As the
worms turn: computers don't spread viruses, people do
by Alan Zisman (c)
2004 First
published in
Business
in Vancouver February 17-23,
2004 Issue 747
High Tech Office column
As I write this, computers infected by the MyDoom virus have, as
promised, barraged SCO's Web site with access-requests, effectively
shutting it down. SCO has made itself widely unloved in technology
circles by filing a wave of lawsuits claiming it owns snippets of
computer code used in the popular open source Linux operating system.
MyDoom, following on the heels of the Bagle virus, has been
characterized as the fastest-spreading computer virus to date; at its
peak, according to security firm F-Secure, it accounted for 20 to 30
per cent of all e-mail traffic. Unlike infections of a year or two ago,
however, it doesn't seem to have knocked any corporate networks offline.
Like many other e-mail viruses, MyDoom spreads itself through
hijacking Outlook and Outlook Express e-mail address books, but it also
spreads through popular file-sharing networks such as Kazaa. While
infected computers are not directly damaged, they try to spread the
virus further and participate in mass denial-of-service attacks. A
variant of MyDoom targeting Microsoft's Web site was apparently less
successful. As well, infected systems are open to commands from a
remote attacker.
Sounds nasty, all right. Network Associates estimated that
400,000-500,000 computers had been infected worldwide. And that's the
saddest statistic of all. That's because these recurrent waves of
computer viruses and worms really aren't about hackers. And they're not
really about flaws in Microsoft's software.
The real story is about ordinary computer users like you and
me.
Despite years of warnings in columns such as this, half a million of
us, receiving an attachment-bearing e-mail message from a stranger - or
in this case, a bogus error message - blithely opened the attachment,
behaviour that eWeek columnist Larry Seltzer compared to sticking a
finger in an electric socket.
It took antivirus software vendors several hours between when
the
virus started spreading and when they published updated software
patches to protect users from MyDoom. And it takes even longer before
these patches filter out to all users potentially at risk. But blaming
the antivirus vendors is just looking for a scapegoat; at the keyboard
of every one of those half-million infected computers there was a user
who knowingly opened an attachment received from a stranger.
Maybe I'm wrong, and none of you let your computers become
infected. In that case, I apologize for nagging. But I received a
couple of hundred infection-bearing messages in the past week, and they
must have come from someone!
I'd like this to be the last column nagging about viruses
that I
have to write. The advice is all pretty standard stuff. If you're a
Windows user, install an antivirus program and keep it up to date. For
home users, I'm currently recommending the free Avast (www.avast.com).
If you're a Windows user, consider using an alternative to
Microsoft's Outlook or Outlook Express for e-mail. Your computer could
still be infected if you open a virus-laden attachment, but at least
you won't spread the infection further.
Consider other options than Windows like Linux or Apple's
Macintosh. You'll still be barraged by the same infected messages, but
they won't be able to infect your computer. When shopping for an
Internet Service Provider, look for one that filters out virus-infected
e-mail before it reaches your in-box. Uniserve, for instance, does
this. Why don't all ISPs?
Break yourself of the e-mail attachment habit. Don't send
documents as attachments; copy the contents and paste them into the
body of your e-mail message. And don't open unexpected attachments.
Certainly not from strangers, but even if they apparently come from
your best friend. Or even from me.