Before the I Love You virus hysteria gets too high......

http://www.kumite.com/myths/

5 May 00 NBC'S TOM BROKAW opened yesterday's newscast not with the death of John Cardinal O'Connor, but with the death of the Internet. Brokaw works in the same city as America's greatest Roman Catholic leader, yet the old geezer played second fiddle to a mediocre worm/virus. Amazing.

The Internet died yesterday, by the way. Oh, the humanity! Let's all pause for a nano-minute of silence... {sniffle} I'll miss the web even more than the dead priest guy. (What was his name again? Right, O'Connor.)

First, tabulate the ILoveYou virus emails you received. Then tabulate the ILoveYou virus alerts you received... Did the same thing happen to you last year during the Melissa hysteria?

CNN.com focused so much journalism effort on the ILoveYou virus that they couldn't even offer the Catholic leader a correct title. (It's "John Cardinal O'Connor.") Makes you wonder if CNN.com ever demeaned "Her Royal Highness, Queen Elizabeth."

Yes, you heard me: a mediocre worm/virus. Peter Watkins (Network Associates) and other antivirus bigwigs agree with me on this point.

True story. I checked my email in an airport Internet bar yesterday. Brokaw came on the air -- and the bar turned into a movie set. Camera One focuses on my face: "Could you turn that up?" Camera Three focuses on the bartender as she operates the TV remote. Camera Two pans the patrons, who all fall silent as Brokaw describes the horrifying |ber-virus. Then the news shifts to some old guy in a casket. Camera One stays on me as I toss a bill on the counter, swig one last gulp of beer, and turn to leave.

Man, I shoulda raised my pint to the patrons. "A toast to the Internet: we hardly knew ye..." Hear, hear.

OKAY, ENOUGH WHINING. Let's go over the stuff you need to think about. Caution: you'll upset many corporate virus experts and CIOs if you point these things out to them.

First, ask yourself a simple question. Did the virus itself clog up your company's email system -- or did hysterical virus alerts clog up your company's email system?

If your company got whacked by the ILoveYou virus, don't ask why it happened so quickly. Ask why it happened at all! Didn't the experts learn about this problem last year when Melissa struck? If your company virus expert says "we learned enough to react in minutes instead of hours," then you should ask why your firm still responds to viruses after the fact.

If someone blames Microsoft Windows or Microsoft Outlook or Microsoft Visual Basic Scripting, ask why antivirus software didn't stop the virus at the email gateway. "The attachment name said '.txt.vbs', yet your recommended antivirus solution couldn't recognize such a simple (and well known) trick. What gives?"

If your virus expert blames Microsoft's ubiquity for the virus, ask how much more common the world will grow when we standardize on Java or Linux or whatever else comes next. If he/she babbles about improved security in the next great operating system, ask "why did Java specification v1.1 downgrade its security model?"

If someone recommends replacing Microsoft Outlook with another product, tell them "A virus must first reach a computer before it can ever hope to infect it. Email offers an excellent transmission method no matter what email product we use. Thus, we should try to stop viruses before they enter our email infrastructure." If your virus expert says the firm uses gateway antivirus software, say "it doesn't work very well, does it?"

If a virus expert urges you to get daily antivirus updates, argue "first you told us to inject updates into our computers on a quarterly schedule. Then you told us to inject updates on a monthly schedule. A few years ago you started telling us to score a fix every week. Last year you told us to avoid Y2K viruses by injecting our computers on a daily basis. I swear, you sound like a pusher and I feel like a drug addict."

If a virus expert says you need antivirus software to protect you from ILoveYou, say "if we'd turned off Windows Visual Basic Scripting last week, then our PCs wouldn't have gotten infected. This means our PCs could've protected us from ILoveYou before it even existed. We don't need to update our antivirus software -- we need to update our antivirus experts!"

I could go on for hours about all the stupid things pseudo-experts will recommend in the days to come. Things like precautionary disconnects. Time-delayed email scanning. Persistent antivirus updates (you'll need a persistent Internet connection). Redundant virus scanners. Crippled user interfaces. Obscure operating systems. Expensive replacements for the software you already own & use...

Fearmongers will moan the obligatory "wake-up call" phrase. Every expert on the planet (myself included!) will try to get valuable free media exposure. Reporters will create instant experts out of thin air without even trying. Firms will issue press releases calling themselves the "first" to save the world from the evils of ILoveYou. ICSA already started the stats race with a press release containing estimates. ($1 billion, 30%, 70%, blah blah blah.) Editors will write countless witty headlines based on a catchy virus name.

And for what? So we can continue to employ shallow thinkers in the computer security world? Bah.

I honestly believe the media enjoys making funeral arrangements for the Internet. We've mourned its demise twice this year already! (Three times if you count the Y2K virus media fiasco.) Cardinal O'Connor only gets one funeral by comparison.

-- Jim Cooke (JJCooke@yahoo.com), May 07, 2000

Answers

How do you turn off Visual Basic Scripting in Windows 95-98? I suppose it would be possible to delete the file association to *.VBS, but I'm always afraid that this will cause something else to run incorrectly.

This is something of an academic point, however. As I've said before, I don't open attachments, even from friends, unless I can identify the file type, know what it is, and know that it won't execute code.

-- E.H. Porter (Just Wondering@About.it), May 07, 2000.

Perspective on this is in the eye of the beholder, I suppose. Here's what I read about the virus...

http://abcnews.go.com/sections/tech/DailyNews/virus_000504.html

The virus penetrated computer networks at major corporations, such as AT&T, which was forced to shut down an e-mail system serving 145,700 employees. It also struck the Pentagon, the Central Intelligence Agency and Britains Parliament, though it did not affect any classified systems.

In Britain, about 30 percent of company e-mail systems were brought down by the virus, according to Network Associates, a computer security firm. In Germany and in Sweden, 80 percent of computer were hit.

I don't know about you, Jim, but I'm glad the media in the U.S. gave the attention to this that it did. That attention prevented the virus from reaching the 80% penetration rate at businesses here that the virus is said to have reached in Germany and Sweden.

-- I was thankful for (the@advanced.warning), May 07, 2000.

Thankful, "That attention prevented the virus from reaching the 80% penetration rate at businesses here that the virus is said to have reached in Germany and Sweden." Nonsense. The only reason the virus didn't hit North America and South America harder is that it *began* in the east--worldwires were already reporting the damage it had done in Asia and in Europe when people farther west were just waking up. In addition, those companies/people who still were able to email from the East and from Europe were busily letting people/companies in the West know what had happened.

If the virus had been unleashed first in the West, the statistics might have turned-out differently. The western media overcoverage didn't have much to do with it.

As for you, Cooke, for the first time ever my ISP actually sent me a virus warning (several hours late, I'll admit). It reinforced its own firewalls and urged its customers not to open attachments. And I'm glad it did!

-- viewer (justp@ssing.by), May 07, 2000.

And, as for you, Viewer, the problem is that morons will always be morons (not refering to you but the people who got infected). First, why would any firewall ever be set up to allow a VBS file into the e- mail system? There's no legitimate reason for a file like this ever to be sent by e-mail. This worm was a 10th grade effort and any firewall should have been able to handle it.

And how many viruses and worms does it take before people learn about opening attachements? Most have already learned and those that haven't apparently never will. Any company who has a problem should first investigate why their own security didn't cath it. The next step is fire anyone who infects thier computer because they opened an attachment that they didn't know was safe. A few of these and this problem would go away.

-- Jim Cooke (JJCooke@yahoo.com), May 08, 2000.

Jokes, my friend, jokes! The business world revolves around these things circulating by the thousands. And the happy little workers just cannot resist opening them....

-- viewer (justp@ssing.by), May 08, 2000.

"The Internet died yesterday, by the way."

Great! That means we're reverting back to pre-1995 when the masses and dot coms invaded it!

-- (y@x.x), May 08, 2000.