Week of May 29, 2000

From the Puget Sound Business Journal

Computer viruses will continue to come in waves Chaim Yudkowsky "I love you."

This universal expression of substantive fondness that one human may have for another now has a completely different meaning for many of us. The billions of dollars of damage in the form of wasted time and system damage and the mistrust of e-mail and computer reliability were just some of the fallout of this lightening attack on computer networks worldwide.

Now that most of us have recovered, we must debrief ourselves to examine the lessons of this modern day love bug. The vast infection of the systems of disparate organizations demands a better understanding of how to better prepare defenses against similar future attacks and procedures for adequately responding to those that may slip through the cracks.

They will not end. Even if the developers and spreaders of this attack are caught and punished, the likelihood of ever increasing frequency and ferocity of attacks and the speed of their effect will not end.

After Melissa last year, we believed that we were prepared. The evil intent or simple interest to test the limits of "their own ingenuity" assure that virus designers will remain tempted to carry on. Thus, in some respects and despite its impact, the ILOVEYOU virus is still analogous to a trashcan fire preparing for the possibility of a building-engulfing fire.

Rules are not changing behaviors. Curiosity still rules. Scary as it sounds, even machines at the Pentagon and the CIA, considered the paragons of national security paranoia (rightfully so), were infected. Rules alone are not changing behaviors. In fact, despite the ILOVEYOU virus, I am certain that a foreign and unknown "joke" attachment was opened today on a least one machine in most of your businesses.

Auditing and enforcing behavior relating to "safe computing" is not enough. Consider combining filters and other software with ongoing user education to get the message across. Even with a daily reminder, folks are still going to be tempted to open the right message addressed to them regardless unless they know better.

Common sense, common sense. Even knowing better is not always the answer. When early the fateful first morning of the attack I got a message from a vendor saying ILOVEYOU, I knew something was wrong. First, though I pay his bills on time, I know he does not "love" me. Second, I try to encourage a no-junk-mail policy to friends and colleagues, thereby rarely receiving humorous attachments. So it stood out.

Talking to those that opened the attachment, the theme has usually been an admitted "I should have known better." Instead, getting an ILOVEYOU message was assumed to be a joke or game.

One consulted "expert" recommended the nonsensical solution of not opening or deleting the ILOVEYOU message. Because many traditional media types, especially local folks, do not generally fully understand the technical side of technology, they are useful in informing the public that there is a problem, but not reliable in describing a substantive solution.

The risks of standardization. In this latest attack, users of Netscape were not affected if Microsoft Outlook was not installed. Microsoft products continue to be popular focuses of virus attack because of market share. The thinking is if "I want to be successful in my virus intent, I must go for the market share." By embracing the market leaders' products, we must be careful to be especially sensitive to the perils of a zealous virus designer who may focus on that market share.

Know thine antivirus vendor. As a user of the powerful enterprise focused Panda Software (pandasoftware.com), I was impressed by the difference of response of my vendor and others. The traffic jam on McAfee's and Symantec's Web sites lasted for a few days and downloading their fixes took patience.

Panda, on the other hand, not only sends me e-mail almost daily to keep me informed about the world of risk, but they on this occasion e-mailed me early about the problem -- then that afternoon e-mailed me the solution as a registered user.

Behave responsibly if it happens to you. Once the Love Bug infiltrated your e-mail system, how long did it take you to stop infecting others? Did more than one user send the virus to more than one external e-mail address more than one time? How about internally?

In many cases, the answer was yes. The justification, despite infection and not understanding the nature of the infection, was that the e-mail system is critical to the business "as a service to their public." Therefore, the problem was perpetuated by staying up and connected until solved.

Could another attack like the "ILOVEYOU" virus happen again? Sure. Still, I hope with the lessons of this virus, the only Love Bug that we hear of is a remake of that old Love Bug -- "Herbie."

(Editor's note: This column was written before the second, more virulent round of the "ILOVEYOU" virus hit last week.)

Chaim Yudkowsky is chief information officer at Textilease Corp., a uniform and first aid services company serving the Southeast. He may be reached at 301-937-4555 or cyudkowsky@byteofsuccess.com. Join our discussion group at byteofsuccess@egroups.com.

http://www.bizjournals.com/seattle/stories/2000/05/29/smallb4.html

-- Martin Thompson (mthom1927@aol.com), May 30, 2000