Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

Viruses: More Hype than Danger? 423

blankmange writes "CNN is carrying a story on how the big virus scares within the last year or so have been just that: scares, usually hyped by the media with software companies standing by to reap the profits. 'The market for computer security is booming as PC users become more aware of the need to protect themselves from worms and viruses. "Code Red" hit the headlines in July last year, with dire predictions that the PC worm would cripple the Internet. Yet in the end, Code Red didn't even make the year's virus Top 10.' PDAs are the next marketing target, along with cellphones."
This discussion has been archived. No new comments can be posted.

Viruses: More Hype than Danger?

Comments Filter:
  • Scares are enough (Score:4, Interesting)

    by stoolpigeon ( 454276 ) <bittercode@gmail> on Wednesday April 24, 2002 @11:58AM (#3402106) Homepage Journal
    People should be glad the vulnerabilities were not exploited to a greater extent and keep on working to keep things secure.

    If people broke into my house one night and left after defacing my home, but didn't take or destroy anything - I'd still be pretty upset. And if it was because I'd left the front door open- I would really think about closing it and installing a lock (or locking it if there was already one that I had just left unlocked).

    .
    • by Binky The Oracle ( 567747 ) on Wednesday April 24, 2002 @12:13PM (#3402248)

      Agreed.

      After all, "just because you're paranoid doesn't mean they're not out to get you."

  • Nimda (Score:4, Insightful)

    by Zephy ( 539060 ) <jon@@@aezis...net> on Wednesday April 24, 2002 @11:58AM (#3402107) Homepage
    Probably still the most damaging as far as I have experienced... the majority of problems with viruses i see are users passing on pretty obvious viruses.. maybe the answer is in the education rather than the protection
    • Re:Nimda (Score:4, Insightful)

      by Dephex Twin ( 416238 ) on Wednesday April 24, 2002 @12:03PM (#3402157) Homepage
      I agree. Nimda lived up to the hype at my office. That thing took us out for a whole day.

      Yes, Code Red was overhyped. But some viruses deserve the strong warnings. It's not like there's huge hype every day about some virus so that you don't even pay attention.

      mark
      • Code Red, overhyped? I thought hackers would love a Mountain Dew with even more caffeine! What is this world comign to?!
      • Re:Nimda (Score:4, Insightful)

        by Telastyn ( 206146 ) on Wednesday April 24, 2002 @12:34PM (#3402414)
        Maybe the reason Code Red was ineffective was because it was overhyped, and more people installed prevention/knew to avoid it?

        Food for thought.
        • Re:Nimda (Score:3, Insightful)

          by Dephex Twin ( 416238 )
          You know, that's a good thing to note.

          I was always thinking this when the Y2K problem came and went. Everybody was saying how important it was and scrambled to try to make things Y2K compliant. Then it hit the year 2000, and almost nothing noteworthy happened. Instead of people saying "Hooray, our hyping and precautionary measures worked!", everybody though "Man! We were getting all excited over nothing! What a waste of time!"

          Maybe the fact that these virus attacks seemed lesser than expected is the proof that the hype is good. (Better to err on the side of safety?)

          mark
      • A few Code Red-infected servers brought the rest of our network to it's knees. Nimda also did so, mostly due to the same pack of idiot NT admins.

        We pass those costs on to you when you use our services, rest assured.
    • I'm still getting at least one hit per day on my cable modem from Nimda. Code Red is less frequent, but still around, too.

      It's an annoyance, not a problem; my web server is running on a 90MHz Pentium laptop. Of course, I'm running Linux.
      • Re:Nimda (Score:2, Interesting)

        by jobugeek ( 466084 )
        Try sitting on AT&T's network. Our company webservers get probed atleast a dozen times a day from Nimba. 99% of them are addresses registered within AT&T.
    • Nimbda trashed our IIS webserver COMPLETELY, and to this day I still log about 10,000 hits a week from infected computers outside our network.

      The good news is that IT has given the webserver responsibility to ME... it's now a fairly secure Linux box that I can play with all I like. q:]

      MadCow.
      • Hmm, that's pretty funny cause when the worms hit, my IIS 4.0 box was immume and never affected. Since the web server responsibility was MINE, I made sure that IIS was secured... yeah that actually means "securing the box" (i.e., removing all script mappings, modules, etc that were not being actively used, securing the file ACLs, among other configuration changes). Yup, IIS was NEVER affected, therefore we were never hit. It still logs tons of hits per day from servers outside of the network as well.

        It's funny that I think of the same thing when I see Apache servers that are running everything up to and including mod_YourMom... people need a lesson in security... it doesn't matter if it's IIS or Apache or NT or Linux or Joe's OS.... it makes no difference. Security holes exist in every OS and configuration... it's just the job of the astute sysadmin to make sure that the holes are plugged before the box goes into production use.


    • I worked at a mid size firm when the melissa's and I love you viruses were being passed, and it was incredible how quickly it propagated and shut down the system. there were about 600 employees on that site and within a half an hour 70 percent of the pc's were hit, then mail servers were down for the rest of the day while IT went through and peice by peice removed the virus from individual mail boxes.. Yes viruses like this can be easily prevented but if they propagate faster than IT's ability to send out the word what do you do. I finally convinced IT to filter out all vbs,js scrips via e-mail. if programmers were sending code it was zipped up or sent in an non exicutable format.
  • the day i get a virus on my cell phone or pda is the day i throw said cell phone or pda into the windshield of whatever SUV it was that beamed it to me accidently whilst turning around to hit their children.
    • the day i get a virus on my cell phone or pda is the day i throw said cell phone or pda into the windshield of whatever SUV it was that beamed it to me accidently whilst turning around to hit their children.

      You will turn around to hit their children? Or the SUV owner will? Whose children, the virus's or the PDA's? Or the SUV's? Or yours?

      The day I get a virus in my body is the day I will hurl myself out the window and onto whoever it was who sneezed on me.

  • yah without consulting the list of the "top ten" virii, i would say the ones that get passed by floppy and email via word and excel documents are probably actually the most common ones...
    not the ones that have been hyped.

    i remember the ones that used to be really ubiquitous in the DOS/win3.1 days were the boot sector virii... those things were everywhere! and they could be passed on by floppy
  • Gloom and doom (Score:3, Insightful)

    by Dead Penis Bird ( 524912 ) on Wednesday April 24, 2002 @11:59AM (#3402115) Homepage
    It's just like the local weatherman.

    They are the first to predict 18 inches of snow for a storm that produces only six. News sources love reporting gloom, doom and disaster, for it increases viewership/readership.

    No one cares to hear "Nothing to see here, movealong".
    • The old line about the news is "if it bleeds, it leads". It's true -- stories of disaster or impending disaster are way more prevelant on the news that positive stories.
  • Hype maybe.... (Score:4, Insightful)

    by NetJunkie ( 56134 ) <`jason.nash' `at' `gmail.com'> on Wednesday April 24, 2002 @11:59AM (#3402116)
    But without the hype there would be more people without anti-virus software. We don't see a LOT of viruses hit our mail server, but we do see a few every day. If one of those got in and a user ran it, we'd be in trouble.

    Better safe than sorry....
    • Yes there would be more people who contract the virus, but those who understand computers/know what they are doing with computers already know that regular (sometimes daily) updates to your antivirus software is mandatory. Why shouldn't we look at this as survival of the fittest? If people buy computers and don't understand what the computer can do for them and what risks they face if they use one (I am speaking about online usage here), why is this bad? Granted, I don't want my grandmother to be online, using her email, opening attachments from God-knows-where, so I take the time to educate her, explain to her about the pitfalls of being online and the possibility of picking up viruses; I don't just leave her to the mercy of the 'net.

      I understand that you are talking from a work perspective, and that in itself is completely different than the private, single user. Even in the work environment, employees either must be educated or have the access restricted - and don't give me the bs about restricting access at work; unless your work necessitates your access, you have no right/entitlement to online access at your jobsite.

      The point of the article is that many of the hyped viruses this past year have been basically less than what the media/software companies have made them out to be.

      • Sounds like your plan would just redistribute the wealth from the antivirus folks raking it in now to the repair shops that might come to thrive in a virus-hysteria-free environment. Maybe not so bad - even a non-tech like myself could make money rebuilding virus-crunched machines for the un-fittest masses. But I still find the "ounce of prevention" idea superior.



        Besides, in my experience, those who are not the computer-savvy fittest still have lots of pr0n to share. Gotta keep 'em operational.

      • Re:Hype maybe.... (Score:3, Insightful)

        by Sj0 ( 472011 )
        This is the internet, not the serengeti for christs' sake!

        Computers and the Internet are tools. people are suprised when they realize how high maintinence those tools are. I know I was.
    • by mblase ( 200735 ) on Wednesday April 24, 2002 @12:22PM (#3402325)
      If the media didn't hype the virus issue to people who normally wouldn't know any different, then the problem would probably have been much much greater.

      Think of Y2K: a big deal, yes, and plenty of people were saying right up through January 1999 that something had to be done, and soon, because thousands if not millions of computers and software programs were affected. Eventually, they all got on it. The problem was licked, and virtually no major Y2K issues were still existing by the time the date actually arrived.

      Sure, some people overreacted by building underground computer-free bunkers and stocking up on gasoline and bottled water -- but then, there are always people who overreact. Y2K probably wouldn't have caused the end of the world, but it would have been a pretty big nuisance if the media didn't get the word out so that normal people knew to upgrade their products and pressure companies to produce the upgrades for them.

      You can't over-hype virus issues. You can lie and say a problem exists that doesn't, but you can't stop stressing that antivirus software and common sense when opening attachments and securing connections is important. There's always someone new to the computing world, or someone who introduces a new attack strategy, which necessitates restating all the rules.

      Bottom line: everybody with a computer needs some sort of antivirus protection, even if it's just common sense. Everybody with an Windows PC on the Internet ought to have antivirus software as well, and keep it up-to-date, just because that OS is so susceptible to new attacks.

      • How come Microsoft never included any kind of antivirus program per default in any windows package?
        • How come Microsoft never included any kind of antivirus program per default in any windows package?

          I can imagine that:

          vruschck.exe found a VIrus in teh progam 'openofiice.exe'.
          ITs not a microsoft progam so its must be the terorists agan.
          PLEase wiat while windos formast yourr particles.

      • Apples and oranges: the Y2K mess was not a virus -- it was not a piece of code that was maliciously released with intent to harm/destroy. The hype surrounding Y2K was still ridiculous, but yes it did serve to get idiots moving to upgrade their code/systems; maybe the world would have been slightly altered from today's reality if the Y2K bug had been a bigger mess than it turned out to be?

        Hmm... who has an idea of what it would be like if the Y2K bug had been kept mum?

      • Yes and add to that the fact that I (and many otheres) have heard non-computer people (even the media sometimes) say that it was all a big scare for nothing. That we were "doom and glooming", ect. I just want to shake these people by the neck, "That's cuz we fixed it you numb fuck!" ;) .


        I can never tell when I hear (or hear of) that sentiment if the person either didn't understand the issue in the first place or doesn't understand that it was fixed.

      • BZZZZT... please dont use the Y2K Fud.

        Y2K was nothing more than overhyped lies. Even if we did nothing (Like Korea and China and Russia didnt do squat until after and only for the problems) and they didn't explode, revert to the dark ages, sewage flowed into the fresh water pipes, dogs having sex with cats, buildings collapse, toaster try to kill their owners, or all the other pure bullshit touted by the media and "experts".

        If we did nothing a few things would have cause some minor inconviences... No, airplanse wouldn start crashing out of the sky... BECAUSE THAT CANT HAPPEN IN THE FIRST PLACE due to a computer failure.

        viruses are the same... nothing but overhyped junk... and only because someone hasnt written a good virii that had a deadly payload.

        Think about mailissa.. all the writer would have had to do was make it mail out to 10 people and then delete everything on the hard drive. The virii had a chance to propagate and then kill the host.

        Virii aren't the problem... Idiots opening every email attachment and installing software are the problem. This is why not one computer in my offices have a floppy drive or cdrom drive, and all scripting is removed on the windows machines and all office products... (OMG I cant have a VB script on my word document??? I'll DIE!!!!) (No java,javascript,ActiveX or flash either)

        Why? not for protection from viriuses... but to keep the morons here from doing what they are told not to... Funny... I've had things here locked down like this for 3 months.. the whining has died down and the SAME AMOUNT OF WORK is getting accomplished..

        interesting eh?
      • > Bottom line: everybody with a computer needs some sort of antivirus protection,

        Yeah, and probably the best way to get it at present is to install FreeBSD. OpenBSD and linux are close behind it.

        A curious thing that I keep noticing is that the overwhelming majority of virii and other such perversities are on Microsoft systems. A few are on Macs. People try to wiggle out of this by saying that unixoid systems aren't common enough to be attractive to virus writers. But the first "demo" viruses in the early 80's were on unix systems, and the unix world is infested with hackers. Also, nearly half the cpus in the world are running some unix-like system (including a lot that were sold with Windows, and are listed as Windows machines in the sales figures). The real reason that unix-type systems aren't being hit is that they are much less susceptible.

        Similarly, with the Y2K problem, I saw here and there a few comments that almost all the known Y2K bugs were on IBM and Microsoft systems. Cobol programs were at the top of the list of problems at the application level. But the media made very little note of this. They told us that Y2K was a universal computer problem. Well, most people using unix-type systems did nothing much to prepare for Y2K, and nothing much went wrong.

        We could use a lot more finger pointing at the systems and software that are sucsceptible to such problems. Maybe then they'd get fixed. But the media is in love with IBM and Microsoft, and goes out of its way to not mention their names when there are problems. So they'll just continue to get away with selling susceptible systems to the gullible public.

        We had prototype email viruses 20 years ago. And the solution was known 20 years ago. For Microsoft to continue foisting them on the public is unconscionable.
  • by jred ( 111898 ) on Wednesday April 24, 2002 @11:59AM (#3402117) Homepage
    It's a good thing that Code Red was such a flop. Considering the # of hits my apache server gets every day from CR/nimda, I'd hate to see what would happen if it were still around.
    • by wizkid ( 13692 )

      Yea Right.
      Code Red just spread itself. The company I work for only shut down email for 3 days trying to clear it out.

      Of course nimda was based on code red, and automagically propigates itself also. It's still around. And there are versions that open up your IIS webserver so the propigator can get in with asministrator access. And there's also the fact that a version of the nimda worm is busy looking around the net for vulnerable DNS/SSH access on unix boxes.

      Yea, the Code Red is harmless and didn't do any damage. And Corporate America didn't spend $millions$ cleaning up mail servers. And there are not thousands of boxes that hackers have back doors into because of the later Nimda versions.

      The moron that wrote this article is an asshole that doesn't know his head from a hole in the ground. But Hey, he got an article published on CNN, so what does it matter.

  • by Dephex Twin ( 416238 ) on Wednesday April 24, 2002 @12:00PM (#3402126) Homepage
    Of course the security companies are going to strongly emphasize the risk of viruses, it should be expected-- it's what they do!

    For news sites... they make everything overly dramatic. Maybe that's the problem.

    What this article is really addressing IMO is the fact that news sites like to exploit people's fears in order to increase readership/viewership. That's an across-the-board news problem, not a virus problem.

    mark
  • As I hold a delicious red caffienated beverage in my hand, I can't honestly say that the Code Red scare was all bad. :)
  • by bckspc ( 172870 ) on Wednesday April 24, 2002 @12:00PM (#3402130) Homepage

    The "Top 10 for 2001" they are referring to are listed here [sophos.com].
    En español aquí [sophos.com].

    Funny, they all seem to have something in common...

  • eWeek [eweek.com] has an article about how Microsoft Windows Update has actually removed hot fixes, causing a site to be re-hit by Nimda.
  • Unfortunately for the rest of us most of the users of the Internet fall into this category. How simple is it to NOT open email attachments?!

    I'm a firm believer in revoking i-net privledges to employees who are stupid enough to send much less open attachments of the exe or macro variety.

    • by Anonymous Coward on Wednesday April 24, 2002 @12:30PM (#3402383)
      I would have to disagree with the statement that viruses prey primarily on stupidity. I have many intelligent people working in my company who know nothing about computers. Accountants, Credit Managers, Sales Managers, Location Managers, etc. These people are intelligent and competent in their respective fields. However, many are no doubt "ignorant" regarding anything computer-related.

      Instead of revoking access to users we like to label as "stupid", maybe we as IT Managers, Sys Admins, etc. should spend more time training our people rather than browsing Slashdot all day. : )

      Just a thought.
  • by Eagle5596 ( 575899 ) <(gro.6955) (ta) (resUhsals)> on Wednesday April 24, 2002 @12:04PM (#3402159)
    The hype around viruses are by far the largest problem to me, and to many of my fellow tech savy coworkers. Most of us run home web servers, and when Code Red came out our ISP's premptively closed port 80 on all of it's customers to "prevent Code Red from damaging our ability to run a personal web server", wait a minute here... you're shutting down our web servers... so that Code Red can't shut down our web servers... good job guys. That totally ignores the fact that I run Apache too... oh well, cloaked redirection for me.

    Really though, I serve as a virus debunker for many of my less than computer literate friends, but it would be nice if there was a public site for this sort of thing, that picked up e-mail hoaxes and displayed them for what they are, meanwhile addressing real problems and how to fix them. There are a couple for the more technologically gifted (such as Norton's anti-viral research labs) but there really needs to be a good "for the average user" site.
    • Really though, I serve as a virus debunker for many of my less than computer literate friends, but it would be nice if there was a public site for this sort of thing, that picked up e-mail hoaxes and displayed them for what they are, meanwhile addressing real problems and how to fix them.

      There [vmyths.com] you go.
  • Peter Norton ... (Score:3, Informative)

    by ImaLamer ( 260199 ) <john.lamar@NospaM.gmail.com> on Wednesday April 24, 2002 @12:04PM (#3402162) Homepage Journal
    It's marketing. That's all.

    Look at your Best Buy [boycott!] ad next time it comes. You always see rebates for *NEW!!* AV software and Peter Norton's products.

    They never work with the older versions of Windows - and these companies always make a fortune off of new releases of that OS.

    So why buy stock in Microsoft when you should be buying it in McAfee and Symantec.
  • Well, Code Red like exploits are still floating around looking for hosts.

    They ought to be considered more like parasites than viruses. But I guess the analogies to biological organisms make for more sensational news.

    If you were warned of the Ebola virus on one hand and the dangers of ghiardia in drinking water on the other hand, which would you get more excited about?

    I can see the headlines now:

    Experts Warn of Internet Parasites Sapping Hosts of Strength"
  • by SIGFPE ( 97527 ) on Wednesday April 24, 2002 @12:04PM (#3402168) Homepage
    First you work up a lot of hype about a subject and then, when there's no more news, you publish a story about what a lot of hype the media created.


    I guess then CNN can produce an article about how it wasn't really hype after all and then, after everyone has forgotten about viruses, they can start hyping virus stories again. Then they can have a story about how much they are hyped. And then they can have a story about how there used to be stories about viruses and how they died down and now they've come back.


    Endless stories without having to research anything. It must be fun working in media.

    • Yeah, it's a lot easier to run this type of story than to conduct real journalism (like exposing Senator Disney Hollings to public scrutiny for trying to allow media companies to screw us every which way). Of course, CNN isn't exactly known as a bastion of good journalism. None of the major news entities are. They serve advertisers, not the viewing public.
  • I keep the virus software on my machines up to date and have never had any problems. What I find the most annoying is all the "There is a new virus that you need to know about... pass this along to everyone you know" emails. When a new virus hits CNN, there are more of these messages in my inbox than there is spam. On the other hand I've never had a virus emailed to me so maybe my informing these people of the need to use common sense and good virus software has helped :)
  • At least this ensures that poor security gets bad press, and forces vendors insecure vendors to clean up their act.
  • What isn't mentioned is the hidden cost of virus fighting and the increased cost of desktop and network support. I would estimate that my staff and I spend 5% of our time working on virus and similar security issues (reactive, not proactive, security). That is a tremendous amount of utterly wasted time and effort, not to mention the drain on morale.

    Then you have to add in the cost of cleaning up the ones that slip through, and the fact that most companies don't report attacks to anyone, and I would have to say the CNN numbers are greatly understated.

    sPh


  • This guy has made a whole website about the "myths" of viruses

    http://www.vMyths.com

    Something smells fishy if a billion dollar business depends on these creations, and who knows more about them and how they work and how to create them than anyone else ?,
    consipracy or our friends and saviours ?
  • by billh ( 85947 ) on Wednesday April 24, 2002 @12:07PM (#3402187)
    Which top 10 list are we talking about here? The top ten Outlook worms? Top 10 viruses stopped by antivirus programs? Top 10 trojans?

    Code Red (and derivitaves) were a major pain in the ass. My servers don't run any MS software, but Code Red still affected me. It kept hitting my ports, over and over and over again. That sounds like a minor annoyance, until you are using more than eth0. Think virtual hosting.

    I also was lucky enough to have a number of clients that were using Cisco 678 DSL modems. Anyone remember that? Code Red locked them up. Until a patch was applied, they locked up every time they got a Code Red request. I knew of some people that would go and reset the Cisco, and be down again before they got back to their desk.

    It may not have been the typical user spread virus, but it made my #1 last year, because I'm not stupid enough to use Outlook.

  • I have never lost a system in my company to a virus but it sure does interfere with my work. Updating virus definitions, setting up e-mail filters and sending memos to employees about responsible computer usage ends up causing as much damage to my work day as a virus actually getting through and infecting a computer. Its the main reason I am the only employee that runs a Mac in the company. I can't afford to waste time maintaining and protecting my system against Windows based viruses. There is something to be said for using a computer operating system that only holds 5% to 7% of the market. Virus and worm writers don't waste their time on us.

    Disclaimer: I worked for a company that produced anti-virus software in the early 90s that was sold to Symantec.

  • The most annoying ones are those IIS worms that infest my DSL provider's network and fill up my Apache logs with crap. Anyone had any luck with Code Red Vigilante [dynwebdev.com] or anything similar?
  • PC users become more aware of the need to protect themselves from worms and viruses.

    Awareness is rising? This is news to me -- also news to my webserver, which has taken 9000+ Nimda hits in the last three months.

    Awareness of viruses may be rising, but awareness of how to secure one's own system from them is not.

    --saint
  • Selling virus checkers for a platform with no verified viruses is perhaps a little premature, though what happens when the first appears if no-one's written a checker or has one installed? After all, people know what's possible in principle...

    Anyway. Get hit by one, _then_ say that. Someone at my office managed to sneak Klez round the side of a virus checker and we were cleaning that up for a good little while. Not only did it kill our AV software but it blocked it from being reinstalled. Nasty. Not that bright, either - far more sensible to let it get installed but transparently cripple it, so the user thinks they're fine...

    Or the time when my Dad got hit by Kak, and the fun we had ripping that out of the registry manually because it had mucked up Norton. Or the many non-PC literate subscribers on a mailinglist I like who get hit by viruses and inadvertently post them to the list every few months on average.

    Getting the average user educated about viruses and certain that they need good, up-to-date protection is essential. OK, so _we_ don't often come across them - but we know that some e-mails are intrinsically dodgy (well, many of us don't run Outlook in the first place ;-) and that we don't just download from some random warez site. OK, maybe worrying end users about Code Red isn't the best policy, but they needed to know about SirCam, for example.

    I honestly don't see a problem with the current level of virus news and would suggest that CNN's Kristie Lu Stout doesn't know what she's talking about and has never personally got a virus.
  • smoking crack (Score:3, Informative)

    by gclef ( 96311 ) on Wednesday April 24, 2002 @12:11PM (#3402236)
    Code Red was over-hyped?! jesus, give me some of that crack...it must be really good. Instead of my ranting, allow me to quote from caida's analysis [caida.org]:

    On July 19, 2001 more than 359,000 computers were infected with the Code-Red (CRv2) worm in less than 14 hours. At the peak of the infection frenzy, more than 2,000 new hosts were infected each minute.

    That was "over-hyped?" what would it take for it to be "valid concern?" Yes, Code-Red didn't do the damage it intended to...but it still did a heck of a lot of damage. Claiming that some anti-virus nonsense "top 10" has any bearing on the actual amount of damage done is just stupid.

    • On July 19, 2001 more than 359,000 computers were infected with the Code-Red (CRv2) worm in less than 14 hours. At the peak of the infection frenzy, more than 2,000 new hosts were infected each minute.

      That was "over-hyped?"

      It was. If you look at the ratio of infected computers to total computers in the world (hundreds of millions), you can see that your chance of infection is very small.

      Also, your chance of infection probably depends highly on your e-mail client (Outlook anyone?) and number of people who have your address in Outlook address books. In a Fortune 500 company using Outlook, you're probably facing a far greater risk than sitting at home using AOL. And who is reading the hype? Net admins don't read CNN to learn about virus outbreaks (I hope).

  • Viruses aren't scary because we haven't put essential resources on the public network yet. Wait until your home security system is IP addressable, or any other of the countless "essentials" people plan to wire up.
  • I would have to agree that most virus stories were overblown at best, but at least it gives Joe Consumer the Head's up when it comes to viruses. Unfortunatly no one seems to listen to them.

    For Example, I work at a university, and we have been recently blocking LAN ports form students that we find to be transmitting a virus. I have already had a loveletter and a klez come in today, and have had 22 nimda viruses come in over the past month. Im sure that theres more out on our network but we dont find out until their machine attempts to infect the server.

    Most of the machines have had either Norton on it but not updated to the latest defs, Mcafee activeshield, which is basicially useless, or Mcafee Virusscan that was either not updated becasue no one wants to fill out the 1 page form for it, or is version 4.0 or earlier, which has no def updates.

    Lately we've been pointing people to http://www.grisoft.com to get AVG for free from their site, and it helps, but im still getting machines in at a steady pace.

    Frankly, I dont think anybody cares if they get a virus until it forces them to format and reinstall, then it gets their attention.
  • by t0qer ( 230538 ) on Wednesday April 24, 2002 @12:16PM (#3402274) Homepage Journal
    Well, I'm out of work now, but when I was working I had to deal with several virus outbreaks. It wasn't pretty or fun either. Usually it would happen like this.

    I would get into work in the morning, read the latest advisory about some new virus. I would send out an e-mail to my users, "DONT OPEN ANY ATTATCHMENTS!" After which I would promptly apply fixes to the mail server.

    My CIO would be reading her hotmail or yahoo mail, whatever. Point is it was a mail service outside of my control. She would see the subject, "I love you" and thinking it was a date, she would open it, from which it would spread like mad cow diesease. The rest of my day would be spent cleaning out her crap.

    Wasn't this way at just one company, it was this way at every company I have ever worked at. No matter how much you try and warn these people they just don't listen. They have the attention span of a gerbil and it shows. And everytime it would happen I would always get the same answer from them, "But I swear I didn't open that attatchment" To which I would reply, "The computer must have MAGICALLY sprouted hands and fingers and opened the attatchment itself, oh don't forget it also typed in your webmail username and password for you too"

    I dunno, being jobless all this time has made me realize a few things. There's no enjoyment in a job where you have to put out fires for 200+ people a day because they're too fucking stupid to figure out simple shit for themselves. They won't ever listen to your warnings, they don't seem to care that you have to spend several hours fixing their machines. They have an obvious lack of understanding that you have to actually concentrate to fix their problems, and this is made apparent by the 15 minute head pops they do into your cubicle, "Is it fixed yet? I have a really important blah blah blah for VIP blah blah blah."

    I don't think CNN has any concept of what it's really like out there. The amount of single celled organisms in a corporation is astounding.
    • Exactly,

      DUMB COMPUTER USERS

      Fact is, 99% of the world fit that category.

      There was an article about designing UI's few days back and all I could think about was my financial partner who has to be told how to minimize a window every time.

      The kinda guy that uses a remote email connection to send 10meg word documents to the person in the office next to him, even though all he needs to do is to send locally in 1/100th of the time.

      The marketing-type person who leans over your shoulder when your computing and says to a client :-

      "You know, these machines are amazing !"

      Yeah - you should see the user jump through hoops of fire !

      And we worry about virus problems being over-hyped ?

      Screw the viruses,

      I can see the headlines now :-

      "Dumb computer users seen as the biggest risk to computer security."

      "Symantec announces the anti-dumb-computer-user fix"
    • by Anonymous Coward on Wednesday April 24, 2002 @12:31PM (#3402393)
      > "But I swear I didn't open that attatchment" To which I would reply, "The computer must have MAGICALLY sprouted hands and fingers and opened the attatchment itself, oh don't forget it also typed in your webmail username and password for you too"
      ...
      &gt ;I dunno, being jobless all this time has made me realize a few things.

      Like, "don't insult your coworkers if you want to stay employed"?

    • No matter how much you try and warn these people they just don't listen. They have the attention span of a gerbil and it shows. And everytime it would happen I would always get the same answer from them, "But I swear I didn't open that attatchment" To which I would reply, "The computer must have MAGICALLY sprouted hands and fingers and opened the attatchment itself, oh don't forget it also typed in your webmail username and password for you too"

      (An open message to all bitter support people, angry at "end users")

      (chuckles softly) Ever stop to consider that 99% of the "end users" (they are actually called people, or employees... you know the people we support who do the actual WORK that pays our salaries) out there don't really give a rip about your job frustrations any more than you care about the new IRS guidelines taxing the patience of Phil from accounting... Let's face it, most of what you tell them goes in one ear and out the other. NOT because they have the attention span of gerbils, but because YOU, and so many many like you, have a giant chip on your shoulder. You don't respect the people you work with, you don't appreciate the fact that you have a specialized skill that others don't share. So you talk down to your users, then you talk over their heads, then you talk about things that don't concern them or how they do their job. The signal to noise ratio is such that OF COURSE they won't really listen when you warn about viruses...

      Lighten up a little, learn to see the bigger picture, learn to see your co-workers (once you get a job again) with compassion and not this holier than thou crap and I bet you might start to notice a change.
      • 99% of the "end users" ...don't really give a rip about your job frustrations

        You hit the nail on the head! They have enough problems with their own job frustrations.

        Every time I hear that AOL commercial and that guy says "no more of that computer mumbo-jumbo" is causes me to shudder - I think "It's not mumbo-jumob, it's easy!" and then I realize to them it is mumbo-jumbo.

        So treat is as such. Don't explain to them what viruses do or how they spread, if hotmail is causing problems, I block hotmail. But then again, I can do that. My boss is so comp-illiterate I don't even give him a PC, PDA, terminal - nothing! But when someone complains that they need hotmail, I ask "what business purpose does it serve?" I explain how much a virus outbreak costs the company, and the boss backs me up. End of problem.

    • Amen brother!

      I to have lamented [freshmeat.net] about users not participating in the IT process. Some users fail to realize that this is not a one person operation. I cannot help you if you do not help me.

    • I got one last comment to all the asses who don't agree with me.

      You obviously don't have any respect for how much burden is layed on a sysadmin. You don't realize when the shit hits the fan we're the one's cleaning up your mess. You just don't know how dumb all those people with the "Chief" something in front of their title (CEO CIO CFO) really are.

      Corporate infrastructure would rot without us. We're the one's with the cell phones and pagers as a leash. You whine about how much we get paid? How many sales people are called down to the office at 2:00am because the people with the "Chief" in front of their title decided to pull an all nighter and need you there to show them how to minimize a window. We put in twice the work any of you morons do and we never get recognition for our work.

      We have to answer to every department within a company. You are constantly walking on pins and needles because if one person is somehow offended by you telling them they're #10 in the que they throw a political shit fit getting your ass in a sling for not working fast enough. Sometimes you're asked to do things un-ethical like spying on employees. (I had a CEO ask me to spy on one of the girls he was bangin in the office because he thought she was banging another "Chief" You see things like an entire company get purposefully run into the ground so the CEO can hide his dangeruos liason from his wife.

      I shouldn't worry about someone breaking 9 laptops in 3 months? You fucking ass, those were dell inspirions, at about 5k each that's 45k for some ditz bitch sales whore to make me work harder when all she had to do was carry it on. 45k COULD have bought another jr. admin. That's another thing too, you see shit like the "Chiefs" spending riduclous amounts of money on themselves and their butt buddies everything from top of the line laptops that will never fully be used to fancy dinners "Outside meetings"

      It is that stupid user thinking that money and IT resources just grow on tree's that atrributed at least %30 to the downfall of the dot coms. Yeah go break another 5k laptop you bitch.
    • There's no enjoyment in a job where you have to put out fires for 200+ people a day because they're too fucking stupid to figure out simple shit for themselves

      Dude, if they could, you wouldnt have a job. Oh wait...

  • Viruses (Score:2, Insightful)

    by StormReaver ( 59959 )
    The only reason that Outlook viruses haven't been completely devastating is because Outlook virus writers typically aren't too bright. Their skills fall within the lowest range of computer users who aren't afraid of the keyboard.

    However, the mechanisms exist in Windows/Outlook to allow a truly vicious and only marginally skilled individual to wipe out a large number of Windows computers. It's just a matter of time before someone takes advantage of this.
  • uhh... (Score:5, Insightful)

    by Transcendent ( 204992 ) on Wednesday April 24, 2002 @12:19PM (#3402298)
    Code Red didn't even make the year's virus Top 10

    ...maybe because Code Red was a worm?
  • Klez.H is not hype (Score:3, Interesting)

    by The Ape With No Name ( 213531 ) on Wednesday April 24, 2002 @12:21PM (#3402311) Homepage
    It has crippled my workplace because it was not a "high-profile" virus and Norton did not ship defs for it early enough.
  • Back in *MY* day! (Score:4, Insightful)

    by Telastyn ( 206146 ) on Wednesday April 24, 2002 @12:26PM (#3402354)
    Doesn't anyone remember when viruses would actually do something?

    Used to be when you got a virus it would munge your bootsector, and as much of the disk as it could after it mailed itself you all your friends.

    The viruses these days just seem to be made to propogate as far as possible, or to do something juvenile like deface web sites.

    The only reason they are only hype these days is because the payload is (relatively) innoxious. One line of code could make the few hundred thousand of computers infected last year dead, rather than popping up a cute little message.
  • I hold my breath when a new Nimda-class worm starts to spread. It kills Internet performance on my cable modem (operated through Road Runner, yet another AOL Time Warner collective) as many Windows users don't have proper protection set and propagate the virus nastily. I can't be infected; I use Mac OS 9 or X. But it drags network access to the ground and kicks it around for hours.

    Fortunately, RR appears to deactivate accounts that are virus-ridden if no action is taken, which reduces the problem. Still, my Mac OS firewall dutifully records Code Red and Nimda attacks as well as the usual crackers trying to crack the very-difficult-to-crack Mac OS.

    Thanks, Microsoft, for introducing software that helps inconvenience EVERYONE on the Internet.
  • I really wish people would get the terminology correct. Spafford posted [google.com] a good definition over twelve years ago. A quick and dirty definition: Viruses (virii?) generally require human interaction (open an email, click on a link, etc) while worms propagate on their own, exploiting vulnerabilites within an application or operating system.

    With that said, it only makes sense that CodeRed (a worm) wouldn't make the top ten list of viruses. I doubt any true worm could ever make some top ten list when compared with large virus infections. Viruses infect workstations (PCs) while worms (generally) infect servers. Last time I checked, there were a whole lot more PCs than servers, thus a much bigger chance of infection. Furthermore, CodeRed's (a worm) impact was limited by that wonderful thing called Open Disclosure. No, M$ will never admit to this, but as a security professional who does network security monitoring, I know my clients would have been severly impacted if signatures hadn't been available for our sensors (insert shameless plug [snort.org]) a month prior to CodeRed (a worm!!) being released. Virus signatures, on the other hand, tend to be created after a virus has been let loose in the wild and has already impacted users.

    Bammkkkk
  • Take a look at the statistics [netcraft.com] At one point over half IIS based e-commerce websites had a confirmed backdoor. Months after Code Red hit, 10% of the the e-commerce sites still had a backdoor.

    How can anyone look at numbers like that and say it's not a problem? I find the numbers absolutely shocking...

    Basically if I buy something from a website, I want to make sure it does not run on IIS. In that sense Code Red crippled many sites for me because I am not able to use them anymore.

    • Code Red and Nimda actually did a bit more than that. See this report on global router instabilities [renesys.com] during the Code Red and Nimda peak activity periods.

      I'm not really thrilled with how that report words things, but then I don't really understand BGP and global routing. The interesting conclusion:

      We speculate that, although most of the traffic in the Internet continued to flow normally through the small fraction of links that make up the global backbones, most of the links at the Internet edge had serious performance problems during the worms' probing and propagation phases. A complete list of reasons still needs to be documented, but we suspect i) congestion-induced failures of BGP sessions due to timeouts; ii) flow-diversity induced failures of BGP sesions due to router CPU overloads; iii) proactive disconnection of certain networks; and iv) failures of other equipment at the Internet edge such as DSL routers and other devices.

      Once MSFT does dominate the Internet 100% we can expect this sort of thing to happen all the time:

      • A computing monoculture will allow 100% susceptiblity to whatever exploit-of-the-day comes around. For Code Red, only about 30% of all web servers were susceptible.
      • MSFT does protocol design very poorly, and documents it in even worse fashion. BGP is publicly documented, and it still has weird beard problems with tons of traffic. Imagine what some hacked-out, irregular piece of crap protocol like CIFS might do.
      • Security information will go back to living only in the shady underground. "Responsible disclosure", as advocated by MSFT toadies, will keep any and all security bugs from public knowledge.
      This combination of factors will result in emergent behvior that nobody will understand. Networks will go up and down like a window shade, without warning and without apparent provocation.
  • The obvious solution is for the Bush Administration to appoint a Computerland Security Advisor and then enact a "Computer Virus Warning System" that uses a different color code to indicate the severity of the computer virus/trojan/worm.

    I recommend the following levels:
    GREEN: Open any file or email attachment with inpunity
    YELLOW: Don't open any attachment that contains a virus
    ORANGE: Don't open any email client
    RED: Turn off your computer

    They can send an email each morning (or whenever the status changes) to all computer users so we know how to gauge the virus threat and take appropriate measures.
  • My argument... (Score:2, Insightful)

    Computer viruses (including worms, trojans and so on) continue to be a real threat to many users (and yes, I will say especially Windows users). From my point-of-view this article did much more damage than good. It would be like writing a story saying that unprotected sex with strangers is okay because the odds of getting something aren't really all that great.

    The fact is that the reason that the threat level from viruses is down is because more people are more aware and are taking preventitive measures. This reduces the spread of viruses in the wild but it does not stop them. I would argue that the fact that the spread of serious attacks being down demonstrates that what is being done is at least partly effective.

    I'd also argue that even more still needs to be done. I'd suggest that when a company learns of an exploit involving their software, it is their responsibility to address it sooner rather than later - that by not doing so, they are part of the problem. I'd suggest that companies that allow the use of their resources by whatever means (ie:open relay, unfiltered email, access to systems and etc) also have responsibility. But most of all, I would argue that the vandals that write and knowingly distribute the software should be treated as felons and given appropriate sentences.

    Even the aforementioned actions would not eliminate the need for protection in the form of secure systems, antivirus software, and due dilligence on the part of the user. But when all of these things are combined, we can keep the situation tolerable.

  • The viruses that have been widely propagated so far have all been fairly benign - they haven't done that much other than propagate. After all, a virus doesn't spread terribly well if it destroys its host.

    Imagine what the impact would be, however, of a virus that spreads as effectively as Code Red, but formats the hard-drive after 48 hours? (Or perhaps after it's infected a certain number of machines?)

    There were plenty of IIS machines that were infected for a good deal longer than 48 hours before their owners became aware of it. Hell - my boxes at home still receive hundreds of Code Red probes.

    The flow of IIS vulnerabilities doesn't seem to be drying up - it may well only be a matter of time before someone writes something that's really malicious. Growing complacent because the computer press has cried wolf so many times is incredibly dangerous.

  • The reasons that these more damagin virus's didn't take down the net or bring companies to a crawl is the same reason most virus's don't kill you. The more damaging the threat the more quickly and precisly the system's defenses react. For your body that means white blood cells and the other parts of the defense system react more vigorously, for computer viruses it means remediation efforts are put on highest priority and people work to clean them. Just because the defenses worked doesn't mean they aren't needed.

    p.s. karma's at 50 don't bother moding up
  • I'm running apache on my webserver that gets almost no legitimate hits a day. I don't advertise it etc.
    My error.log file is 50 (Fifty) megs. Since January. 2002.
    Lots of entries look like this, with some variations. I also appreciate skript kiddies trying to run root.exe on my box.

    [Wed Apr 24 10:44:21 2002] [error] [client 4.35.125.66] File does not exist: *:/****/msadc/..%5c/..%5c/..%5c/..Á/..Á/..Á/win nt/system32/cmd.exe

    I'd say that the main problem is not that the virus actually does anything harmful, but that their box is broadcasting to random ip's "hack me" and that person's hdd is shared with full perms and that if a script kiddie wanted to delete all files on the lamer's machine, they probably could, theft of corporate info (i.e. if someone works at home) is also really easy.
  • I can't believe how clueless people are that think viruses aren't dangerous. True the recent big ones have been annoyware, but it would have been childs play for their author to put in a malicious payload that could have erased everything on everyone's drives. It only takes one bad virus to cause trillions of dollars in damage, real damage. We should be taking these non-destructive ones as warning shots, not passing them off as just pranks.

    Travis
  • That's like viruses. We spend millions and billions to prevent all of the viruses except the ones that fuck us up. God laughs at us.
  • From the Future (Score:3, Interesting)

    by Arandir ( 19206 ) on Wednesday April 24, 2002 @12:58PM (#3402589) Homepage Journal
    In 2003, the news media reported on the Faux Flu. It was dangerous they said. It would kill old people and children. It would cause everyone else to spends weeks in the hospital. It had all sorts of nasty symptoms, which I won't describe here.

    The reporting was hyped all out of proportion. Every hour on the hour there was a public service announcement regarding it. Major troop movements in the Middle East were relegated to the back page in favor of reporting on some kid with a runny nose on page one.

    The public went into a panic. People went and got their flu shots. The covered their mouths and noses when the coughed or sneezed. They didn't go into work when they had the sniffles. They stopped french kissing with strangers.

    But there was no outbreak. A total of five people died of the Faux Flu. The people blamed the media for inciting panic. Newspaper subscriptions plummeted and Disney Megacorp had to sell off AOL/TW to stay afloat.

    Then the Fu Flu hit the next year. No one believed the media. No one took their flu shots. Sneezing in crowded train stations was considered hip and cool, a way of telling the doommongers to bugger off.

    And 1.3 billion people died.
  • Well the article has been /.'d or something, so I can't read it, but is anyone else getting tons of Klez worms on the mail, either directly or as bounces? That's the one that exploits IE's problem with the word 'begin', *AND* forges return addresses from e-mail addresses found on infected computers.

    It's very disturbing to get bounces from hotmail because you supposedly sent someone a virus. (No, I don't have it; all my e-mail reading and sending is done from a Linux box and its a Windows/Outlook worm.)
  • The virus ecosystem (Score:3, Interesting)

    by Animats ( 122034 ) on Wednesday April 24, 2002 @01:10PM (#3402675) Homepage
    The anti-virus industry depends on the continued introduction of new viruses. This creates a strange synergy between anti-virus companies and virus creators.

    It's important to the revenue stream of the anti-virus companies that their products not work very well. Note how these things work. They mostly recognize known viruses. They don't generally stop improper behavior by all possibly-hostile content. Hence, constant upgrades are necessary. The initial version is usually free, just like a drug dealer.

    It doesn't have to be this way. Suppose, for example, that Mozilla rendered all pages and executed all downloaded content in a "jail" secured by the OS, one that could write to the window, receive input when it has the focus, and talk back to the sending server, but nothing else. This could work under FreeBSD as currently shipping; Linux may get there.

    • The anti-virus industry depends on the continued introduction of new viruses

      Not totally true. Look at April's wild list [wildlist.org]. Form.A [nai.com] is on the list and has existed for over 10 years.

      They don't generally stop improper behavior by all possibly-hostile content

      Because behavior blocking doesn't work. It is difficult to distinguish between malicious behavior and things that users want and need to do. Too many false alarms => software disabled.
  • Education is good (Score:2, Insightful)

    by crivens ( 112213 )
    Education is good, but how about educating companies like Microsoft so that we're less vulnerable to such viruses? Why should the users suffer so much when the majority of the blame (IMO) is on companies like Microsoft?
  • The "OBVIOUS" tag, I mean.

    --Blair
  • They're disguised as the marketese word, "messaging"... that, and telemarketers.
  • by johnos ( 109351 ) on Wednesday April 24, 2002 @01:29PM (#3402823)
    I admit to being a download slut. I have downloaded most days for the last ten years. And I am not too particular about where I download from either. But I never get viruses. Well, I got one on the mac once in 1991. And another on a word document about 1997. But that's it.
    When people ask me about viruses, I always tell them to use something besides Outlook and they will be fine. And they are.
    For 98% of the people out there, the damn anti-virus software is more of a hassle than the viruses they can't catch. The bloat in security software puts MS to shame. All you need is Norton anti virus to show the kids what a 386 was like. Slooooowwwww.
    The only way you can get a virus nowadays, is to start up Outlook. I do not understand why the corporate IT guys, for whom these high-profile worms are a genuine headache, do not sue MS. By pretty well insisting on having scripting 24/7 in all their apps, they have created a royal road into anyone's box. The patches they offer are laughable. The house is on fire, and when a bit of flame shows in the front window, MS generously rushes up with a glass of water.
  • by bugg ( 65930 ) on Wednesday April 24, 2002 @02:41PM (#3403427) Homepage
    I believe that people *love* to hear about the next killer virus/worm that's out there. It's a sort of sick fascination with how easily one person can write something that spreads to thousands of computers that we rely on for so many important things. As someone who has had to disinfect dozens of computers and hundreds of floppies in previous employment, viruses are a headache, but they're also fascinating. It can be a rush to run f-prot and see what you'll find.

    Of course, things are different now. In the DOS heydey (including Windows pre-95), most viruses we re textbook viruses. Today, more of them should be defined as trojans and worms. There's no worm that you can see and say "well isn't that cute" as they all are quite damaging in terms of bandwith utilization. But there were/are many true viruses that are not damaging... or not damaging if caught in time. We all like fire, but nobody likes getting burned.

    Now, back to the subject. Michaelangelo. Back when it was news some ten (egads!) years ago, McAffe was warning everyone of the impending doom. That year there were many people who lost data, but nowhere near as large as some people had believed. To be fair to the AV experts at the time, most of them gave a range from the small to the abnormally large- but guess which figure reporters used to sell papers?

    So, life went on, and nobody was afraid about Michaelangelo anymore. Well, this poor sap was hit by it the *second* time it delivered it's payload (March 6th 1993). I lost of a lot of data that day, and boy was I surprised. Ironically, the data I miss the most is a copy of the virus itself. We all love fire, but we don't love getting burned.

    Studying the interesting viruses was, and is, a really educational and enjoyable thing to do. I do not encourage people to distribute viruses. It's a dick thing to do. But there are plenty out there, and they'll forever live in databases like VSUM and whatnot. The game of virus authors versus AV authors is largely over; but it's still neat to see how different viruses copied themselves, and even more interesting the cryptic lines of text that can so often be found in infected executables.

    Eddie lives...somewhere in time!

    This program was written in the city of Sofia (C) 1988-89 Dark Avenger.

    Call me a hopeless virus romantic (not the VD kind), but I still think that's cool.

    And holy crap, I just realized that the slashdot blackout already started. I apologize, didn't realize this before I typed this all up.

  • by nologin ( 256407 ) on Wednesday April 24, 2002 @10:08PM (#3406695) Homepage

    If the past year's viruses were all hype, I have to wonder how serious a virus has to be before they actually claim them as dangerous.

    Thanks to SirCam, I personally received two documents from Fortune 500 companies (which were infected) with draft proposals for new products and the markets they were targetted for. I get to know the plans of a big company even before their CEO does.

    Thanks to CR/Nimda, I get to see at least 100 probes a day trying to get to my personal web server. On more active days, that number is more like 500. And this is now, over 8 months after the virus was at its peak.

    I know of at least a few administrators (that work at various companies) that had to put in about a week to get the "I love you" virus under control. And that virus didn't even have a nasty payload.

    Mind you, they could have been much worse. The simple fact is that most of these viruses were born from stupid bugs (which in most cases were simply overlooked) and hence were somewhat easier to fix.

Hackers are just a migratory lifeform with a tropism for computers.

Working...