Slashdot Mirror
Symantec Claims They Knew About Slammer In Advance
truthsearch writes "Wired is reporting 'Symantec claims to have identified the Slammer worm that ravaged the Internet during the last weekend of January hours before anyone else did. Symantec then shared the information only with select customers, leaving the rest of the global community to get slapped around by Slammer.' I'm not bothered I didn't know Slammer was coming, but Symantec has a moral responsibility to inform the public if it thinks millions will be affected." It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release. Update: 02/14 16:54 GMT by M : Wired has their math wrong; Symantec apparently had at most 20-30 minutes of early warning. Symantec claims in this press release that they discovered the worm "hours before it began rapidly propagating".
Do you honestly believe that all the viruses come from joe sixpack sitting in his basement with nothing better to do?
thats what makes the extra special account worth it.if they told everyone, then whats the point in paying for the extra notice?
(not that I agree with not telling everyone, that just seems to be the why)
So I can see from a "greedy" standpoint why they would only tell select customers, but the "moral" side of me is aghast that -if they knew- they didn't tell.... Horrible!
Just wait til next week!
HA HA HA HA HA [silence]
HA HA HA HA HA [silence]
HA HA HA HA HA [silence]
Unless they helped the Korean program the thing. I unfortunately have to use MS products (my company pay's me to) and it's a constant waste of time applying the daily hotfix, backing up, testing, implementing, ...
.Net front end would be secure, fast, OSS Core, and finally kill 99% of the reason the internet sucks.
Why doesn't MS just give up with their POS OS and go to a Unix core like OS X. MS Linux with a
Oh well, guess I'm dreamin.
I knew about Slammer in 1988. (Take a look at Jim Brown's character.)
How are you going to keep them down on the farm once they've seen Karl Hungus?
Since when does Symmantec have a moral obligation to do anything? They're a corporation. Their service is to detect and prevent network attacks. If you are willing to PAY for the service, then you get the benefits of it. If not, then it sucks to be you. Ford's service is making cars. Are you saying that Ford has a moral obligation to give me one, even though I haven't paid for it?
I can see them spending a lot of time in court issuing statements like that. Since the worm cost [insert random() x billion] dollars in lost business according to the press litigation seems inevitable.
It's more likely that their customers, since they must have some interest in security, had already installed firewalls and not left SQL server open to the entire internet though...
Code, Hardware, stuff like that.
OK, I don't get it... How does Symantec going "We knew all about it but we didn't tell you" make Symantec look good in any way? I know I get annoyed when people behave like that... So anyone have a thought on exactly how this benefits Symantec?
.: Max Romantschuk
Sorry, but that is not a similar situation. Not even close.
From the article:
"According to Symantec spokesman Yunsun Wee, Symantec issued an alert about Slammer to DeepSight Threat Management System subscribers "at approximately 9 p.m. PST on Friday, Jan. 24."
Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th."
Accounting for timezone differences between EST and PST, would this not make the two times much closer to each other?
Heck, Microsoft released a patch to fix this problem in June of 2002. Windows sysadmins had 6 months notice that it was a problem.
I don't mean to sound like a troll or the least bit insensitive, but if the Windows sysadmins aren't keeping their servers patched then that's the sysadmin's fault. The finger of blame should be pointed right at the mirror. Keeping their servers updated and safe is their JOB, unless they have a security specialist, in which case it's their job.
they start caring when they loose money..
The greatest right given is the right to be wrong...
This sounds like Wired trying to stir up a controversy from scratch. Besides, what would have been the impact of them posting a warning a few hours earlier? If an admin saw the notice before the widespread nature of Slammer was known, would they instantly apply patches that they hadn't already installed for one reason or another? I doubt it...
Stop by my site where I write about ERP systems & more
I have wondered why a lot of these Microsoft-worms never seem to have a destructive payload. If you imagine a script-kiddie working hard in his mom's basement, you'd think he'd add a payload of some sort.
(hell, if I had the inclenation and the time to create a virus, I'd atleast change the Windows statup
It's almost like these Microsoft-worms were desingned to create panic and purchasing action, but no legalally actionable damage.
Just a rambeling thought.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Nothing better to increase your business like having something that scares potential customers.
How many windows users that you know that have virus protection software that came with their pc and has never been updated? They won't upgrade their virus software until they learn that it is necessary.
When do they find out it is necessary? When someone hits the web with a massive worm/virus. If nothing massive happens for a while, I'm sure antivirus companies are losing money. What better way to spike sales than by creating panic?
I fix a lot of systems (windows based) and the difference is you can actually run software without being root in UNIX. I would bet over 1/2 the software out there won't run on Windows unless you have admin rights. A girls computer I had to repair (for the 3rd fscking time) has this POS Cattery software (Delphi, give me a break) and it cannot connect to it's JDataStore since her user doesn't have admin rights. So I'm screwed, I have to give her rights for that and about 6 other programs that won't run. I cannot believe the piss poor planning (any planning MS?) that went into Windows.
MS Linux like OS X would be good. Windows isn't that bad of a UI it's just a piss poor backend that causes problems.
From the article: Symantec issued an alert ... at approximately 9 p.m. PST on Friday, Jan. 24. and Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th.
Aren't these the same time once timezones are factored in?
So explain to me again how they knew about it before anyone else? -kaos
I don't see why people expect companies to donate information that costs them to find. They could've used this info in two ways, the way I see it. First, is to share it to their corporate customers who pay to have this kind of early warning. Second, release it to the media, CERT, and other organizations and make sure they "advertise" that Symantec found it first.
So they chose the first. Big deal. Do you really think even a majority of these sysadmins would have firewalled their MS SQL server hours before it would be infected? Doubtful. If they didn't apply the patch from July of '02, then they're not going to immediately respond in a few hours to patch an impending threat.
At least from a "We're a company, we exist to make money" standpoint. Symantec maintains that privledged list precisely so they can make money - they offer a "tell you before I tell anyone else" service, and people are obviously willing to pay for that.
Besides, I highly doubt Symantec is the cause of slammer, and because of that, they don't have any moral obligation to let anybody know about it. On top of that, we're talking about a matter of hours, not days or weeks. They probably told their clients "Uh, we think something's coming, so watch out". I highly doubt they would have had specifics.
Not trying to flame here or anything, but let's be a little realistic. If anyone's to blame, it should be Microsoft, for releasing the buggy program in the first place, or the sysadmins for not applying the paches, yadda yadda yadda.
Symantec issued an alert about Slammer to DeepSight Threat Management System subscribers "at approximately 9 p.m. PST on Friday, Jan. 24." Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th.
For those of you who don't know the difference, EST is 3 hours ahead of PST. Thus DeepSight identified Slammer at about the same time as the 'rest of the Internet'"According to Symantec spokesman Yunsun Wee, Symantec issued an alert about Slammer to DeepSight Threat Management System subscribers "at approximately 9 p.m. PST on Friday, Jan. 24."
Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th."
Uhh...that's about the same time isn't it Sparky?
Probably not. Those forewarned took it seriously because they pay for the service. If Symantec had said that a huge attack was imminent and to block the port and patch your SQL servers, how many people do you think would have listened? Of those who listened, how many of those have processes in place so that the requisite network or software changes would have required approval that would have come too late to do any good?
The people who paid for the warning are going to take it very seriously, but aside from that, I would wager that there would be enough doubt about the validity that measures wouldn't have been taken anyway. Patching the server has the obvious implication for many mission critical databases of a potential restart and potential for undesired change in functionality, so patching in many cases would require a testbed server and evaluation, which this warning provided insufficient time for. Blocking the port, or disabling that part of SQL server, for those with it enabled without needing it, means they need to understand what it does or does not do for them. If they already knew, they would have disabled it sooner, so you can't say they would immediately realize and shut it down.
XML is like violence. If it doesn't solve the problem, use more.
I see two possibilities:
1) It was done for hack value, not vandalism.
2) With how many Windows computers there are out there, a simple worm has the ability to cause more than enough trouble.
As for Slammer not having a payload, that's because it was designed to fit in a single 505-byte UDP packet. There wasn't room for a payload.
Ford's service is making cars. Are you saying that Ford has a moral obligation to give me one, even though I haven't paid for it?
No - get the analogies right. If I, as a car servicing firm, knew of a part in a Ford car that could fail and cause the car to go off the road at random and I only let my best customers know, I would be sued for screwing around with peoples lives.
Not that I have any sympathy for either MS or Sympantec - Symantec gets to make money off the loopholes in MS's operating system in a strange almost parasitic relationship. The only thing that isn't clear to me is which company is the host...
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
In order for Symantec to have a "moral obligation" you must first assume that Symantec has Morals to begin with. They do not. It's that simple.
-- DuckWing
My Magic Eight Ball predicts of a future exploit of a buffering problem in Microsoft software.
How can you know this stuff Magic Eight Ball!!
Ummm..."shortly after midnight EST" is pretty damn close to "approximately 9 p.m. PST"! It doesn't sound like Symantec had much advance knowledge at all.
I've always noticed that too. The fact that there's never any large-scale loss really does encourage the idea that its not your garden-variety blackhat. When I was a kid, your computer contracting a virus meant that you could kiss all your files goodbye. These days, it means your connection will be lagged and maybe some e-mail sent. All ILOVEYOU even did was delete some jpgs and mp3s. I'm surprised that none of these worms don't wait for an hour or two(for the computer to finish spreading) then wipe the machine or something - or maybe begin spewing the contents of the SQL database onto the 'net (heaven forbid credit card #'s be in there).
I always say when something like this happens - at least the attacker wasn't going for raw damage.
It's a marketing gimmick to get less savvy IT managers to think that going with Symantec will get them ahead of the game. They're burning themselves twice: they'll alienate the infosec community that rightfully believes that knowledge of a potential devastating exploit gained in advance of its use should be shared, and they'll make very poor relationships with customers who fall for this kind of marketing and never have their expectations met down the road.
So long, michael. Don't let the door hit you...
root@yourcompany:$ ./karma_burner --reply=ON --moderators=ON
If Symantec had a moral/ethical obligation to warn the rest of the world about Slammer before it was released, don't they also have an obligation to warn the rest of the world that if you're using a POS, buggy, perpetually frought with nastiness operating system that you're bending over and just asking for it anyway?
Fact is, even if they had said something, 50% of the world would have laughed because they're not running Windows, 5% of Windows sysadmins would have been at the consoles sweating it, and the rest of the world would have stayed in the recliner because they don't keep up with security updates anyway OR they have their heads so far up Gates' ass that they couldn't possibly believe it.
Personally, I sat back and laughed. How about you?
Blog,Twitter
That would be like having the US selling WMD technology to other countries and then invading them
later for having it. What responsibly sane organization would do that?
Now, I've not always considered myself and idiot, but lately I've come to believe that's the case. For example, I find myself monitoring the North Korean News Agency and actually expecting to find news. I did, however, find this:
Symatic Antivirus Policy Flailed
Pyongyang, February 14 (KCNA) -- The DPRK calls upon the Symantic "corporation" to behave itself. Unchecked viral aggression under the guise of helpful support is obvious to all but the US warmongers. The peace of all nations is it at stake, and it should be noted that the so-called "Slammer" worm was an effort by imperialists to stifle the peace-loving livelihoods of the DPRK.
Now that the guise is unmasked, no one but war mongers see the clear provocations. The DPRK reminds the US that such clear efforts to undermine stability on the peninsula by allowing servers to go "unplugged" and "unfixed" merely underscore the fragile nature of the current nuclear-war situation.
It's a fairly fundamental difference.
I would think that they would be more careful about raising people's suspicions about their prior knowlege of absurdly fast propagating worms.
Maybe they are believers that 'any publicity is good publicity' -- even in their business.
Send us your Linux Sysadmin articles!
Geeky modern art T-shirts
WRONG. They had a LEGAL obligation to report this. Releasing a virus onto the internet to infect other computers is a FELONY -- a CRIME. If you witness a crime and don't call 911, you're an accessory to the crime. Symmantec had a LEGAL obligation to report this obvious CRIME to the authorities. Because they didn't, they are an accessory to the crime.
social sciences can never use experience to verify their statemen
Symantec.
The same Symantec who's Norton Anti-virus product is prominently featured in a rash of spams in my inbox?
The same Symantec who claims to follow up on reports of this to spamwatch@symantec.com? That never seems to lead to any sort of actions?
The same Symantec who just changed their auto-renewal to cost people more money IN THE MIDDLE OF THE RENEWAL CYCLE?
Huh, who'd'a thunk it?
Glad I use somebody else's anit-virus software.
www.eFax.com are spammers
It's shared, because it's the culture MS engendered around their software. Now that MS is being forced to become more security conscious, the software community they fostered, along with its sloppy habits, have become a hindrance.
For years, features and fast development were up-front priorities on Windows, and security hadn't hit the radar screen. This encouraged sloppy programming, to get flashy new stuff out the door quickly. Somewhere in there, compatibility rose in the priorty scheme, as MS became a victim of its own success. Once upon a time, breaking old software was a way to encourage new software purchase. Now, breaking old software discourages new platform purchases, so compatibility has become necessary.
So old software, written in the days when security wasn't even an afterthought has to run on the new platform, or the new platform won't sell. At the same time, the new platform must be more secure.
Not an easy problem.
Someone mentioned sudo, but I guess that's got the commie pinko GPL on it.
The living have better things to do than to continue hating the dead.
It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release.
Libel - A false publication, as in writing, print, signs, or pictures, that damages a person's reputation. The act of presenting such material to the public.
Michael,
I know you're pretty opinionated and think highly of yourself, but you may want to reconsider posting such statements as it could adversely affect you and your employer.
Another important point is this:
The worm spread around the entire globe in minutes. And Symmantec didn't know about the worm in advance, they are simply saying that they knew about it before anyone else. (Which other posters have pointed out is BS - apparently journalists and corporate managers don't understand time zones)
Which leaves us with this simple fact: even if a sysadmin had gotten and read symmantec's message immediately, it is unlikely they would have had time to block the port and/or patch their server in time anyway! They may have already been hit in the time it took them to read the virus alert.
The fact that symmantec noticed it was happening is hardly surprising, they make money by detecting and stopping viruses. Of course they would notice when a ton of traffic on a certain port started inundating the internet.
This whole story is a load of crap. Hopefully wired will be more do a little more research in the future into the stories they display, but somehow I doubt it.
// harborpirate
// Slashbots off the starboard bow!
Slammer hit so hard and fast (doubling every 8 seconds, peak scanning rate in 3 minutes, analysis.
An "hour" before is a preposterous claim. They might have gotten in 10 seconds before, or even a minute if the first couple of copies were on bad links, but an hour is total, complete, and UTTERLY ridiculous claims to make.
The only way they could make the claim is if they found an extra-buggy, prerelease version. IF so, we need to know about it as it aids in understanding the author.
My bet is they saw some unrelated script-kiddie scanning (we saw some of this in our OWN data sets) and someone in marketing is trying to say that they saw the worm 2 hours ahead of time.
Test your net with Netalyzr
Its crap that they hold information back but heres what i think about any one who got wacked with it.
... If your car has a recall you sure as hell don't sit around and say ah ill get it fixed tomorrow, cause your ass could end up on the side of the road in itty bitty pieces. People should think they same way about computers, mantain, update, and keep it clean you will never have a problem, and get security patches !
Some people and companies practice poor computer use
I haven't had a problem with any of my computers with viri, worms, and other things, just because i keep them updated !
It also helps to not be an idiot with your e-mail !
- MOSKIE
It's not ALL Microsoft's fault, but they're definitely NOT in the clear. They make shitty software. That is a fact.
Let's expound on that. Let's say that Yugo's have shitty locks, and there's a well known "technique" that carjackers use to steal Yugo's, and YOU own a Yugo. There's a fix that you could have applied to your car to avert tragedy.
Your car gets stolen. It is your fault because you could have done something to stop that from happening. Still doesn't put Yugo in the clear from making shitty cars.
Heh, perhaps the most interesting point we can draw from this is the fact you (the royal you) decided to buy (use) a Yugo (Microsoft Product)
Someone help me out here. The article states: "If I witness a felony but refuse to call 911 because the victim hasn't paid me money to do so, I'm technically an accessory to that crime, not to mention a really rotten citizen." I don't believe this to be true. I have been advised, by poilice officers and law professors, that if I happen upon someone drowning in a pond and screaming for help, that I am well within my rights to pull up a chair, take out a bag of popcorn and a coke and watch. Our laws do not provide for forced intervention in crime by the citizens. Sure, it would make me a rotton person, but it does not make me an accessory. Can anyone site law differently?
Comment removed based on user account deletion
That same claim can (and has) been leveled against the defense and intelligence industry for some time now. If we don't believe there to be a threat, then we (any given 'we') will not pay for a defense against that (non) threat. The point you make, however valid, isn't really all that new.
I'm not in any way trying to flame you, however...I'm just pointing it out because it seems interesting to see how once again it's the same old story (life, that is) with a new wrapper on it.
From the Symantec Web Site:
For example, the DeepSight Threat Management System discovered the Slammer worm hours before it began rapidly propagating. Symantec's DeepSight Threat Management System then delivered timely alerts and procedures, enabling administrators to protect against the attack before their environment was compromised. This combination of comprehensive up-to-the-minute attack data combined with effective solutions, patches, and countermeasures enable corporations to protect information infrastructure while avoiding downtime and lost productivity.
It sounds to me like a Tech Security company trying to boost sales of their new Threat Management System and Alert Services by stretching the truth. And we all know the sales and marketing folks would not blink an eye at fudging facts to sell their products.
Does this mean Symantec had anything to do with the Slammer virus (as Michael alluded to), I don't think so (and honestly to make an accusation like that is just plain ignorant).
Just my take. Now let the negative modding begin.
Dozens of network administrators from around the world on the NANOG mailing list, and EFnet #nanog all saw the first packets of Slammer at 05:29:29 and 05:29:45 GMT. That's dozens of very well placed people all seeing the first incident within a 16 second window, and not one administrator saw one earlier. How am I supposed to believe that Symantec knew about this earlier when none of us did?
I would like to see a copy of this so-called alert they sent out before the worm hit, if it exists, and then an explanation of how they knew in advance this worm would hit. Dubious does not even begin to describe it.
but Symantec has a moral responsibility to inform the public if it thinks millions will be affected.
Symantec does not have a moral responsibility to inform the public. Symantec isn't a publicly funded corporation, or a government agency.
You do not have a right to benefit for free from the hard work of others. Symantec's ONLY moral responsiblity is to increase value to their shareholders. This isn't the late 1990's where you can create a technology company based on the idea of giving things away for free and expect that to fly.
Part of that responsiblity is to treat their customers right. Given a limited timeline, and the need to provide the most value possible, they chose to send an alert to some of their (presumably) biggest and best customers. I believe that Symantec worked in a very appropriate manner in this case.
Note: I didn't read the article. I did read quite a few articles yesterday when the link was posted on hardocp.com however.
I am disrespectful to dirt! Can you see that I am serious?!
Maybe you should get *your* analogies straight. Everyone is acting like Symantec did something horribly wrong. Let's not forget that there has been a patch available for this since july of last year. So if we must make analogies, how about this one:
I, as a mechanic, know that cars made by Ford had a recall (say for something like tires...). Now, of course it's in my best interest to inform *my* customers, but am I "morally obligated" to stop every passer-by on the street who's driving a Ford and tell them?
The point is, Microsoft admitted there was an issue and fixed it six months ago. Why is it Symantec's obligation to remind us all to secure our servers?
do not read this line twice.
Network Operations had to manually disconnect MANY servers which were just saturating the network. After doing this we got calls days later from people saying "My students are complaining that they can't access my server, any idea why this is?" So if you're expecting that every server has some crack squad of administrators scouring the net to make sure it's updated to the fullest - well sorry, it takes some people days to notice that their server isn't even on the network anymore.
I mean you'd think people would turn on CNN and see SQL WORM RAVAGES INTERNET, and think, gee don't I have a machine running an SQL server, maybe I should check up on that? But no.
The reality is that there was a patch available for this months before and nobody bothered to install it, I don't think a few more hours would have made much of a difference at least where I work.
I saw this first hand. When Opaserv variants were coming out almost weekly last fall, Symantec was very slow to acknowledge their existance. A few people I know sent them executables of a new variant on October 19. Finally, on October 23, they announced they "Discovered" it...4 DAYS AFTER WE SENT IT TO THEM! Those Symantec liars didn't even tell us that they discovered it, but they're working on a fix. No, they sat on the virus for 4 days! (Want proof? Check out Symantec's Oct 23 discover day for brasil.pif, here, and compare that with the Oct 19 date that many of us first noticed that virus on this discussion sire here.) And of course, following true to Symantec policy, they claimed to have released a fix either the day of discovery or the the next day...to show they're working hard for their customers.
Stupid liars.
No system is immune, however UNIX has 25+ years of testing while Windows releases are so frequent there is little time for hardening.
<Homer Simpson>
I agree with you! In theory.
Communism works! In theory.
</Homer Simpson>
You are comparing the amount of time that UNIX (a common name for a wide number of totally different and constantly changing operating systems with different kernels, tools, applications, and philosophies) been tested to the release schedule of Windows (which is a product sold by a single company, generally released once every 1-2 years and patched just as frequently as any UNIX system that actually has a wide variety of useful software installed) and making a judgement on security. You know what? My television gets more miles to the gallon than the amount of electricity my grapefruit uses.
I agree with your subject line, but your content makes no sense. Then again, any old install script on UNIX can make anything setuid root, world-writeable, and world-executable, if you run it as root. The only way UNIX is more secure is if you read every line of code and every line of every script you run as root, and do everything else in a chroot-jailed sandbox. To be quite honest, that kinda thing would greatly decrease my productivity in any operating system, so I just backup my stuff frequently.
Karma: Incomprehensible (Mostly affected by posting at +5, reading at -1, and metamoderating everything unfair.)
Who do you think is writing these sophisticated viruses and worms? Do really believe that the hundreds of new viruses that get released every month is because of some bored hackers who have nothing better to do? There are many stories of "Men-in-Black" style approaches to out-of-work developers in countries with a large high tech community. Someone shows up at your door with a big bag of money and no identity and asks you to write a particular type of virus, you might be inclined to take the money and not ask too many questions. It's called "Creating the Market".
It's safe to say by your post that you haven't.
To post the assertion that these guys have anything to the propagation and dissemination of viruii is retarded - not only do they have to contend with regular build issues, feature requests, etc. - but they also have to keep up with the dozens of virii released into the wild on a weekly basis. The heuristics involved in developing the software necessary to *fix* an already infected (sometimes by multiple virii) is pretty impressive. There's no *good* reason why any of these engineers would intentionally create more work for themselves -- they don't need any.
Additionally, they aren't the only game in town as far as anti-virus software. They would be out of the fame in a New York minute if they were ever found to be involved in disseminating virii, intentionally or not.
Please turn off your computer and go back to your "X-Files" reruns.
P.S. - The coolest thing about the interview was when one of the Senior Engineers showed me the Quarantine Room, where they research different virii and repairing the damage.
- learn to swim.
Please stop equating/comparing/relating every single fucking thing to 09/11. It's only a similar situation in that they knew but didn't tell anyone. What if i knew the exact time you would be born, but i didn't tell your mom? Similar situation, right? What if i knew how long the cookies were going to last before you bought them, but i didn't tell anyone? Similar situation, right?
The plural of "virus" is "viruses". Aside from that, Latin plurals end in "i", not "ii". For example, "magus" becomes "magi", not "magii". The notion of Latin plurals ending in "ii" probably comes from such words as "radii" (plural of "radius"). The reason "radii" has two "i"s is because "radi-us-" becomes "radi-i-".
"In antiquity the word virus had not yet acquired, of course, its current scientific meaning; rather it denoted something like toxicity, venom, a poisonous, deleterious, or unpleasant agent or principle, or poison in the abstract or general sense. [...] Nouns denoting entities that are countable pluralize (book, books); nouns denoting noncountable entities do not (except under special circumstances) pluralize (air, mood, valor). The term virus in antiquity appears to have belonged to the latter category, hence the nonexistence of plural forms." (taken from here) Also, "viri" is Latin for "men", so that's not it either. The word is "viruses".
I know i'm coming off like a jerk here, and normally i don't post just to criticise someone's spelling, but "virii" is a plague. It's because of mistakes like this that we have two words for "disc", and the bizarre spelling of "Thames" (i.e. people trying to make English correspond to its Latin/Greek roots). Anyway, i just thought i'd point that out. That word really bothers me (which i guess is somewhat sad).
Sources:/ v/virus.html
- http://dictionary.reference.com/help/faq/language
- http://www.perl.com/language/misc/virus.html
PS: Otherwise an interesting post, heh.
People say "virii", not because they think they are speaking latin, but because they think it
:-)
;-)
sounds good. They think it expresses what they want to mean.
Look at the whole damned French language for an example of what happens when people spend a few centuries speaking what they think is latin.
So the problem is not that you are right or wrong, but rather, that the people you would like to persuade do not care for your argument.
It's like the people who wish media would stop using "hacker", or that slashdotters would use "GNU/Linux" when they say "Linux"... The argument is sound, and compelling, but is completely lost on those it seeks to influence! Not only do they not care, they actually prefer to stick with their chosen usage! You'd do just as well to argue that "virus" should be a mass noun or a possessive state of being: It has virus. (Like "milk" -- en français, il vaut mieux qu'on dit du virus).
I wouldn't hold my breath waiting for "virii" to go away -- these people don't even CARE that some English words have latin roots!
Hey, that makes me wonder if there is any other language whose plurals are formed with a final -i or -ii?
Now, if someone DOES buy the argument that latin usage should influence English, I wonder if it is important to note that "virus" in latin refers to "poison"... I'm standing by my argument that it should be a mass plural, not a count plural!
It is easy to make the case against "virii" from the latin "virus" -- it is not "virius" therefore not "virii" in the plural.
My advice is to write and speak with proper usage, correct others when they ask you to proofread their copy, and not expect anyone else to upgrade their literacy in
What's next on your agendum?
-fb Everything not expressly forbidden is now mandatory.