Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Bug

Virus Cost Estimate For 2001 Tops $10 Billion 239

Posted by timothy from the say-ahhhhhh dept.
Snootch writes: "CNN has a story on the costs of virii - they're absolutely collossal, and remember that the $10 billion figure is just *so far this year*...scary. The article gives a pretty good breakdown by virus, and while it says little else that the average /. reader won't know by now, it's an interesting read all the same. To quote Red Dwarf's Kryten, 'Smug Mode,' but I note that every single one mentioned in the article, bar one (Code Red), was a client-side Outlook virus ..."

"My other thought was this: Considering that according to the article, nearly half the money was spent cleaning infected systems out, then the virus-checker industry, and therefore the implications of Symantec's recent patent, are even bigger than I realised ... *gulp*" Of course, estimates like these are often made by people with vested interests in the effect such numbers have, and there are a lot of costs that are very tough to estimate accurately -- like sysadmin time.
This discussion has been archived. No new comments can be posted.

Virus Cost Estimate For 2001 Tops $10 Billion More

Virus Cost Estimate For 2001 Tops $10 Billion

Comments Filter:
  • Since anyone accused the virus protection companies from infecting the public on purpose, lets start doing that again.

    • Not it hasn't been. I've been saying this all along to people I know. The recent trends of anti-virus software vendors starting to charge a subscription fee to get signature updates has done nothing but solidify my argument. A few years ago companies that charged money for the antivirus software itself were really the exception... now we are seeing the reverse. Does anyone know of any virus scanning software that is free?
  • How do missioncritical projects handle this kind of problems? That's nuclear stations, NASA and the like...
    • people in places like NASA tend to be computer literate, as their whole job relies on it. I'm also sure they hire quite a few good tech guys.... not just someone who thinks his MCSE is the be all and end all of certifications.

      I have a feeling NASA doesn't use outlook for email, or run unpatched systems, even if they did use IIS.
      A professional company doesn't use microsoft to run everything, they know better.
      • I have a feeling NASA doesn't use outlook for email, or run unpatched systems, even if they did use IIS. A professional company doesn't use microsoft to run everything, they know better.

        "I believe it must be true so I'll post it to slashdot even though I have no idea what the truth of the matter is"

        NASA has for many years been failing to deploy desktop security from a Canadian company called Entrust. That means that their security infrastructure has to be running on W2K machines 'cos thats all Entrust support.

        I find it interesting that the company I work for strips out Sircam virus using a plug in to their Exchange server while the MIT AI lab where I have a courtesy account still hasn't put a patch into their sendmail running on Slowlaris.

        I still get about 200 Sircam messages a day on my AI account. Not a problem if I have a high bandwidth connection but my account is now unusable from a dialup modem.

        The reason that most viruses attack Outlook is that it is much easier to access the outlook address book with a couple of lines of VB script than to parse the headers in the mail spool.

      • I have a feeling NASA doesn't use outlook for email, or run unpatched systems, even if they did use IIS.

        I dunno if NASA runs IIS, but I do hear that they run ISS.

        -Rob

      • Re:Mission critical (Score:3, Insightful)

        by Veteran ( 203989 )
        I do work at NASA, and sadly, they do use Outlook - run unpatched systems etc.

        Even more ridiculously I am forced to do engineering work on a 64 MB Win 98 machine. When I tried to at least get more memory for the machine I was told that I didn't qualify: Engineers were considered in the same category as secretaries as far as their computer usage.

        If it weren't for the (personally owned) Linux box I keep on my desk I couldn't get much useful work done.

        The people who do the actual work at NASA are the sharpest group of people I've ever had the pleasure of working around - but like most places the upper management has more than its fair share of 'clueless techno ignorants' making decisions.

        At least our computers are behind a firewall - so they don't get hacked all the time - but there are enough technically unsophisticated people (managers, secretaries etc.) on computers that viruses remain a problem.

    • Re:Mission critical (Score:3, Informative)

      by vrmlknight ( 309019 )
      I work in the Network Operations Center at one type of mission critical facility and most of our servers are Linux and Unix variants while these were fine we were still hit w/ code red (all the win2k desktops) bogged down everything our DNS servers were getting around 10,000 hits/hr (a lot for our internal servers) and all the extra traffic (probing for other IIS boxes) brought stuff down cause nothing could communicate over the network for about 12 min we pulled the plug on router that connects everything to the servers so that the servers could still communicate that started patching machines we lost about 12 min of productivity and another day of patching desktops. Luckily it happened around 8:00PM right as I was getting ready to leave so I was right they to pull the plug to separate the networks and than we called people in and started patching the win2k boxes

  • The cost to my company (Score:1, Interesting)

    by Anonymous Coward
    We're a unix shop of 60 employees. The cost to us for CodeRed was, um, $0. I saw the entries in the logs as part of normal maintenance but did nothing else.

    Sircam cost about $50, which is the hour it took me to update the 4 Windows machines in our sales office. This figure might be a little low because I didn't include the cost of hitting the delete key. Oh, and I added a procmail recipe I downloaded, but this was something like 2 minutes worth of work.
    • Would you have been at work, and paid for your hour whether or not you had to deal with Sircam? And did that hour cause the company to pay you overtime, or any other payment they would not otherwise have paid?

      • Time for an economics lesson.

        I work for a small R&D firm. My time is worth more to the company than my salary. Why? When I'm working on a contract, there's this little concept called overhead. For every dollar that I'm paid out of the contract, about two dollars from the contract are placed in the company overhead account. This provides the operating budget for the business. It pays the lights, rent, phones, secretaries, etc., but it doesn't pay my normal salary.

        When I have to change hats to clean up after a virus, I'm being paid out of the overhead account. It's not billable time. When I'm not working on contract, it costs the company more money than just my salary. For every dollar that I earned cleaning up after SirCam, there was one dollar deleted from the overhead budget and two dollars that were not "earned" by overhead. In other words, for every dollar that I was paid to clean up after SirCam, the company lost three dollars from the operating/overhead budget--one dollar for my salary and two dollars in lost revenues. The contract dollars are still there, but my time is gone forever.

        So just because I was already being paid, doesn't mean that it didn't cost the company money. It cost them a great deal. In the end, we figured that SirCam cost us about $2500, which is probably on the high end of the distribution. (We have a lot of unattended, networked computers scattered throughout the labs. Despite my repeated complaints, some of the researchers and graduate students still did not have anti-virus software on these computers. "But I never read email on that computer!" Half a dozen of them turned out to be infected with SirCam.)

        If you accept the figure of $2500 dollars for our company, then it only requires 4000 similar infections to total $10 million in lost revenue. There were probably far more than 4000 infections. Is the number $10 Billion inflated? Probably, but it still cost a tremendous amount of money to fight SirCam.

        • So, you acutally lost revenue by not working for 3 hours? The project you were working on actualy was delayed 3 hours and this actually cost money?

          If you are contracted out to others, and in this case, had to be retained that valuable time to clean up from Sircam, fine, that's a valid point.

          Most places, though, have IT staff who are there to do such things.
      • My company network was unusable for 2 days, preventing my team from accessing development and Notes servers we needed to do our job. For several days after the initial outbreak was contained, the network ran dog slow. Some deadlines were missed because of it. Productivity lost for my team alone easily ran six to eight thousand dollars.

  • So we're talking either Microsoft or Microsoft? (Score:5, Insightful)

    by unitron ( 5733 ) on Saturday September 01, 2001 @09:28AM (#2242778) Homepage Journal
    "...every single one mentioned in the article, bar one (Code Red), was a client-side Outlook virus..."

    Considering Code Red's favorite food, that's pretty much a clean sweep for Microsoft, isn't it?

    I guess they do bring something to the total user experience that you can't get from anyone else.

    Gotta run. A whole bunch of people hae sent me files they need my advice on.

    • Funny dude! Anyways, the article mentions that the overall effect of CodeRed on users wasn't that big of a deal because people patched their systems??! Yeah, right! I use RoadRunner through TimeWarner at home, and in chatting with other CounterStrike players, we've all come to the conclusion that while @Home and RR closed their port 80 access to users outside of the networks, that still doesn't stop internal CodeRed worms to ping away on the internal network. I am STILL receiving hits every 5-10 minutes from CodeRed'd machines on RoadRunner's internal network. It's made the lag quite unbearable (worse than dialup speeds) for playing online games at least 50% of the time. Sure, that's not productive, but it's the primary reason I pay for monthly cable service. I'd say I personally have lost about 50% of the usability of my broadband connection because of this, so YES, it is still affecting us.
  • Not to start up with the m$-bashing too early on, but frankly, let's be adults and admit it:

    Most virus damage is caused by half-baked, slipshod, poorly-thought-out products put out by our friends in Redmond.

    Period.

    As a unix sysadmin working at a very large enterprise hosting facility, I can tell you this, first hand. The Windows team is constantly chasing after red worms, melissa, various IIS exploits, and every imaginible form of macro virus, while the Solaris team calmly applies regular patches from Sun.

    I'd say for every single Solaris 8 box that gets pushed over or otherwise compromised due to a virus, there are *seriously* about 50 Windows boxes that need to be scanned/cleaned/reinstalled.

    Again, not trying to start a religious war, but viruses are a microsoft byproduct. Not that Microsoft is a bad thing, mind you, but I think its safe to say that most of the viruses in the world wouldn't exist without a little help from poor quality control at microsoft.
  • It would be nice if there were some accountablility for these costs for the responsible parts. Maybe the idea of product liability in the case of defective products should apply somehow. Otherwise, what is the incentive for improvement?

    I'm not saying that MS should be ponying up billions for Outlook's defects (esp. since estimates of the value of "lost time" always seem to be generous; witness the costs of "being stuck in traffic" as being huge) but if there is some desire to reduce the widespread incidence of viruses, then there should be some mechanism, prefereably financial, for encouraging people not to create and sell vulnerable products.

  • outlook (Score:1, Offtopic)

    by net.chook ( 305593 )
    All your virii are belong to outlook =)

  • 10 bill? yeah *right* (Score:2, Insightful)

    by seizer ( 16950 )
    Lost productivity includes time spent by system users and support and helpdesk staff on virus issues that takes them away from their regular responsibilities

    This sentence should read "arbitrary figure made up to inflate costs of viruses". What the hell are "regular responsibilities" if they don't include helping users get rid of viruses. We all know that viruses are annoying, cost a little bit of money, etc etc - but even if each and every computer ever affected by a virus this year was attended by a tech charging 50 bucks an hour (and who needs an hour to get rid of sircam?!), we're looking at a 3 billion dollar bill. Not 10 billion.

    It's yet another hype article. Bring in a story queue which we can moderate, like Kuro5hin, because the newsworthy to nonsense ratio is worsening all the time.

    btw, the plural of viruses is... well, I just wrote it. Look at the latin root of "virus" and you'll understand. Or just google for "virii" (34k hits) vs "viruses" (1.4m hits). Nuff said.
    • "What the hell are "regular responsibilities" if they don't include helping users get rid of viruses."

      If regular responsibilities include helping users get rid of viruses, then it follows that part of the cost of maintaining a regular staff is attributable to virus damages. Every hour we spend eliminating viruses at work, is an hour we could spend reading slashdot.
    • I suscpect the virii varient is used by the same people who attempt to sling "whom" into the conversation, endeavoring to sound educated.

      • "Viruses" is correct, "virii" is not. Look it up in a dictionary if you don't believe me: http://www.dictionary.com/cgi-bin/dict.pl?term=vir us [dictionary.com]

        Whom is a direct object. "To whom" is correct, "to who" is not.

        In the same manner, saying "between you and I" is incorrect; "between you and me" is correct.
        You'd never say "Give that to I," now would you?

        Honestly, people, correct grammar is neither difficult nor time consuming. Hell, I went to a US High School and all this was taught in English class. What the hell is your excuse?

    • btw, the plural of viruses is... well, I just wrote it. Look at the latin root of "virus" and you'll understand. Or just google for "virii" (34k hits) vs "viruses" (1.4m hits). Nuff said.

      I'm not going to argue whether or not you're correct, but the way in which you've proven your correctness is pretty lame. All you've shown is which form is more popular, not more correct.

      There's this saying you might have heard, "The masses are asses."
  • the foot-and-mouth disease [satirewire.com] [satirewire.com]

  • Smug Mode (Score:5, Interesting)

    by Tom7 ( 102298 ) on Saturday September 01, 2001 @09:46AM (#2242814) Homepage Journal

    My feeling is that most of these are Microsoft-based worms because that is the most popular platform. (And perhaps the users are less concerned about computers than we are.) There have been plenty of exploitable holes in pine, for instance; it's just that not enough people use the same version of pine for a successful worm to be built around it.

    I think perhaps this is an argument for diversity more than it is an argument against Microsoft.

    • Re:Smug Mode (Score:5, Insightful)

      by rknop ( 240417 ) on Saturday September 01, 2001 @10:27AM (#2242902) Homepage

      I think perhaps this is an argument for diversity more than it is an argument against Microsoft.

      From my point of view, an argument for diversity is an argument against Microsoft. My beef with Microsoft is not I don't like their stuff-- it's that I can't choose to use something else and have the pleasure of completely ignoring them. People still send me attachments in Word format, or require that presentations be in PowerPoint format. Web extentions still work on Windows only. I can freely ignore the Mac in everything I do. Windows users can freely ignore Linux in everything they do. But nobody can completely ignore Microsoft, simply because it's so prevalent.

      And, to the topic at hand, that includes viruses. I know of servers running sendmail on a Unix box that had to go out of their way to delete SirCam messages from users' mailboxes, because they were huge and filling up the space available. This happens because most of the E-mail sending world is using Microsoft products.

      Although the vindictive part of me would love to see Microsoft wither and die, in reality that's not what I want. What I want is for them to no longer be a monopoly or a near-monopoly. I want file formats and communications protocols to be open standards, so that anybody can develop software (proprietary or not) that will let users communicate with other users, each using whatever the hell he wants. And, then, yes, I want it so that no single virus are security hole can so easily affect 90% of the internet all at once.

      All of this diversity is at the moment squelched by Microsoft. An argument for diversity is the strongest, and most important, argument against Microsoft as it exists today. The cost of viruses is only the most obvious and urgent manifestation of this. There are more severe long-term costs of a monopoly on something so basic as computer infrastructure.

      -Rob

      • just a quick not, Word & PowerPoint & Eceel docs can be read in other apps. You can live with out/

        • Re:Smug Mode (Score:3, Interesting)

          by rknop ( 240417 )

          just a quick not, Word & PowerPoint & Eceel docs can be read in other apps. You can live with out/

          They are never read in perfectly, in my experience. Sometimes it fails altogheter. It's still a proprietary format, and the controller of that format keeps it a moving target. You may argue whether this is the intent, but the effect is to thwart and delay those who try to make other products compatable.

          But while we're talking lost productivity costs: how much productivity has been lost by developers of other products (including open source ones such as KOffice and OpenOffice) by having to write import/export filters by reverse engineering Microsoft formats? How much further along would those products be if they only had to support an open, well-documented product?

          The fact that these things all have to be Microsoft compatable to be viable merely proves my point. Those of us who choose not to use Microsoft OSes and apps can't simply ignore Microsoft, but have to dance to their tune. Even if some have learned the dance, I regret that it was necessary.

          -Rob

    • Forgetting History... (Score:5, Insightful)

      by Carnage4Life ( 106069 ) on Saturday September 01, 2001 @10:29AM (#2242912) Homepage Journal
      It's rather interesting watching slashbots make smug comments about "Microsoft worms" and "Outlook viruses" when the two most damaging worms that have occured this year could have appeared on any platform.

      Code Red
      The Code Red worm [cert.org] is a typical worm that exploits a buffer overflow just like the Morris Internet Worm [mit.edu] and the Ramen worm [ciac.org] before it. Either of the aformentioned worms could have done what code red did once they had 0wn3d the boxen, they just happened not to.

      Heck, I've toyed with writing a proof of concept *nix verison of Code Red using wu-ftp vulnerabilities [redhat.com], rpc.statd vulnerabilities [www-arc.com], telnetd vulnerabilities [cert.org], sendmail vulnerabilities [llnl.gov] and even BIND vulnerabilities [ciac.org]. Of course, I haven't gone much further than deciding what exploits to use and glancing at some source since I'm busy with school at the moment and more importantly I don't want to go to jail.

      Sircam
      The Sircam worm [cert.org] spread either through social engineering or across unprotected network shares. Neither of these requires Outlook. It didn't grab addresses out of the address book and instead grabbed them from the user's web cache. Sircam also didn't use the client mailer to mail itself out but instead included it's own mail program.
      Thus all Sircam needed to spread was clueless users. This only thing Microsoft-y about this worm is that it ran on Windows.

      All the above said, it is truly sad that on almost all popular platforms we are stil dealing with a 30 year old security problem whose causes and solutions have been known from probably before a sizable number of the slashdot population was born.
      • The Sircam worm spread either through social engineering or across unprotected network shares.

        The ease of social engineering depends on more than just the user. Outlook Express has a lousy warning message (something like "be sure you trust the person who sent this file") that often appears when running safe attachments such as jpg files. Windows 98 uses extensions (rather than special icons or a +x file mode) as the distinction between programs and documents.

        If a large percentage of users encounter dialog fatigue after a security warning appears multiple times when it shouldn't, or can't memorize the 10+ "dangerous" extensions, you have to reconsider whether it's really right to call the Outlook vector "social engineering".
      • This is how an Outlook worm spreads:
        1. The worm arrives in an email, containing a vague subject and body written in questionable English, urging the recipient to open the attachment which contains an executable copy of the worm itself.
        2. Outlook, with Windows in its default setting, hides the executable nature of the attachment, by removing the real extension of the filename (in a typical MS attempt to make its OS "friendlier" by withholding as much critically vital information as possible from users). So "clickonme.gif.vbs" is shown to the user as "clickonme.gif".
        3. Once the user opens the attachment, Outlook executes the attachment in a method appropriate for the (hidden) extension.
        4. The worm code opens the address book and harvests a list of email addresses from it.
        5. The worm constructs a new email message, containing a vague subject and body written in questionable English, urging the recipient to open the attachment which contains an executable copy of the worm itself.
        6. The worm emails this message to all the target recipients.
        7. At this point the worm is free to execute whatever payload it contains, which might do nothing, delete files, install a back door, etc.


        At no point in this process does it rely on anything in Outlook that can be really called an "exploit", like a buffer overflow bug. Outlook itself is the exploit. The worm doesn't need to do anything that Microsoft hadn't planned for people to be able to do. There is only one step in this process that relies on human frailty. The rest of it is simple API calls to functionality that Bill and Co. decided to make available to executable email attachments. Outlook (anything that uses Microsoft's "Windows Scripting Host") is excellently designed to host worms and provide services to them as they infect a network.

        Windows does give you a warning when you are about to open something that has executable content in it (HTML with JavaScript, Excel documents with VBA scripts, etc.). Microsoft has seen fit to cram executable content into so many different file types that every single attachment you ever open from anybody gives you this warning. It's like the boy who cried wolf. But this is the extent to Microsoft's approach to security. It doesn't stretch much further than the "hey, do you want me to run this?" dialog box (if they even give you that). They just don't take security seriously at all.

        Now Microsoft is not full of stupid people. The decision to include executable content in emails must have raised alarm bells concerning security. They must have realized the vulnerable state they were putting everyone in. And how did they handle it? By reprogramming their OS and application suites to properly implement security and handle code from unknown sources with the appropriate level of caution? No, that would be too much work, and then people might complain that the security was getting in their way. So this is how they handle it: they put in a dozen lines of code that show you that little ubiquitous dialog box (unless you've checked "never show this dialog box again" on it before), and they extract a boolean from your confused and sorry ass. Then they branch there. If anything bad happens now, it's your fault.


      • It's rather interesting watching slashbots make smug comments about "Microsoft worms" and "Outlook viruses" when the two most damaging worms that have occured this year could have appeared on any platform.


        That's true. And they have. You've mentioned the Ramen worm (which was actually more complex than Code Red - taking advantage of 3 exploits). There was li0n. And sadmind (spreading accross Solaris machines, then defacing IIS sites).


        They're out there. There are plenty of Linux and Solaris servers to populate. Where's the big outcry and doom stories accompanying all the horrid damage done by these worms?


        There are a few possible things happening here. Its possible these systems are better administered - set up and actively administered by knowledgable administrators. Its possible that these machines aren't deployed with everything possible running. Its also possible that these platforms are simply easier to secure and patch.


        In any case, the smuggness isn't entirely out of place.

    • You mean the most popular, security is for wimps, platform.
  • Here's the original report that CNN qouted, from computer economics [computereconomics.com]

    I have to say, I agree with the point about vested interests (and yes, this company has good reason to exagerate the claims). At least they are being honest about giving estimates - how many times have we heard about court cases where the prosecution charged a hacker with exactly $1,764,726,818.76 worth of damage [well, er, none actually - but you get the point!]?

    Yes, $10 bill sounds like alot. However, this is from the same company [computereconomics.com]:


    Migraine headaches cost American businesses between $5.6 and $17.2 billion in lost work productivity a year...

  • A Different Question (Score:3, Interesting)

    by ewhac ( 5844 ) on Saturday September 01, 2001 @09:51AM (#2242829) Homepage Journal

    I'm inclined to believe that the figure of $10 billion is little more than a wild guess. But since we're spending time trying to put a price on lost time and data, I have a different question along the same general lines:

    Disregarding viral infections, how much money does American business lose annually to Windows crashing?

    Schwab

  • 10 billion fooey. (Score:3, Interesting)

    by mindstrm ( 20013 ) on Saturday September 01, 2001 @09:53AM (#2242834)
    I'm not going to say viruses don't cost money....

    But I have little faith on the 'loss valuations' put forth like this.

    If I have to disinfect all 50 computers in here over the course of a year, I'm not going to claim my company 'lost' any money, even though my time IS worth money. I would have been here, and been paid, regardless of the virus being here or not.

    The same goes for cost valuations done because of website defacements 'cracking' etc.... they are rarely rooted in reality, but instead rooted in a numbers game to make it seem worse than it is.

    • You have to look at the value lost in terms of lost productivity. While you are out cleaning the virus off of someone's workstation, that is time that the workstation is being unproductive and as a result costing the company money. The same goes for websites when they are vandalized. The time spent repairing the website is costs money in terms of the productivity lost. However, I agree with you that it is a numbers game. Remember who is working to create these numbers....more than likely someone associated in some way with the marketing department. Need I say more?
    • However, if your company didn't have to worry about viruses at all, they wouldn't have to waste money employing you to disinfect their computers. That's probably a good $100k saved. Viruses add overhead to IT budgets in the form of technicians needed to disinfect computers and clean up the mess.

  • Sircam was not an outlook specific virus (Score:5, Informative)

    by plone ( 140417 ) on Saturday September 01, 2001 @10:01AM (#2242847) Homepage
    Geez, you would think that on /. people would know that Sircam was not Outlook specific. I had a friend (who is rather computer illiterate) who doesn't even use outlook and stilll managed to spread the virus. Sircam doesnt just use the outlook address book for viruses, it looks through your temporary internet files for anything it seems like an email address (this is the reason why Tacoboy would whine like a sissyboy about the gigs of email he was gettign from sircam). Sircam require outlook to propogate, it had its own internal SMTp engine. Sircam was not outlook specific, merely windows specific. And i am sure that it would be really easy to make a port to linux (but i could be mistaken since i know jackshit about programming or unix). The true innovation of the sircam virus was its social engineering aspect. People are always curious to open documents, even if they know that it wasnt meant to be sent to them.

    • The problem here is that in Microsoft Office "opening a document" actually means "running an application," which is evil, twisted, and just plain wrong.

      UNIX would be rife with similar holes to Mirosoft products if it used a wacky binary file format that random shell commands would be run from if you attempted to cat(1) the file...

  • SirCam? (Score:5, Informative)

    by hearingaid ( 216439 ) <redvision@geocities.com> on Saturday September 01, 2001 @10:02AM (#2242849) Homepage
    every single one mentioned in the article, bar one (Code Red), was a client-side Outlook virus

    Hello? SirCam? It's an executable. It's mentioned in the article. It's a Windows executable, but it will happily infect people running Eudora on Windows, supposing of course that they are dumb.

    It is another victory for the guys at Redmond, of course.

    • Someone who didn't just blindly use Outlook Express "because it was already on my computer," and actually investigated alternatives, downloaded and installed one, probably isn't dumb enough to open a suspicious-looking, unexpected attachment. :-)

      ~Philly

      • However, somebody who just blindly used an email program that was downloaded and installed by the house's local teenager, might well be. ;)

  • ... with everyone else here. $10 billion? You've got to be kidding. I'm willing to believe that those loss estimates were more or less made up to account for the losses suffered in our happy little sluggish economy. Nothing more than something to tell the stockholders to divert their attention from the economic downturn the tech sector is experiencing.

    On a personal note, it was nice to see that SirCam got some press. Since it came out, the only thing I've read about it aside from /. was in my local hicktown paper. It's about time they cover a virus that affects us, the blue collar folk. If I had stock in these companies, then I'd care about Code Red. But I don't, so forgive me if I'm a mark for "common man" journalism.
  • I just want to say that this really boils down to MS Outlook's rediculous security model. I have been using Windows since Win95 and DOS before hand, I've NEVER installed a virus shield as I hate TSR's, and I've NEVER gotten one of these silly virus's. I've also NEVER installed Outlook on my machine. MS should be ashamed of itself, but at the same time, to say that Windows == Easy Virii Breading Ground is unfounded.

    • Re:M$ user for 10 years... never gotten a virus (Score:1, Funny)

      by Anonymous Coward
      Oh come on now! With Microsoft software, everything is integrated as much as possible. If one piece is bad, the whole mess is bad!

      If Outlook is bad, then the whole Microsoft Windows/Outlook/Office/IIS/IE package is crap! That's the way it was designed.
  • What do you think it would cost to get people to stop saying "virii" and start using the proper [perl.com] plural of "virus," which is "viruses"?
  • People who are capable of making virus is just like everyone else who know how to use a knife. One can use the knife to kill or make good use of it. The choice is yours.

    As for the case of outlook, VBScript can be very powerful esspecilly so with each newer version of office, when put to good use that is.

  • Overblown cost estimates... (Score:4, Insightful)

    by rknop ( 240417 ) on Saturday September 01, 2001 @10:13AM (#2242871) Homepage

    ...have one reason and one reason only. Those in the appropriate industries like to have a lot of attention to these overblown cost estimates, so that the next time they're lobbying Congress for some law that will hand over more and more power over individual conputer users to "responsible" corporations, Congress will see the huge cost of not passing the legislation, and bang, we've got the next DMCA, or individual-restricting "internet security" law, or whatever.

    I agree that viruses cost money. Time, productivity, equipment, and work is all lost when a virus hits your system. There are real losses. But these gigantic estimates that keep coming up -- Bullshit. They're estimates made by pegging every conceivable factor to one end of the scale. Have a security person on staff? Estimate that 100% of the cost of keeping that person on staff is due to "viruses," and add it into your cost estimate. Hell, I'm sure that they add in 100% of the time employees spend by the water cooler during a virus infection. "They can't work because there's a virus on their computer!" Of course, this assumes that when there is no virus, employees spend 0 time by the water cooler.

    These estimates are probably less bullshit than the estimates that the RIAA, MPAA, BSA, and AAP come up with due to losses from piracy. I saw one in the paper, where you would have to assume that every illegal MP3 downloaded from the internet would have to then be passed on to 10 other people who would have definitely bought the CD, but did not because they received the free MP3. Obviously, a completely bullshit estimate, but there it is, Congress sees it, and no responsible person can then argue that we don't need laws to stop this economic hemorrhaging.

    Note: I have no actual evidence to back up my conspiracy theory. But I do believe beyond a doubt that the cost estimates we read for these things are hugely overblown, and you do have to admit that such overestimating such cost estimates could potentially benefit those trying to provide positive spin for DMCA-like corporate-graft legislation.

    -Rob

  • Either Viri or Viruses (Score:2, Informative)

    by uriyan ( 176677 )

    The correct plural for virus is either viri or viruses. Viruses is the English way to form the plural, and viri is the Latin way of doing it. Personally, I prefer the Latin way since it sounds more elegant.

    • Alas! The latin way is _not_ viri. Viri in latin is the plural of man, whose singular is Vir, although it is still second declension (there are a bunch of second declension words whose singular nominative do not end in -us, for example puer, which means boy and whose plural is pueri). As for virus, it is not second declension - there would just be too much confusion as to whether you were talking about men or scum (although some women might argue there would not be confusion ;). Regardless, the proper latin plural of virus _is_ viruses; it is either 3rd declension or 4th, I believe it is 4th, and in both declensions it could be the same plural in the nominative case (but in 3rd it is also probable for it to be vires - unless my latin is rusty).
      There are, however, some words that have double `i's as plural endings - I can't remember any offhand, but I remember their existance (and there is always the troublesome verb `to go', whose imperative singular is always disputed - is it `i' or `ii'? and is that pronounced doubled in the second case, or just stressed? I admit, latin is almost as screwy as english, and neither are perfect in any measure. Let's all switch to esparanto).

  • vmyths.com (Score:4, Interesting)

    by Satai ( 111172 ) on Saturday September 01, 2001 @10:14AM (#2242877)
    vymths.com [vmyths.com] typically has debunkings of numbers like this.

    It's definitely recommended reading for any geek. The introductory section is here [vmyths.com].

    I don't buy these numbers. These exorbitant figures are created from generous estimates of downtime, repair costs, and so forth. In addition, they take into consideration elements only tangentially related; I think that anybody with their Michael Shermer [skeptic.com] hat on can tell that a more serious inquiry than this is required.

    (But, then again, this would be good fodder for anti-Microsoft arguments. Now how ethically responsible would that be?)

  • This reminds me of Y2K. The estimates look calculated to give a "high side number". How many of user trouble calls were really due to a virus? I've only ever seen precisely one confirmed infection in many years of looking after ~20 PCs. But lots of calls are falsely blamed on viruses when the true cause is user error, application incompatibility or MS-Windows instability.


    Including patching or AV software costs is rather dubious -- OSes need maintenance and their bugs/vulnerabilities fixed.

  • If you have to guess, might as well make it BIG (Score:5, Funny)

    by ch-chuck ( 9622 ) on Saturday September 01, 2001 @10:22AM (#2242891) Homepage
    These damage numbers are like the damages claimed in the "Hacker Crackdown" - somebody cracks into the phone company, copies one document, and gets nabbed for 'damages' to the tune of $80,000 - it later turns out that that figure included:

    1. A technical writer had been hired to research and write the E911 Document. 200 hours of work, at $35 an hour, cost : $7,000. A Project Manager had overseen the technical writer. 200 hours, at $31 an hour, made: $6,200.

    2. A week of typing had cost $721 dollars. A week of formatting had cost $721. A week of graphics formatting had cost $742.

    3. Two days of editing cost $367. `

    4. A box of order labels cost five dollars.

    5. Preparing a purchase order for the Document, including typing and the obtaining of an authorizing signature from within the BellSouth bureaucracy, cost $129.

    6. Printing cost $313. Mailing the Document to fifty people took fifty hours by a clerk, and cost $858.

    7. Placing the Document in an index took two clerks an hour each, totalling $43.

    Bureaucratic overhead alone, therefore, was alleged to have cost a whopping $17,099. According to Mr. Megahee, the typing of a twelve- page document had taken a full week. Writing it had taken five weeks, including an overseer who apparently did nothing else but watch the author for five weeks. Editing twelve pages had taken two days. Printing and mailing an electronic document (which was already available on the Southern Bell Data Network to any telco employee who needed it), had cost over a thousand dollars.

    But this was just the beginning. There were also the hardware expenses. Eight hundred fifty dollars for a VT220 computer monitor. Thirty-one thousand dollars for a sophisticated VAXstation II computer. Six thousand dollars for a computer printer. Twenty-two thousand dollars for a copy of "Interleaf" software. Two thousand five hundred dollars for VMS software. All this to create the twelve-page Document.



    So using the same rule, you can see these adjusters running around asking, "Was this PC infected by a virus last year?", "yes", "Ok, that's one $2000 PC and one $100 Outlook License, plus one hour labor, lets see, that comes to $2220 lost productivity, NEXT!".

  • Why is it that nobody seems to recall that right after Lovebug, /all/ the newspapers happily printed articles (presumably swallowed verbatim from MS) hailing the fact that Microsoft was improving Outlook and Outlook Express so as to prevent this happening again. What did they do? Hardwire it not to arbitrarily execute code in emails with 'I love you' in?!?!? And much more importantly, why did the entirely of the media fall for it? An 'everything's just dandy' mentality?
    • They release a security 'upgrade' (Msft insists the Outlook viruses were not a 'security hole' but 'an insufficient level of security') - the Outlook patch goes too far the other way and completely blocks access to 'unsafe attachments' like *.mdb's that could possibly contain a script. I thought the Outlook patch would just make it more difficult to execute an attachment, like you would have to save it somewhere and find it to run it instead of just launching from the preview pane, but NOOOOOO, they make it so you can't access the attachment AT ALL! Then you cannot uninstall this security upgrage w/o uninstalling Office and reinstalling it.
    • Following the lovebug attack, my university decided to block all lovebug messages from the students' mailboxes, e-mailing everybody about it.
      So, I decided to ask a friend who actually got the worm to send it to me. I was quite surprised that it was sent OK.
      A few weeks later, a student came to me with a strange problem. A message he sent bounced. I checked the bounce, and to my surprise, it was bounced due to server restrictions. I checked the message and it turned out to be a real love letter to that student's SO. It turned out that the filter they installed simply filters out any message with "I love you" in the subject.
      Realizing this was the problem, I told the student to try a diffrent subject line, and then the message worked OK.
      People do the strangest things...
  • Hacker's version.
    All viri are source code. All source code is free speech. Free speech is protected under the constitution. Therefore all viri are protected under the constitution.

    DMCA version
    Microsoft wrote the code that the virus creators used to kill the machines of the users that used the code that Microsoft wrote. Therefore Microsoft owns the viri.
    • Where are the lawyers when you need them?

      Aircraft manufacturer's have been sued because they made "defective" aircraft that will run out of fuel and crash.

      If Microsoft made "defective" tools that allow a Virus to be written, they should be held responsible under the same perverted logic that blames the aircraft manufacturer when the user was at fault.
  • The CNN article talks about virus and worm attacks (despite that some exploit security bugs) and their financial impact on companies. Why does this topic use the "bug" icon? So now /. editors have freedom to introduce new concepts to the term "bug", which generally refers to the software defects as in debug?

  • ambiguity (Score:2, Insightful)

    by nilstar ( 412094 )
    I hate these so called 'reports' that don't even care to share their methodology for determining costs. I mean, it said that clean up costs include "x, y, z" and lost productivity inlcludes "a, b, c".... but what exactly was included, who did they interview and how did they come up with number of companies affected?? Also, does this include the cost of protecting computer systems (eg, with antivirus software) that don't get infected?
  • Bet you won't find these kinds of figures on Microsoft's TCO comparisons with Linux. :P

  • Disturbing article (Score:2, Insightful)

    by bsdbigot ( 186157 )

    First of all, I would like to know how these news stories keep coming up with monetary figures to represent mostly intangible concepts. Sure, there's a scientific way to go about it, but I know that I wasn't surveyed, so the results of such a process are at least flawed.

    Secondly, I have three distinct and conflicting views about virii. Mostly, I find them a nuisance and a pain in the ass to deal with. I also find them entertaining. It's like a great big joke, we get to watch M$ hang its ass in the wind - and we get to see M$'s fervent supporters run around like headless chickens for a while. I also find virii to be a necessary part of our daily electronic lives.

    That being said, the reason I find this article (and others like it) so disturbing is because we are seemingly paving the way for a whole new onslaught of legislation against computer virii. Let's be realistic: virii do -for free- what an entire industry fails to do with regularity - identify security holes. Almost 100% of the time, these holes are found in M$ products, which we all know are used by virtually every person in the online world. If virus writers didn't exploit these holes for their own entertainment, it would be much, much easier for malicious people to exploit these holes for their own gain and/or to the serious detriment of the victim.

    Based on that, the only news in this article is found between the lines.

    • Lots of people use highly-vulnerable Microsoft products
    • Lots of companies have underqualified people supporting Microsoft products
    • Procmail (on a *NIX, with any MTA) is a sysadmin's best friend

  • Code Red - Use the Present Tense please... (Score:4, Interesting)

    by Phrogman ( 80473 ) on Saturday September 01, 2001 @11:52AM (#2243138)

    All of these articles that I have been reading lately discuss Code Red and Code Red II in the past tense. Its still out there folks and its still attacking systems. I just ran a scan of my log file for one of my systems and the following IPs attempted to attack the webserver (which is running Linux/Apache and doing just fine):

    216.175.70.25 which attacked at 31/Aug/2001:04:16:29 PST

    61.129.37.165 which attacked at 31/Aug/2001:10:47:55 PST

    216.254.153.209 which attacked at 31/Aug/2001:13:58:40 PST

    62.110.109.5 which attacked at 31/Aug/2001:14:01:40 PST

    216.75.67.200 which attacked at 31/Aug/2001:14:25:52 PST

    216.210.235.68 which attacked at 31/Aug/2001:14:32:04 PST

    216.254.2.43 which attacked at 31/Aug/2001:19:13:21 PST

    195.128.198.2 which attacked at 31/Aug/2001:20:40:38 PST

    200.204.61.28 which attacked at 31/Aug/2001:21:09:45 PST

    ip244.54.136.216.in-addr.arpa which attacked at 31/Aug/2001:22:30:24 PST

    209.88.144.24 which attacked at 31/Aug/2001:22:52:19 PST

    209.88.144.24 which attacked at 31/Aug/2001:22:53:36 PST

    216.72.50.157 which attacked at 31/Aug/2001:22:54:32 PST

    61.175.90.219 which attacked at 01/Sep/2001:01:18:38 PST

    24.176.223.88 which attacked at 01/Sep/2001:01:25:49 PST

    216.224.75.34 which attacked at 01/Sep/2001:01:49:07 PST

    212.38.187.178 which attacked at 01/Sep/2001:02:45:22 PST

    Now the number of attacks goes down on the weekenend and up during the week, which suggests that most of these addresses (if not all of them) are simply DHCP desktop boxes run by morons who are too stupid to download and install a patch that has been widely mentioned in the news. But the fact remains that this worm is out there and active on a ton of systems and should *not* be spoken of in the past tense.

    Just my 0.45 Cents Canadian...

    • "... morons who are too stupid to download and install a patch ..."

      Is the patch you mention really a "security patch" or is it a "service pack" or is it "an upgrade"???

      Perhaps the "morons" are a little ticked off at "security patches" that also include a bunch of other stuff that has no business being in a "security patch"

      "security patch = security patch"
      "security patch != service pack"
      "security patch != update"

      Maybe we have discovered a significant (albeit minor) explaination why Joe User has not bothered to keep up with all the latest "security patches" because they are not security patches. Instead the secuirty patch is bundled with other stuff creating a "non-security patch"


      • Exactly. The latest Microsoft Internet Explorer "service pack" DISABLED another company's software (QuickTime). This kind of sneakiness makes upgrading impossible for the average user. You must be technically knowledgeable and well-informed to defend yourself against this kind of behavior.
    • > All of these articles that I have been reading lately discuss Code Red and Code Red II in the past tense. Its still out there folks and its still attacking systems.

      Similarly for SirCam. The Freeciv mailing list had to set up an attachment filter this week, due to the continued bombardment with requests for advice.
    • Windows users can run a fake java-based webserver called Code Red Vigilante [dynwebdev.com] that uses the exploit to inform infected users that they've got it.

      There's a apache script that works a lot like this, someone care to post the link?

  • :) (Score:2)

    by jallen02 ( 124384 )
    I think that virii cost more in terms of the hype they create. I spent more time explaning to my mom and friends that code red would not melt their harddrive and that they were free and clear.

    The time lost is real. I must have spent at least 16 work hours patching, researching and explaning to others in the office who "needed" to know. Thats about 500 dollars of lost money for my company.

    Anyhow, check out my homepage for a graph of the code red hits my web server has taken :)

    Jeremy
  • If our admin's hadn't spent 2-12 man weeks dealing with MS related security upgrades and crap over the past year, they might have gotten a VPN up and running, which would have meant the 120 odd employees could have put in a dozen or so extra hours of work from home, and those that dialed in without the VPN would have been able to use the VPN and work more effectively.

    Lessee, 120 employees times 20 hours over the past year times $60 CDN per hour per employee, that's $144,000 just for the medium sized IT shop I work at.

    Of course that's mostly opportunity cost. Not too much of it would have been billed directly to clients, but we would have produced better software with fewer bugs and more features. (Not to downplay the term opportunity cost, it is valid to worry about such things...)
  • I repeat, the plural of virus is NOT virii.

    This page explains in great detail why not:

    http://language.perl.com/misc/virus.html [perl.com]

    Additional support:

    http://www.dictionary.com/cgi-bin/dict.pl?term=vir us [dictionary.com]

    A search on Google for "viruses" turns up 1,480,000 hits.
    A search on Google for "virii" turns up 38,200 hits.

    Any technical literature written by professionals will NEVER EVER USE THE WORD VIRII! IT'S NOT A REAL WORD! The plural of "virus" is "viruses"!

    http://www.mcafee.com [mcafee.com] - on the FRONT PAGE the word "viruses" is printed several times. "Virii" is not.

    http://www.centralcommand.com [centralcommand.com] - same deal.

    I'm going to keep posting this on every virus story that comes up until everyone gets the damn hint!

  • All MS money belong to us, (Score:3, Interesting)

    by blang ( 450736 ) on Saturday September 01, 2001 @02:44PM (#2243512)
    I won't be a judge of whether the $10 Billion is an accurate figure. Consider what wold happen if damages was awarded to MS victims? (excluding punitive damages):

    Some Microsoft figures:
    Annual Sales: $25 billion
    Annual earnings before taxes: $11 billion
    Profit: 7.7 Billion

    This shows us that MS contributed approximately 0 dollars to the economy. That's what I call a well put together scam. If punitive damages were awarded, MS would soon be history, and Billy Boy would move from his mansion to some shelter.

    While the lottery is a tax on the mathematically challenged, MS is a tax on the computer illiterati.

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close