970s cycle involved two researchers at the same company on the same small network. The 2020s cycle involves nation-state threat actors, criminal ransomware syndicates, and AI-assisted detection systems.
The cybersecurity history and hacking history articles trace how the experimental curiosity of Creeper became the multi-billion-dollar criminal and national security problem of modern cybersecurity.
📚 Sources
- Stallings, William: Cryptography and Network Security, 7th ed. (2016), Pearson — Chapter 19: Malicious Software
- Szor, Peter: The Art of Computer Virus Research and Defense (2005), Addison-Wesley — Chapter 2: Virus history
- Dressler, Judith: “History of the Internet” — Internet Society, 1999 (Creeper reference)