Last week, when that twicky wittle viwus took down MCI WorldCom, a strange thing happened that IS people immediately recognized as unnatural: the guy from the consulting group that nailed the virus was positively gushing about the ingeniousness of the virus, and described the code's functionality as if the hacker had been so nice as to leave the source, too. This was on CNN at about 6:00 - primetime.

Then this other guy came on and flapped some more about "oh, this is a tewwible, tewwible viwus" and (to paraphrase), said "in about a year, who KNOWS how sophisticated and widespread these viruses will be". His demeanor was total huckster - real IS people don't gush about anything.

I'm wondering, if you got sued in Y2K court, how the prosecutors would be able to tease virus crashes from Y2K-induced loss of functionality. Are big-time lawsuits already being drafted in anticipation of Y2K problems? Why did the guy speculate that these viruses would be particularly worrisome in one year? Who was he pitching to, IS managers?

-- Lisa (lisab@shallcx.com), December 29, 1998

Answers

Lisa, You have either:

a) a VERY devious mind

or

b) a LOT of high-powered (defense) lawyer friends

c

-- Chuck a night driver (rienzoo@en.com), December 29, 1998.

Chuck, to be devious is compulsory in this business.

Is it not an eminently practical and advantageous solution for (almost) everyone, to avoid some substantial percentage of the expected Y2K-related litigation by ascribing problems to computer viruses wherever possible?

Legal expenses are a legitimate [sic!] business expense. The cost of doing business is usually passed on to the consumer, one way or another. Any business failing to do this will fail. Any business overwhelmed with legal fees deriving from Y2K problems is also at risk of failure. In either case of failure, employees become unemployed. If this occurs on sufficient scale, business failures and unemployment cascade out of control. Recovery from Y2K events then becomes much more difficult.

Not likely the best and the brightest in the Beltway haven't figured this out.

-- Tom Carey (tomcarey@mindspring.com), December 29, 1998.

What's also interesting is that this virus is not seen as particular;y nasty by the AV vendors. From Symantec's site:

"A new virus has been discovered on December 17, 1998, called 'Remote Explorer'. There has been a lot of media coverage about this new virus, which affects Windows NT systems. Symantec AntiVirus Research Center believes that this virus is an isolated incident and has not affected any additional customers and is not a threat to the general public including corporations and home users at this time."

Symantec goes on to state that entry by this virus requires access to an Administrator's account and that the virus can't spread through properly configured firewalls. So, we might conclude that (a) the admins at MCI didn't configure their NT systems and network firewalls as securely as they should and (b) there's a bit of CYA in the news reports about how "smart" this virus is. One might deduce that it was not so much the critter's intelligence, but the relative lack of same shown by the admins.

-- Mac (sneak@lurk.com), December 29, 1998.