Slashdot Log In
Viruses: More Hype than Danger?
Posted by
CmdrTaco
on Wed Apr 24, 2002 11:54 AM
from the just-as-long-as-they-stay-out-of-my-inbox dept.
from the just-as-long-as-they-stay-out-of-my-inbox dept.
blankmange writes "CNN is carrying a story on how the big virus scares within the last year or so have been just that: scares, usually hyped by the media with software companies standing by to reap the profits. 'The market for computer security is booming as PC users become more aware of the need to protect themselves from worms and viruses.
"Code Red" hit the headlines in July last year, with dire predictions that the PC worm would cripple the Internet. Yet in the end, Code Red didn't even make the year's virus Top 10.' PDAs are the next marketing target, along with cellphones."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Scares are enough (Score:4, Interesting)
If people broke into my house one night and left after defacing my home, but didn't take or destroy anything - I'd still be pretty upset. And if it was because I'd left the front door open- I would really think about closing it and installing a lock (or locking it if there was already one that I had just left unlocked).
.
Re:Scares are enough (Score:4, Funny)
Agreed.
After all, "just because you're paranoid doesn't mean they're not out to get you."
Parent
Re:Scares are enough (Score:3, Funny)
I like that story much better, and this is turning out to be a nice little thread here. Sorry to hear about the carpet guy (I'm glad to heat that you sleep with a gun now, I was getting worried about your habbit of sleeping with blowup sheep dolls. [j/k]) I hope the the apartment chick was cute and was into you rimming her. Also, I've never tried to walk around with my pants down, but your right, nothing has ever happened to mr be back there.
I want to thank AC for pointing out the difference in deface and distroy. His/Her examples where right on target, and let me know that defacing an object does not mean to make it completely unusable. Two thumbs up to him, except where he called me a wise ass. I didn't enjoy that part, but as it turns out, he might be right.
sit back and enjoy the rest of your day and thank you for flying NorthSouthern Airlines.
Nimda (Score:4, Insightful)
Re:Nimda (Score:4, Insightful)
Yes, Code Red was overhyped. But some viruses deserve the strong warnings. It's not like there's huge hype every day about some virus so that you don't even pay attention.
mark
Parent
Re:Nimda (Score:4, Insightful)
Food for thought.
Parent
Re:Nimda (Score:3, Insightful)
I was always thinking this when the Y2K problem came and went. Everybody was saying how important it was and scrambled to try to make things Y2K compliant. Then it hit the year 2000, and almost nothing noteworthy happened. Instead of people saying "Hooray, our hyping and precautionary measures worked!", everybody though "Man! We were getting all excited over nothing! What a waste of time!"
Maybe the fact that these virus attacks seemed lesser than expected is the proof that the hype is good. (Better to err on the side of safety?)
mark
Gotta love your obligatory pro-Linux statement (Score:3, Interesting)
It's funny that I think of the same thing when I see Apache servers that are running everything up to and including mod_YourMom... people need a lesson in security... it doesn't matter if it's IIS or Apache or NT or Linux or Joe's OS.... it makes no difference. Security holes exist in every OS and configuration... it's just the job of the astute sysadmin to make sure that the holes are plugged before the box goes into production use.
cell phone? (Score:2)
the really ubiquitous virii (Score:2, Interesting)
not the ones that have been hyped.
i remember the ones that used to be really ubiquitous in the DOS/win3.1 days were the boot sector virii... those things were everywhere! and they could be passed on by floppy
Gloom and doom (Score:3, Insightful)
They are the first to predict 18 inches of snow for a storm that produces only six. News sources love reporting gloom, doom and disaster, for it increases viewership/readership.
No one cares to hear "Nothing to see here, movealong".
Hype maybe.... (Score:4, Insightful)
Better safe than sorry....
Kind of a rhetorical question, isn't it? (Score:5, Insightful)
Think of Y2K: a big deal, yes, and plenty of people were saying right up through January 1999 that something had to be done, and soon, because thousands if not millions of computers and software programs were affected. Eventually, they all got on it. The problem was licked, and virtually no major Y2K issues were still existing by the time the date actually arrived.
Sure, some people overreacted by building underground computer-free bunkers and stocking up on gasoline and bottled water -- but then, there are always people who overreact. Y2K probably wouldn't have caused the end of the world, but it would have been a pretty big nuisance if the media didn't get the word out so that normal people knew to upgrade their products and pressure companies to produce the upgrades for them.
You can't over-hype virus issues. You can lie and say a problem exists that doesn't, but you can't stop stressing that antivirus software and common sense when opening attachments and securing connections is important. There's always someone new to the computing world, or someone who introduces a new attack strategy, which necessitates restating all the rules.
Bottom line: everybody with a computer needs some sort of antivirus protection, even if it's just common sense. Everybody with an Windows PC on the Internet ought to have antivirus software as well, and keep it up-to-date, just because that OS is so susceptible to new attacks.
Parent
Re:Kind of a rhetorical question, isn't it? (Score:3, Insightful)
Yeah, and probably the best way to get it at present is to install FreeBSD. OpenBSD and linux are close behind it.
A curious thing that I keep noticing is that the overwhelming majority of virii and other such perversities are on Microsoft systems. A few are on Macs. People try to wiggle out of this by saying that unixoid systems aren't common enough to be attractive to virus writers. But the first "demo" viruses in the early 80's were on unix systems, and the unix world is infested with hackers. Also, nearly half the cpus in the world are running some unix-like system (including a lot that were sold with Windows, and are listed as Windows machines in the sales figures). The real reason that unix-type systems aren't being hit is that they are much less susceptible.
Similarly, with the Y2K problem, I saw here and there a few comments that almost all the known Y2K bugs were on IBM and Microsoft systems. Cobol programs were at the top of the list of problems at the application level. But the media made very little note of this. They told us that Y2K was a universal computer problem. Well, most people using unix-type systems did nothing much to prepare for Y2K, and nothing much went wrong.
We could use a lot more finger pointing at the systems and software that are sucsceptible to such problems. Maybe then they'd get fixed. But the media is in love with IBM and Microsoft, and goes out of its way to not mention their names when there are problems. So they'll just continue to get away with selling susceptible systems to the gullible public.
We had prototype email viruses 20 years ago. And the solution was known 20 years ago. For Microsoft to continue foisting them on the public is unconscionable.
Re:Hype maybe.... (Score:3, Insightful)
Computers and the Internet are tools. people are suprised when they realize how high maintinence those tools are. I know I was.
code red is hype? (Score:3, Funny)
Maybe Code Red wasn't as bad as predicted... (Score:4, Insightful)
For news sites... they make everything overly dramatic. Maybe that's the problem.
What this article is really addressing IMO is the fact that news sites like to exploit people's fears in order to increase readership/viewership. That's an across-the-board news problem, not a virus problem.
mark
Code Red (Score:2, Funny)
The envelope please... (Score:3, Funny)
The "Top 10 for 2001" they are referring to are listed here [sophos.com].
En español aquí [sophos.com].
Funny, they all seem to have something in common...
Re:The envelope please... (Score:2)
Nimda is still fairly active/destructive (Score:2, Informative)
Viruses pray primarily on the stupid (Score:2, Insightful)
I'm a firm believer in revoking i-net privledges to employees who are stupid enough to send much less open attachments of the exe or macro variety.
Stupidity...Maybe - Ignorance...Definitely (Score:5, Insightful)
Instead of revoking access to users we like to label as "stupid", maybe we as IT Managers, Sys Admins, etc. should spend more time training our people rather than browsing Slashdot all day. : )
Just a thought.
Parent
Code Red and other Problems with Hype (Score:3, Insightful)
Really though, I serve as a virus debunker for many of my less than computer literate friends, but it would be nice if there was a public site for this sort of thing, that picked up e-mail hoaxes and displayed them for what they are, meanwhile addressing real problems and how to fix them. There are a couple for the more technologically gifted (such as Norton's anti-viral research labs) but there really needs to be a good "for the average user" site.
Re:Code Red and other Problems with Hype (Score:3, Informative)
There [vmyths.com] you go.
Peter Norton ... (Score:3, Informative)
Look at your Best Buy [boycott!] ad next time it comes. You always see rebates for *NEW!!* AV software and Peter Norton's products.
They never work with the older versions of Windows - and these companies always make a fortune off of new releases of that OS.
So why buy stock in Microsoft when you should be buying it in McAfee and Symantec.
Over Hype (Score:2)
Well, Code Red like exploits are still floating around looking for hosts.
They ought to be considered more like parasites than viruses. But I guess the analogies to biological organisms make for more sensational news.
If you were warned of the Ebola virus on one hand and the dangers of ghiardia in drinking water on the other hand, which would you get more excited about?
I can see the headlines now:
It must be fun working in media (Score:5, Insightful)
I guess then CNN can produce an article about how it wasn't really hype after all and then, after everyone has forgotten about viruses, they can start hyping virus stories again. Then they can have a story about how much they are hyped. And then they can have a story about how there used to be stories about viruses and how they died down and now they've come back.
Endless stories without having to research anything. It must be fun working in media.
Virus notifications are the real viruses (Score:2, Interesting)
Better safe than sorry... (Score:2)
Sorry - I disagree (Score:2)
Then you have to add in the cost of cleaning up the ones that slip through, and the fact that most companies don't report attacks to anyone, and I would have to say the CNN numbers are greatly understated.
sPh
Virtual Myths (Score:2)
This guy has made a whole website about the "myths" of viruses
http://www.vMyths.com
Something smells fishy if a billion dollar business depends on these creations, and who knows more about them and how they work and how to create them than anyone else ?,
consipracy or our friends and saviours ?
Code Red not in top 10? (Score:4, Informative)
Code Red (and derivitaves) were a major pain in the ass. My servers don't run any MS software, but Code Red still affected me. It kept hitting my ports, over and over and over again. That sounds like a minor annoyance, until you are using more than eth0. Think virtual hosting.
I also was lucky enough to have a number of clients that were using Cisco 678 DSL modems. Anyone remember that? Code Red locked them up. Until a patch was applied, they locked up every time they got a Code Red request. I knew of some people that would go and reset the Cisco, and be down again before they got back to their desk.
It may not have been the typical user spread virus, but it made my #1 last year, because I'm not stupid enough to use Outlook.
smoking crack (Score:3, Informative)
On July 19, 2001 more than 359,000 computers were infected with the Code-Red (CRv2) worm in less than 14 hours. At the peak of the infection frenzy, more than 2,000 new hosts were infected each minute.
That was "over-hyped?" what would it take for it to be "valid concern?" Yes, Code-Red didn't do the damage it intended to...but it still did a heck of a lot of damage. Claiming that some anti-virus nonsense "top 10" has any bearing on the actual amount of damage done is just stupid.
Was the CNN author a Systems Administrator? (Score:5, Insightful)
I would get into work in the morning, read the latest advisory about some new virus. I would send out an e-mail to my users, "DONT OPEN ANY ATTATCHMENTS!" After which I would promptly apply fixes to the mail server.
My CIO would be reading her hotmail or yahoo mail, whatever. Point is it was a mail service outside of my control. She would see the subject, "I love you" and thinking it was a date, she would open it, from which it would spread like mad cow diesease. The rest of my day would be spent cleaning out her crap.
Wasn't this way at just one company, it was this way at every company I have ever worked at. No matter how much you try and warn these people they just don't listen. They have the attention span of a gerbil and it shows. And everytime it would happen I would always get the same answer from them, "But I swear I didn't open that attatchment" To which I would reply, "The computer must have MAGICALLY sprouted hands and fingers and opened the attatchment itself, oh don't forget it also typed in your webmail username and password for you too"
I dunno, being jobless all this time has made me realize a few things. There's no enjoyment in a job where you have to put out fires for 200+ people a day because they're too fucking stupid to figure out simple shit for themselves. They won't ever listen to your warnings, they don't seem to care that you have to spend several hours fixing their machines. They have an obvious lack of understanding that you have to actually concentrate to fix their problems, and this is made apparent by the 15 minute head pops they do into your cubicle, "Is it fixed yet? I have a really important blah blah blah for VIP blah blah blah."
I don't think CNN has any concept of what it's really like out there. The amount of single celled organisms in a corporation is astounding.
I'd mod this guys post up to 5 ! (Score:3, Funny)
DUMB COMPUTER USERS
Fact is, 99% of the world fit that category.
There was an article about designing UI's few days back and all I could think about was my financial partner who has to be told how to minimize a window every time.
The kinda guy that uses a remote email connection to send 10meg word documents to the person in the office next to him, even though all he needs to do is to send locally in 1/100th of the time.
The marketing-type person who leans over your shoulder when your computing and says to a client
"You know, these machines are amazing !"
Yeah - you should see the user jump through hoops of fire !
And we worry about virus problems being over-hyped ?
Screw the viruses,
I can see the headlines now
"Dumb computer users seen as the biggest risk to computer security."
"Symantec announces the anti-dumb-computer-user fix"
Re:Was the CNN author a Systems Administrator? (Score:5, Funny)
...
>
Like, "don't insult your coworkers if you want to stay employed"?
Parent
Elitism and the reason why users just don't listen (Score:3, Insightful)
(An open message to all bitter support people, angry at "end users")
(chuckles softly) Ever stop to consider that 99% of the "end users" (they are actually called people, or employees... you know the people we support who do the actual WORK that pays our salaries) out there don't really give a rip about your job frustrations any more than you care about the new IRS guidelines taxing the patience of Phil from accounting... Let's face it, most of what you tell them goes in one ear and out the other. NOT because they have the attention span of gerbils, but because YOU, and so many many like you, have a giant chip on your shoulder. You don't respect the people you work with, you don't appreciate the fact that you have a specialized skill that others don't share. So you talk down to your users, then you talk over their heads, then you talk about things that don't concern them or how they do their job. The signal to noise ratio is such that OF COURSE they won't really listen when you warn about viruses...
Lighten up a little, learn to see the bigger picture, learn to see your co-workers (once you get a job again) with compassion and not this holier than thou crap and I bet you might start to notice a change.
Most places I've worked... (Score:3, Insightful)
Most places I've worked, the subsequent 8 laptops would have come out of HER paycheck--a great incentive to be more careful with company property. (The insane paperwork to get *anything* ordered at my current workplace is a good incentive not to wreck your current box, too).
Frankly, as long as it's not coming out of YOUR paycheck, why does her idiocy with laptops spin you up so much? They were still paying you for the work involved, right?
You're laid off, and bitter--I can understand that. Been there, done that a few times. Job searching all over and getting nothing for months on end is incredibly demoralizing. However, you might want to learn to relax and enjoy things a bit more, because that bitterness will show in job interviews. Also, if the job situation is that bad locally, why not search elsewhere? The internet is damn useful for that.
Re:Was the CNN author a Systems Administrator? (Score:3, Interesting)
You obviously don't have any respect for how much burden is layed on a sysadmin. You don't realize when the shit hits the fan we're the one's cleaning up your mess. You just don't know how dumb all those people with the "Chief" something in front of their title (CEO CIO CFO) really are.
Corporate infrastructure would rot without us. We're the one's with the cell phones and pagers as a leash. You whine about how much we get paid? How many sales people are called down to the office at 2:00am because the people with the "Chief" in front of their title decided to pull an all nighter and need you there to show them how to minimize a window. We put in twice the work any of you morons do and we never get recognition for our work.
We have to answer to every department within a company. You are constantly walking on pins and needles because if one person is somehow offended by you telling them they're #10 in the que they throw a political shit fit getting your ass in a sling for not working fast enough. Sometimes you're asked to do things un-ethical like spying on employees. (I had a CEO ask me to spy on one of the girls he was bangin in the office because he thought she was banging another "Chief" You see things like an entire company get purposefully run into the ground so the CEO can hide his dangeruos liason from his wife.
I shouldn't worry about someone breaking 9 laptops in 3 months? You fucking ass, those were dell inspirions, at about 5k each that's 45k for some ditz bitch sales whore to make me work harder when all she had to do was carry it on. 45k COULD have bought another jr. admin. That's another thing too, you see shit like the "Chiefs" spending riduclous amounts of money on themselves and their butt buddies everything from top of the line laptops that will never fully be used to fancy dinners "Outside meetings"
It is that stupid user thinking that money and IT resources just grow on tree's that atrributed at least %30 to the downfall of the dot coms. Yeah go break another 5k laptop you bitch.
Re:Was the CNN author a Systems Administrator? (Score:3, Funny)
Dude, if they could, you wouldnt have a job. Oh wait...
uhh... (Score:5, Insightful)
...maybe because Code Red was a worm?
Klez.H is not hype (Score:3, Interesting)
Back in *MY* day! (Score:4, Insightful)
Used to be when you got a virus it would munge your bootsector, and as much of the disk as it could after it mailed itself you all your friends.
The viruses these days just seem to be made to propogate as far as possible, or to do something juvenile like deface web sites.
The only reason they are only hype these days is because the payload is (relatively) innoxious. One line of code could make the few hundred thousand of computers infected last year dead, rather than popping up a cute little message.
From the Future (Score:3, Interesting)
The reporting was hyped all out of proportion. Every hour on the hour there was a public service announcement regarding it. Major troop movements in the Middle East were relegated to the back page in favor of reporting on some kid with a runny nose on page one.
The public went into a panic. People went and got their flu shots. The covered their mouths and noses when the coughed or sneezed. They didn't go into work when they had the sniffles. They stopped french kissing with strangers.
But there was no outbreak. A total of five people died of the Faux Flu. The people blamed the media for inciting panic. Newspaper subscriptions plummeted and Disney Megacorp had to sell off AOL/TW to stay afloat.
Then the Fu Flu hit the next year. No one believed the media. No one took their flu shots. Sneezing in crowded train stations was considered hip and cool, a way of telling the doommongers to bugger off.
And 1.3 billion people died.
The virus ecosystem (Score:3, Interesting)
It's important to the revenue stream of the anti-virus companies that their products not work very well. Note how these things work. They mostly recognize known viruses. They don't generally stop improper behavior by all possibly-hostile content. Hence, constant upgrades are necessary. The initial version is usually free, just like a drug dealer.
It doesn't have to be this way. Suppose, for example, that Mozilla rendered all pages and executed all downloaded content in a "jail" secured by the OS, one that could write to the window, receive input when it has the focus, and talk back to the sending server, but nothing else. This could work under FreeBSD as currently shipping; Linux may get there.
Best Anti-Viral Software? The Outlook Uninstaller (Score:3, Insightful)
When people ask me about viruses, I always tell them to use something besides Outlook and they will be fine. And they are.
For 98% of the people out there, the damn anti-virus software is more of a hassle than the viruses they can't catch. The bloat in security software puts MS to shame. All you need is Norton anti virus to show the kids what a 386 was like. Slooooowwwww.
The only way you can get a virus nowadays, is to start up Outlook. I do not understand why the corporate IT guys, for whom these high-profile worms are a genuine headache, do not sue MS. By pretty well insisting on having scripting 24/7 in all their apps, they have created a royal road into anyone's box. The patches they offer are laughable. The house is on fire, and when a bit of flame shows in the front window, MS generously rushes up with a glass of water.
It's Michalangelo all over again! (Score:3, Interesting)
Of course, things are different now. In the DOS heydey (including Windows pre-95), most viruses we re textbook viruses. Today, more of them should be defined as trojans and worms. There's no worm that you can see and say "well isn't that cute" as they all are quite damaging in terms of bandwith utilization. But there were/are many true viruses that are not damaging... or not damaging if caught in time. We all like fire, but nobody likes getting burned.
Now, back to the subject. Michaelangelo. Back when it was news some ten (egads!) years ago, McAffe was warning everyone of the impending doom. That year there were many people who lost data, but nowhere near as large as some people had believed. To be fair to the AV experts at the time, most of them gave a range from the small to the abnormally large- but guess which figure reporters used to sell papers?
So, life went on, and nobody was afraid about Michaelangelo anymore. Well, this poor sap was hit by it the *second* time it delivered it's payload (March 6th 1993). I lost of a lot of data that day, and boy was I surprised. Ironically, the data I miss the most is a copy of the virus itself. We all love fire, but we don't love getting burned.
Studying the interesting viruses was, and is, a really educational and enjoyable thing to do. I do not encourage people to distribute viruses. It's a dick thing to do. But there are plenty out there, and they'll forever live in databases like VSUM and whatnot. The game of virus authors versus AV authors is largely over; but it's still neat to see how different viruses copied themselves, and even more interesting the cryptic lines of text that can so often be found in infected executables.
Call me a hopeless virus romantic (not the VD kind), but I still think that's cool.
And holy crap, I just realized that the slashdot blackout already started. I apologize, didn't realize this before I typed this all up.
Depends on your opinion... (Score:3, Interesting)
If the past year's viruses were all hype, I have to wonder how serious a virus has to be before they actually claim them as dangerous.
Thanks to SirCam, I personally received two documents from Fortune 500 companies (which were infected) with draft proposals for new products and the markets they were targetted for. I get to know the plans of a big company even before their CEO does.
Thanks to CR/Nimda, I get to see at least 100 probes a day trying to get to my personal web server. On more active days, that number is more like 500. And this is now, over 8 months after the virus was at its peak.
I know of at least a few administrators (that work at various companies) that had to put in about a week to get the "I love you" virus under control. And that virus didn't even have a nasty payload.
Mind you, they could have been much worse. The simple fact is that most of these viruses were born from stupid bugs (which in most cases were simply overlooked) and hence were somewhat easier to fix.
Re:With Microsoft Swooping in to Save the Day (Score:4, Insightful)
Parent