Viruses: More Hype than Danger?

blankmange writes "CNN is carrying a story on how the big virus scares within the last year or so have been just that: scares, usually hyped by the media with software companies standing by to reap the profits. 'The market for computer security is booming as PC users become more aware of the need to protect themselves from worms and viruses. "Code Red" hit the headlines in July last year, with dire predictions that the PC worm would cripple the Internet. Yet in the end, Code Red didn't even make the year's virus Top 10.' PDAs are the next marketing target, along with cellphones."

Nimda is still fairly active/destructive

[burgburgburg]

eWeek has an article about how Microsoft Windows Update has actually removed hot fixes, causing a site to be re-hit by Nimda.

Peter Norton ...

[ImaLamer]

It's marketing. That's all.

Look at your Best Buy [boycott!] ad next time it comes. You always see rebates for *NEW!!* AV software and Peter Norton's products.

They never work with the older versions of Windows - and these companies always make a fortune off of new releases of that OS.

So why buy stock in Microsoft when you should be buying it in McAfee and Symantec.

Code Red not in top 10?

[billh]

Which top 10 list are we talking about here? The top ten Outlook worms? Top 10 viruses stopped by antivirus programs? Top 10 trojans?

Code Red (and derivitaves) were a major pain in the ass. My servers don't run any MS software, but Code Red still affected me. It kept hitting my ports, over and over and over again. That sounds like a minor annoyance, until you are using more than eth0. Think virtual hosting.

I also was lucky enough to have a number of clients that were using Cisco 678 DSL modems. Anyone remember that? Code Red locked them up. Until a patch was applied, they locked up every time they got a Code Red request. I knew of some people that would go and reset the Cisco, and be down again before they got back to their desk.

It may not have been the typical user spread virus, but it made my #1 last year, because I'm not stupid enough to use Outlook.

smoking crack

[gclef]

Code Red was over-hyped?! jesus, give me some of that crack...it must be really good. Instead of my ranting, allow me to quote from caida's analysis:

On July 19, 2001 more than 359,000 computers were infected with the Code-Red (CRv2) worm in less than 14 hours. At the peak of the infection frenzy, more than 2,000 new hosts were infected each minute.

That was "over-hyped?" what would it take for it to be "valid concern?" Yes, Code-Red didn't do the damage it intended to...but it still did a heck of a lot of damage. Claiming that some anti-virus nonsense "top 10" has any bearing on the actual amount of damage done is just stupid.

Re:Code Red and other Problems with Hype

[mr.+roboto]

Really though, I serve as a virus debunker for many of my less than computer literate friends, but it would be nice if there was a public site for this sort of thing, that picked up e-mail hoaxes and displayed them for what they are, meanwhile addressing real problems and how to fix them.

There you go.

CodeRed != Virus; CodeRed == Worm

[bamm]

I really wish people would get the terminology correct. Spafford posted a good definition over twelve years ago. A quick and dirty definition: Viruses (virii?) generally require human interaction (open an email, click on a link, etc) while worms propagate on their own, exploiting vulnerabilites within an application or operating system.

With that said, it only makes sense that CodeRed (a worm) wouldn't make the top ten list of viruses. I doubt any true worm could ever make some top ten list when compared with large virus infections. Viruses infect workstations (PCs) while worms (generally) infect servers. Last time I checked, there were a whole lot more PCs than servers, thus a much bigger chance of infection. Furthermore, CodeRed's (a worm) impact was limited by that wonderful thing called Open Disclosure. No, M$ will never admit to this, but as a security professional who does network security monitoring, I know my clients would have been severly impacted if signatures hadn't been available for our sensors (insert shameless plug) a month prior to CodeRed (a worm!!) being released. Virus signatures, on the other hand, tend to be created after a virus has been let loose in the wild and has already impacted users.

Bammkkkk

Re:The virus ecosystem

[QuodEratDemonstratum]

The anti-virus industry depends on the continued introduction of new viruses

Not totally true. Look at April's wild list. Form.A is on the list and has existed for over 10 years.

They don't generally stop improper behavior by all possibly-hostile content

Because behavior blocking doesn't work. It is difficult to distinguish between malicious behavior and things that users want and need to do. Too many false alarms => software disabled.

Not overhyped this week...

[GeekWithGuns]

Monday I ran into W32/Klez.h@MM which was no big deal by itself, but the W95/Elkern.cav.c nailed two computers so bad that they needed to be reinstalled.

So far at work we have been lucky and never gotten any of the "Hyped" viruses, just all the hoaxex; however, we tend to get the viruses that are not hyped and make small messes.

I wish that in this case that Klez was all hyped up since then McAfee would have released the DAT file that would detect Elkern. McAfee's website says that DAT 4198 will detect the virus, but they have only released 4198 today!