Fun_People Archive
6 May
A Virus Brings up a Dreaded Subject (or two)


Content-Type: text/plain
Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
From: Peter Langston <psl>
Date: Sat,  6 May 100 13:52:46 -0700
To: Fun_People
Precedence: bulk
Subject: A Virus Brings up a Dreaded Subject (or two)

X-Lib-of-Cong-ISSN: 1098-7649  -=[ Fun_People ]=-
X-http://www.langston.com/psl-bin/Fun_People.cgi

[Fun_People,  This is a repost of a small compilation of comments on the  
recent "love letter" virus.  The original was bounced by many, many mail  
systems with an annotation that it may contain the virus.  I'm guessing that  
my subject line triggered this reaction.  We'll see...  If you get this  
message twice, then your system did not filter it out at all; if you get just  
this version, then your system was sensitive to the presence of the name of  
the virus; if you don't get this at all, then your mail system is being too  
paranoid, but you'll never know, will you?
    It's kind of annoying... I wish Microsoft didn't sell (or give away) so  
much dangerously bad software.  Well, here goes...  -psl]
____________________________________________________________________________
From: John LoVerso

>    I am sure we will
>    have more than 100,000 lost files after it is all said and
>    done. - Eric Kenney
>
>    My company may face losing tens of thousands of album cover
>    art images.... - James Niklam
>
>    I lost almost a year1s worth of website designs. This virus
>    cost me thousands of dollars and hundreds of hours worth of

Didn't these people ever hear of backing up important data?  Do they really
run untrustworthy apps ("Outlook") with unneccessary write access to their
important data?
____________________________________________________________________________
From: Dan Kalikow

Reminds me of what one e-wag recently quipped -- that even VIRUS-writers
don't support the Mac...
____________________________________________________________________________
From: Anton Sherwood

How much of the Loveletter damage is from its being automatically run by
Outlook, and how much from its being naively run by other users who'll
clock on anything?  Can design, rather than user education (always too
slow), reduce the risk of trojan horses?
____________________________________________________________________________
From: Peter Cassidy

Yes, an e-mail scheme that substitutes pine and an ftp client for Outlook
would take care of a good deal of that risk.  The known risks of Outlook
are enough to disqualify it as a mail handler for any organization or
person that requires continuity of service and security.
____________________________________________________________________________
From: "Eric A. Hall"

All of the gross damage is directly attributable to Outlook, since the
biggest part of the problem by far is self-replication though the
address book. Without that, it would still hurt, but would only hurt the
first few idiots that opened it. Just to be clear on that; it doesn't
matter "how" it got launched, the problem is Outlook's complete trust of
VB Script and the total access that VB has to the OS.

The way Outlook automatically executes the script whenever the message
is previewed (and the way that Outlook Express automatically executes
the script whenever the message is "opened") is the root cause of this
problem. Nobody has had to open the attachment. Even if somebody with
another MUA opened it, the damage would be isolated to that system.
____________________________________________________________________________
From: t byfield

...so the obvious solution is to spend millions on a worldwide
manhunt for the 'amateur' bricoleur who fashioned ILOVE YOU...
i suppose it makes sense, when you consider what the repercus-
sions of doing what would need to be done to chasten all those
IT 'professionals' responsible for developing and deploying MS
wares. to say nothing of chastening all the legal geniuses who
are failing to recognize how cybernetic systems are manifestly
laying waste to the basis of a whole lot of legal theory.
____________________________________________________________________________
From: Charles Platt

I confess I seldom read everyday newsprint anymore, and never see TV. Can
anyone, more conventionally involved with the media than I am, confirm or
deny my suspicion, that most news reports have not bothered to mention the
seemingly obvious fact that an email virus of this type (which apparently
cannot be transferred via boot sectors of floppies, or similar means) is
totally defeated if the user takes the elementary precaution of backing up
data?

Certainly this has not been mentioned in the Web reports I have seen. In
which case, the news media are performing an even grosser disservice to
the public than usual.
____________________________________________________________________________
From: Bill Innanen

My local news broadcast (Ch 13 Baltimore) had a list of 3 or 4 things
to do to protect yourself.  The last item was "backup, backup,
backup!"  And they spent about a minute discussinghow to do that.

Anchor person: "You mean it wipes out all my pictures?!"

Tech reporter:  "You'll never see them again unless you have a backup
or a hard copy."

Anchor person:  "Tell me again how to do a backup..."
____________________________________________________________________________
From: Charles Platt

On Sat, 6 May 2000, Bill Innanen wrote:

> My local news broadcast (Ch 13 Baltimore) had a list of 3 or 4 things
> to do to protect yourself.  The last item was "backup, backup,
> backup!"  And they spent about a minute discussinghow to do that.

Great anecdote, sums up the whole problem.

Perhaps some of the blame, here, should rest with software/hardware
manufacturers who have ceased including adequate documentation. My
"Getting Started" booklet, supplied with Win98, includes only one
reference to backups, on page 77, consisting of two paragraphs, neither of
which mention WHY a backup is so important, and neither of which tell the
uninformed user HOW (s)he is supposed to back up a 4-gig hard drive (I
mean, onto floppies, or what? Even using Zip disks, you would need a
bunch.)

By contrast, when I bought a new car, it came with a video tape that
provided a guided tour of all important features, plus an owner's manual
which has prominent warnings regarding every conceivable thing that might
go wrong: How to avoid it, and what to do if it happens.

If the computer industry were a fraction more ethical (or had been sued on
a subject relevant to this topic) it would include a big warning sticker
along the lines, "All hard drives eventually crash, and may lose all your
data. Computer viruses also may erase your data. Backing up your data on a
weekly or, ideally, daily basis is absolutely essential."

When I used to teach introductory computer classes, often I found that
students refused to believe that their hard drives could crash without
prior warning. The whole concept was bizarre to them. "You mean, these
things just stop working? How can they sell things that do that?"

So long as we dump incredibly complex machines onto people's desks, with
no adequate information about basic concepts involved, ignorance will
enable catastrophes; at which point, of course, regulatory agencies will
move to "address the issue" in some nightmarish way that claims to help us
while really helping them--for example, by outlawing anonymity or
encryption.


prev [=] prev © 2000 Peter Langston []