Slashdot Mirror
Viruses: More Hype than Danger?
blankmange writes "CNN is carrying a story on how the big virus scares within the last year or so have been just that: scares, usually hyped by the media with software companies standing by to reap the profits. 'The market for computer security is booming as PC users become more aware of the need to protect themselves from worms and viruses.
"Code Red" hit the headlines in July last year, with dire predictions that the PC worm would cripple the Internet. Yet in the end, Code Red didn't even make the year's virus Top 10.' PDAs are the next marketing target, along with cellphones."
Probably still the most damaging as far as I have experienced... the majority of problems with viruses i see are users passing on pretty obvious viruses.. maybe the answer is in the education rather than the protection
It's just like the local weatherman.
They are the first to predict 18 inches of snow for a storm that produces only six. News sources love reporting gloom, doom and disaster, for it increases viewership/readership.
No one cares to hear "Nothing to see here, movealong".
If I weren't nailed to the penis, I'd be pushing up the daisies!
But without the hype there would be more people without anti-virus software. We don't see a LOT of viruses hit our mail server, but we do see a few every day. If one of those got in and a user ran it, we'd be in trouble.
Better safe than sorry....
Without the hype, nobody would take care about using any antivirus software and the virusses could course great problems. Now the hype makes sure people are (more or less) protected.
Of course the security companies are going to strongly emphasize the risk of viruses, it should be expected-- it's what they do!
For news sites... they make everything overly dramatic. Maybe that's the problem.
What this article is really addressing IMO is the fact that news sites like to exploit people's fears in order to increase readership/viewership. That's an across-the-board news problem, not a virus problem.
mark
If you want to make an apple pie from scratch, you must first create the universe. -- Carl Sagan
And poof... There goes loads of old work, and here comes lots of fixes. There is a developer I work with that continually infects the network with viruses because he refuses to run antivirus software. Unfortunately he's got seniority so I just have to clean up his mess. Pathetic really.
I'm a firm believer in revoking i-net privledges to employees who are stupid enough to send much less open attachments of the exe or macro variety.
The hype around viruses are by far the largest problem to me, and to many of my fellow tech savy coworkers. Most of us run home web servers, and when Code Red came out our ISP's premptively closed port 80 on all of it's customers to "prevent Code Red from damaging our ability to run a personal web server", wait a minute here... you're shutting down our web servers... so that Code Red can't shut down our web servers... good job guys. That totally ignores the fact that I run Apache too... oh well, cloaked redirection for me.
Really though, I serve as a virus debunker for many of my less than computer literate friends, but it would be nice if there was a public site for this sort of thing, that picked up e-mail hoaxes and displayed them for what they are, meanwhile addressing real problems and how to fix them. There are a couple for the more technologically gifted (such as Norton's anti-viral research labs) but there really needs to be a good "for the average user" site.
I guess then CNN can produce an article about how it wasn't really hype after all and then, after everyone has forgotten about viruses, they can start hyping virus stories again. Then they can have a story about how much they are hyped. And then they can have a story about how there used to be stories about viruses and how they died down and now they've come back.
Endless stories without having to research anything. It must be fun working in media.
-- SIGFPE
Yea Right.
Code Red just spread itself. The company I work for only shut down email for 3 days trying to clear it out.
Of course nimda was based on code red, and automagically propigates itself also. It's still around. And there are versions that open up your IIS webserver so the propigator can get in with asministrator access. And there's also the fact that a version of the nimda worm is busy looking around the net for vulnerable DNS/SSH access on unix boxes.
Yea, the Code Red is harmless and didn't do any damage. And Corporate America didn't spend $millions$ cleaning up mail servers. And there are not thousands of boxes that hackers have back doors into because of the later Nimda versions.
The moron that wrote this article is an asshole that doesn't know his head from a hole in the ground. But Hey, he got an article published on CNN, so what does it matter.
I take no responsibility for what I say. Even though I'm never wrong
Yeah, you'd be correct, if it wasn't for the fact that the patch was available for OVER A MONTH before code red EVER hit the scene. The blame lies squarely on people NOT MAINTINAING THEIR OWN MACHINES. Much like, say, GM would never be blamed for a family who died in a horrible accident after recieveing a recall notice, and ignoring it. Microsoft THEN took steps by turning Windows Update on, by default, in XP Home, and, predictably, everybody started crying because it's an invasion of privacy, and it takes choice away from the user.
Vintage computer games and RPG books available. Email me if you're interested.
Well, I'm out of work now, but when I was working I had to deal with several virus outbreaks. It wasn't pretty or fun either. Usually it would happen like this.
I would get into work in the morning, read the latest advisory about some new virus. I would send out an e-mail to my users, "DONT OPEN ANY ATTATCHMENTS!" After which I would promptly apply fixes to the mail server.
My CIO would be reading her hotmail or yahoo mail, whatever. Point is it was a mail service outside of my control. She would see the subject, "I love you" and thinking it was a date, she would open it, from which it would spread like mad cow diesease. The rest of my day would be spent cleaning out her crap.
Wasn't this way at just one company, it was this way at every company I have ever worked at. No matter how much you try and warn these people they just don't listen. They have the attention span of a gerbil and it shows. And everytime it would happen I would always get the same answer from them, "But I swear I didn't open that attatchment" To which I would reply, "The computer must have MAGICALLY sprouted hands and fingers and opened the attatchment itself, oh don't forget it also typed in your webmail username and password for you too"
I dunno, being jobless all this time has made me realize a few things. There's no enjoyment in a job where you have to put out fires for 200+ people a day because they're too fucking stupid to figure out simple shit for themselves. They won't ever listen to your warnings, they don't seem to care that you have to spend several hours fixing their machines. They have an obvious lack of understanding that you have to actually concentrate to fix their problems, and this is made apparent by the 15 minute head pops they do into your cubicle, "Is it fixed yet? I have a really important blah blah blah for VIP blah blah blah."
I don't think CNN has any concept of what it's really like out there. The amount of single celled organisms in a corporation is astounding.
Code Red didn't even make the year's virus Top 10
...maybe because Code Red was a worm?
If the media didn't hype the virus issue to people who normally wouldn't know any different, then the problem would probably have been much much greater.
Think of Y2K: a big deal, yes, and plenty of people were saying right up through January 1999 that something had to be done, and soon, because thousands if not millions of computers and software programs were affected. Eventually, they all got on it. The problem was licked, and virtually no major Y2K issues were still existing by the time the date actually arrived.
Sure, some people overreacted by building underground computer-free bunkers and stocking up on gasoline and bottled water -- but then, there are always people who overreact. Y2K probably wouldn't have caused the end of the world, but it would have been a pretty big nuisance if the media didn't get the word out so that normal people knew to upgrade their products and pressure companies to produce the upgrades for them.
You can't over-hype virus issues. You can lie and say a problem exists that doesn't, but you can't stop stressing that antivirus software and common sense when opening attachments and securing connections is important. There's always someone new to the computing world, or someone who introduces a new attack strategy, which necessitates restating all the rules.
Bottom line: everybody with a computer needs some sort of antivirus protection, even if it's just common sense. Everybody with an Windows PC on the Internet ought to have antivirus software as well, and keep it up-to-date, just because that OS is so susceptible to new attacks.
Doesn't anyone remember when viruses would actually do something?
Used to be when you got a virus it would munge your bootsector, and as much of the disk as it could after it mailed itself you all your friends.
The viruses these days just seem to be made to propogate as far as possible, or to do something juvenile like deface web sites.
The only reason they are only hype these days is because the payload is (relatively) innoxious. One line of code could make the few hundred thousand of computers infected last year dead, rather than popping up a cute little message.
I would have to disagree with the statement that viruses prey primarily on stupidity. I have many intelligent people working in my company who know nothing about computers. Accountants, Credit Managers, Sales Managers, Location Managers, etc. These people are intelligent and competent in their respective fields. However, many are no doubt "ignorant" regarding anything computer-related.
Instead of revoking access to users we like to label as "stupid", maybe we as IT Managers, Sys Admins, etc. should spend more time training our people rather than browsing Slashdot all day. : )
Just a thought.
No matter how much you try and warn these people they just don't listen. They have the attention span of a gerbil and it shows. And everytime it would happen I would always get the same answer from them, "But I swear I didn't open that attatchment" To which I would reply, "The computer must have MAGICALLY sprouted hands and fingers and opened the attatchment itself, oh don't forget it also typed in your webmail username and password for you too"
(An open message to all bitter support people, angry at "end users")
(chuckles softly) Ever stop to consider that 99% of the "end users" (they are actually called people, or employees... you know the people we support who do the actual WORK that pays our salaries) out there don't really give a rip about your job frustrations any more than you care about the new IRS guidelines taxing the patience of Phil from accounting... Let's face it, most of what you tell them goes in one ear and out the other. NOT because they have the attention span of gerbils, but because YOU, and so many many like you, have a giant chip on your shoulder. You don't respect the people you work with, you don't appreciate the fact that you have a specialized skill that others don't share. So you talk down to your users, then you talk over their heads, then you talk about things that don't concern them or how they do their job. The signal to noise ratio is such that OF COURSE they won't really listen when you warn about viruses...
Lighten up a little, learn to see the bigger picture, learn to see your co-workers (once you get a job again) with compassion and not this holier than thou crap and I bet you might start to notice a change.
I would have to say that explosives are the most abused technology in all of history.
Computer viruses (including worms, trojans and so on) continue to be a real threat to many users (and yes, I will say especially Windows users). From my point-of-view this article did much more damage than good. It would be like writing a story saying that unprotected sex with strangers is okay because the odds of getting something aren't really all that great.
The fact is that the reason that the threat level from viruses is down is because more people are more aware and are taking preventitive measures. This reduces the spread of viruses in the wild but it does not stop them. I would argue that the fact that the spread of serious attacks being down demonstrates that what is being done is at least partly effective.
I'd also argue that even more still needs to be done. I'd suggest that when a company learns of an exploit involving their software, it is their responsibility to address it sooner rather than later - that by not doing so, they are part of the problem. I'd suggest that companies that allow the use of their resources by whatever means (ie:open relay, unfiltered email, access to systems and etc) also have responsibility. But most of all, I would argue that the vandals that write and knowingly distribute the software should be treated as felons and given appropriate sentences.
Even the aforementioned actions would not eliminate the need for protection in the form of secure systems, antivirus software, and due dilligence on the part of the user. But when all of these things are combined, we can keep the situation tolerable.
Anyone who thinks that viruses are just hype and don't cause an inordinate amount of suffering and expense for the vast majority of those whose home computers and small office machines get infected needs to socialize beyond their own demographic a bit more.
.doc files being corrupted and no longer loading right. A Word macro virus ate about four months of work for him. The next was about some porn dialog popping up every time he booted his computer. The next was.. I forget, there's been a dozen over the past six or seven years, but in each case I would either have to spend a lot of time on the phone or he'd wind up taking his computer in to a shop and be charged $75 to format his drive.
My father in law is a retired writer. He's not technically sophisticated, he doesn't back up as often as he should, and he doesn't wrinkle his nose and think "What the hell is this?" every time he gets an attachment. The first panicked call we got was a result of all of his
A good friend of mine called me two days ago in a panic about the W32klez virus. Their small office (a non-profit with about 16 computers, Microsoft networking) was thoroughly infected, and some people's home machines - those who check their email from home - were also infected. These are gardeners, not software developers. The fact that executable attachments can be viruses is NOT the first thing in their mind when opening an email. Days of suffering for them, plus weeks of repairing damage to their credibility as a result of all the Klezmer Deep Throating Teens (or whatever the hell subjects it picked) emails sent from their machines.
So, how do so many intelligent people form the opinion that viruses are nothing but hype? That's an easy one: My wife and I are virtually immune to viruses because our file sharing system consists of a Linux box running sendmail and proftp. Our email clients on our satellite win98 boxes are older copies of Eudora, and we're highly suspicious about any attachments. So, it's easy for us to get into the mindset that viruses are a load of hooey and couldn't really do that much damage. They can't... to us. From reading people's posts here, that view seems to work for most Slashdot readers, but it ain't How Things Are for many many others.
Education is good, but how about educating companies like Microsoft so that we're less vulnerable to such viruses? Why should the users suffer so much when the majority of the blame (IMO) is on companies like Microsoft?
I guess it's MY fault that I have to order a new laptop everytime this paticular sales lady goes out on travel and returns with a mangled laptop because "It's too much trouble to carry it on" This paticular lady i'm thinking of DESTROYED 9 laptops in 3 months! You would think MAYBE after the first one she would wise up BUT SHE KILLED 8 MORE!
Most places I've worked, the subsequent 8 laptops would have come out of HER paycheck--a great incentive to be more careful with company property. (The insane paperwork to get *anything* ordered at my current workplace is a good incentive not to wreck your current box, too).
Frankly, as long as it's not coming out of YOUR paycheck, why does her idiocy with laptops spin you up so much? They were still paying you for the work involved, right?
You're laid off, and bitter--I can understand that. Been there, done that a few times. Job searching all over and getting nothing for months on end is incredibly demoralizing. However, you might want to learn to relax and enjoy things a bit more, because that bitterness will show in job interviews. Also, if the job situation is that bad locally, why not search elsewhere? The internet is damn useful for that.
---dragoness
> Funny, they all seem to have something in common...
Yeah, I noticed that too. They were all developed for the most widely used desktop OS in the world.
I admit to being a download slut. I have downloaded most days for the last ten years. And I am not too particular about where I download from either. But I never get viruses. Well, I got one on the mac once in 1991. And another on a word document about 1997. But that's it.
When people ask me about viruses, I always tell them to use something besides Outlook and they will be fine. And they are.
For 98% of the people out there, the damn anti-virus software is more of a hassle than the viruses they can't catch. The bloat in security software puts MS to shame. All you need is Norton anti virus to show the kids what a 386 was like. Slooooowwwww.
The only way you can get a virus nowadays, is to start up Outlook. I do not understand why the corporate IT guys, for whom these high-profile worms are a genuine headache, do not sue MS. By pretty well insisting on having scripting 24/7 in all their apps, they have created a royal road into anyone's box. The patches they offer are laughable. The house is on fire, and when a bit of flame shows in the front window, MS generously rushes up with a glass of water.