By Dr. Philip Baczewski, Associate Director of Academic Computing
Who do you trust?
Thanks to the "ILOVEYOU" virus, obnoxiously nicknamed "the love bug" by the popular press, we are now again aware of the tenuous status of our computers' ability to live on the Internet as well as continue to function from day to day. That is, some may feel a bit shaken, however, others seem as confident as clams in the mud. Is it just a matter of time until your luck runs out? Is it just a matter of odds? Maybe, but maybe not.*
Some of the ways to avoid the ILOVEYOU virus are to use a Macintosh or LINUX operating system, use Windows but not its E-mail subsystem, or just not open any attachments for which you don't recognize the file type or file origin.The reason the ILOVEYOU virus spread at all was because of the trust people placed in the source of the message and its integrity. The other reason was that it was so easy to exploit the interoperation of the Windows operating system and some of its tightly integrated programs.
The View Through the Windows
It's interesting to note that Microsoft's initial reaction to the ILOVEYOU virus was to do nothing. Their stance was that there wasn't any kind of bug in their software, so they didn't need to release a patch or anything. That's the scary part. The software was working the way it was supposed to work. In other words, it is a feature of Windows to allow an unknown program to access your address book, send out E-mail, and write over your files, all without any knowledge or intervention on your part. Microsoft claims that these are features that their customers required.
Act II of this drama is that Microsoft recently released a patch for their Outlook Express E-mail software. If the patch is applied, Windows will prompt you for your approval before letting a program do things like access your address book. Microsoft states that this may be an inconvenience for people used to doing automated contact acquisition and the like functions. Apparently, letting a program trash all your files is not considered an inconvenience by those geniuses at Microsoft.
It's so Convenient
So, you ask, what's wrong with a little convenience? Doesn't Microsoft just want to make things easy for us? You bet they do. They can make a whole lot of things easy. That's why they would enable an E-mail attachment with a "VBS" extension (for Visual Basic Script) to run as soon as you open it. This let's your E-mail talk to your Internet browser, or your word processor. It just happens that all of those things are made by Microsoft.
Microsoft wants to make things easy and convenient so that you won't have to know anything about computing. This is in your best interest isn't it? Well it does make you rather dependent on using Microsoft's operating system, Microsoft's browser, Microsoft's E-mail program, Microsoft's word processor, etc. But it's so convenient!
Microsoft makes things so convenient that you don't really need to understand computing to use it. But that's OK, because you can buy a third-party virus protection program and keep your computer safe, right? Even the best virus protection programs didn't stop some bright people from "catching" and perpetuating the ILOVEYOU virus. Virus protection programs are by necessity reactionary. You can't make a vaccine if you don't have a sample of the virus. There is always a lag, however short, between the appearance of a new virus and measures to control its spread. This is true whether you are talking about computers or humans.
A virus protection program can guard you against the accidental infection, but it doesn't protect you against the unknown. The virus protection companies would like you to believe that all you have to do is use their product and keep your virus data up to date and you'll be safe. They make a lot of money because you believe that. It's not that their programs don't have utility, but you do have to ask whose best interest do they really have at heart?
A Matter of Trust
So who do you trust? Microsoft? McAfee? How about yourself? The ILOVEYOU virus could have been defeated by healthy doses of skepticism. This is true of other similar viruses. Did that "South Park" attachment really come from your 90-year old Aunt Millie? Does the high-speed networking mailing list really love you? If you don't know what a ".VBS" file is, should you try to view it? If something looks like garbage mail, could it be?
If you put your trust in Microsoft or other commercial companies that have a vested monetary interest in your ignorance, you will get what you pay for. Or rather will pay dearly for what you get. You will pay by losing your independence. Here's where a little education can go a long way. Keep up with current trends in computing. Know all of what a program does before you install it. Know what the new features of an operating system are before you upgrade. Or better yet, free yourself from software profiteers by adopting open source operating systems and programs (but be prepared to do some serious learning). Oh, and one more thing -- is your hard drive backed up?
Comments, Questions? Send them to Philip Baczewski.
Other articles in this issue also address the topic of viruses and computer security: