Love and viruses: the upside of crying wolf

2000-05-19

Security software companies have been accused of hyping up the potential risk of new viruses. It stands to reason: the more dangerous it is out there in cyberspace, the more we shall turn to trusty virus detectors, firewalls and other protection mechanisms. It’s all good for business. With the ongoing saga of love bug viruses hitting the news over the weekend, even the protection software vendors are starting to get uncomfortable about the dangers of over-egging the viral pudding.

According to Dan Schrader, chief security analyst at Trend Micro (reported on News.com), there is a fear that all the noise and stink created around the love bug risked making the whole issue fasde into the background noise. "If we cry wolf often enough, they'll tune us out entirely," said Schrader. This may be true, but at the same time there are positive signs that the PC proletariat are starting to understand the nature of such things as malicious attachments. After all, these new worms are not like viruses of old, which would infect executables without any outward indication of their presence. It is understandable how, say, a utility or game could be passed from one computer to another, carrying the virus with it. This did not have to be malicious – there have been several instances of viruses being passed on the cover disks of magazines. However, malicious email attachments require user intervention, namely a double click on an attachment that is a virus in all but name. It isn’t buried in the middle of a harmless program – it is a program in its own right, relying on a lack of caution on the part of a user. If having a lack of caution is a crime, I daresay we are all guilty (who did not double click on an email from a friend last Christmas, containing the message “Have a look at this!” and the attachment “Elf bowling.exe” or somesuch?)

This is where crying wolf is working in our favour. Far from being turned off by the constant media blare about the latest variant of worm X or Y, a large number of people have been on the receiving end of such malicious programs. I, for one, received two emails from acquaintances saying “do not open anything I have sent you! I was on the receiving end of the I Love You virus.” I have certainly been a little more cautious when opening unexpected executables or VBS files (Visual Basic Scripts). Not that I have yet received any of the latter, but you know what I mean. All the media attention in the world cannot interest us as much as some real experiences: there are few organisations that were unaffected by the recent attacks, and as a result both organisations and individuals are becoming a lot more savvy.

As is discussed elsewhere today [link to G8 article], we cannot fully predict the vulnerabilities that will be opened up by new technologies. However signs are encouraging that the water level of eNouse is rising. We are getting smarter – hopefully we shall learn fast enough to beat the next generation of viruses before they happen. After all, the solution is just a double click away.

(First published 19 May 2000)