In 1994, I was dealing with the OneHalf virus.
Not as theory.
As reality.
There were no tools.
No frameworks.
No “best practices”.
There was a problem.
OneHalf was a polymorphic virus.
It changed its code.
It changed its length.
It looked different every time.
Classic detection did not work.
So I stopped looking for one specific virus shape.
I started looking for the mechanism behind it.
I found a pattern that did not change.
And I built my own antivirus around that.
The goal was not to look impressive
I did not do what was common at the time.
I did not delete the files.
I healed them.
The point was not to create something that sounded good in a presentation.
The point was to make systems work again.
That is still one of the most important lessons in cybersecurity.
When the problem is real, the organization does not need slogans. It needs understanding, decisions and working recovery.
Before the terminology existed
I sent the source code to a small antivirus company.
After reading it, they recognized something that today would be called heuristic analysis.
I did not call it that at the time.
I did not have the time.
The priority was simple:
systems had to work.
That is often how real security experience is created. Not by first learning the correct term, but by solving a concrete problem and only later realizing that the method has a name.
Technology changed. Reality did not.
Today we have:
- advanced tools,
- AI,
- detection systems,
- dashboards,
- frameworks,
- documented processes.
All of that can be useful.
But one thing has not changed.
When a real problem arrives, decisions happen in reality.
Not in a document.
A document can support the response. A tool can support the response. A framework can structure the response.
But none of them replaces understanding.
The problem changed its name
In 1994, the problem was a virus.
Today, the problem is often something else:
- chaos,
- unclear decision-making,
- lack of preparedness.
The technical problem may only be the visible part.
The deeper problem is whether the organization can understand what is happening, decide what matters and act without panic.
Technology is rarely the only limit today.
Management often is.
Cybersecurity as it really is
I share the reality of cybersecurity.
Not the version that looks good in a presentation.
Because the real test is not whether an organization can describe security when everything is calm.
The real test is whether it can respond when something breaks, when information is incomplete and when there is no time to pretend.
OneHalf taught me that security is not only about detecting what is visible.
It is about understanding what is happening underneath.
That lesson is still valid.