We are all to blame for the I Love You virus

2000-05-05

If you didn’t know by now that there was a new virus about, you must have been on holiday in a place where the technology has yet to reach. Once again, some bright sparks have used their skills of innovation and techncal expertise to ensure that they will have something to tell their grandchildren about. Once they get out of prison, that is. The poor, misguided youths have the FBI on their tail and it seems like only a matter of time before they are hauled before the international courts.

Don’t get me wrong. Clearly any human being that intentionally wreaks havoc on the scale that this recent attack has seen, is a weeping sore on the face of society and should be removed. There remains a nagging doubt, however – what bunch of idiots would design anything so fragile that a few students could put it out of action for days, particularly something on the global scale of the World Wide Web? Let’s face it, park benches are these days made out of concrete and fire-treated wood to protect against the expected acts of mindless vandalism that they will experience. Why do we not treat our fragile, Internet-based computing infrastructure with similar caution?

As with so much to do with technology, the answer is one of convergence. The hugely stable, resilient Internet was designed separately from the application suites and email systems, which were originally designed to run on closed corporate networks. It was a small step to design gateways which enabled email systems to exchange information over the Internet, but a giant leap would have been preferable. What we have ended up with is a mentality which says “Oh dear, I am getting email from a whole variety of unpleasant sources, and I can do nothing about it.” Nobody is taking responsibility, not the Internet Service Providers or the application vendors or the end users. All, however, are culpable. Mechanisms have existed for years to permit computer systems to be secured and sources of emails to be checked. The majority of the world’s computer users accept an operating system on which the end user is essentially the super user, and applications with only a minimum of security checking set up by default. There is the argument about whether the user is to blame, whose involvement is necessary for the I Love You virus to spread. But what chance does the hapless user stand, when every feature and function of the system is left wide open and accessible?

Some will be saying that Microsoft should be held in some way responsible for the spread of this latest virus, as it is the provider of the operating system (Windows), the application (Outlook) and the programming language (Visual Basic) amongst other things. But this is missing the point. Microsoft has provided what customer demand has sought. Admittedly the company can guide requirements and expectations but it cannot decide them – if users want poorly secured systems, they will get them. In the past we could perhaps claim technological ignorance but this line is starting to pale. No more excuses – as a global IT community, we must either act to implement systems that really meet our needs, or forever live in the shadow of being held to ransom by some bunch of mavericks on a faraway isle.

(First published 5 May 2000)