Tangled Webs

    Outbreak!
Issue 5.5
Aug 24, 2000



The Hot Zone


Fear is perhaps the most efficient way of parting a fool from his money. People simply have little facility for rational thought when they are scared. Clearly, this fact has not been lost on companies selling anti-virus software or on the media that covered recent computer virus outbreaks. Since a few months have passed since the last major virus scare, I thought this might be a good time to speak rationally on the subject, but appears another scare may be brewing.

When the "ILoveYou" virus stuck last May, I was first informed of its existence by the company who makes my anti-virus software. They sent email to tell me of the virus and to suggest I download the files required to upgrade my anti-virus software to combat it. After downloading the update files, the first thing I did was to email the company to tell them how happy I was with their customer service.

Over the next 24 hours, however, it became clear not only how out of control the reaction to the ILoveYou virus was becoming, but how anti-virus and computer security companies were heaping as much fuel on the fire as possible in the form of both panicky press releases and widespread SPAM. While these companies do provide valuable services, this was a bit too close to ambulance chasing for my tastes.



Head for the Hills


In reality, the virus was highly infectious and very annoying, but not terribly damaging. Oddly, no one seemed particularly interested in assessing the actual damage that the virus was causing. Quite the contrary in fact, both press and television seemed intent on sensationalizing the story. After a few days, there was talk in America of how the virus might represent a threat to national security and even Attorney General Janet Reno commented on its severity.

Both UPI and AP reported a patently absurd estimate from Computer Economics which claimed that the virus was responsible for US$10 billion in damage and would cause an additional $1.5 billion per day until it was eradicated. Accurate figures of this kind are difficult to calculate, but that no one questioned these numbers is unbelievable. Even a little bit of thought would have shown their absurdity. The total worldwide cost of Y2K rectification is estimated to have been about $280 billion. Y2K rectification spanned more than ten years and involved nearly every computer system on the planet, and we were being asked to believe that the LoveBug had caused $10 billion in damage in a few days? Please.

While claims of stratospheric damages were being thrown around with wild abandon, no one was able to give concrete examples of how companies were being monetarily damaged by the virus. Huge damage figures were simply attributed to "lost time and productivity." Perhaps my experience was not typical, but only two companies I work with were hit by the virus and in both cases, all traces were eradicated in a matter of hours with no real interruption of work.

The real loss of productivity I saw stemmed from overreaction to the virus hype rather than the virus itself. For example, I know of two companies that shut off all incoming email for days until they could "sort things out." One MIS director I know spent two hours fixing the problem and the next three days making the same report to hype-infected non-technical management explaining exactly what the problem was and how it had been fixed.



Relapse


After a week the dust settled, the hype died down, and no real damage could be found. No one, of course, took the time to publicly discuss what had actually happened. The media continued to assert that the virus had caused "billions of dollars in damage." A few weeks later, a similar virus named "NewLove" came out, press releases were issued and the cycle began all over again.

I was unable to find figures on the sales of anti-virus software during this scare period, but I (rather cynically) suspect that these "billions of dollars" in imaginary losses resulted in millions of dollars in very real sales for certain software companies.

Please don't misunderstand. I am not trying to trivialize computer viruses nor to provide excuses for the miscreants that create them. Nor am I trying to suggest that computer viruses result in some kind of net good for the economy. In fact, I would say that every computer user should have some kind of anti-virus software installed, and that scanning for viruses should be as regular a part of owning a computer as making backup copies of your essential files. (You do back up your essential files, don't you?)

Computer viruses are an unfortunate fact of life, and no real good is served when anti-virus companies start calling UPI and the AP every time a new one is discovered. The press, for its part, needs to show restraint and view these press releases with healthy skepticism before they declare that the sky is falling.

On August 16th, yet another variant of the ILoveYou appeared in Europe. So far both the press releases and the press have been more restrained, but only two companies have been affected. In the weeks that follow we will see if the media has learned their lesson or if we are in for another bout of fear-driven software sales.


[ Home Page] [ Back to Index ] [ Previous Issue ] [ Next Issue ]

© Copyright 2000, Tim Romero, t3@t3.org
This article fist appeared in the August 8th edition of The Japan Times.
Tangled Webs may be distributed freely provided this copyright notice is included.
The Tangled Webs Archive is located at http://www.t3.org/tangledwebs/index.shtml