Don't believe all you hear about viruses

Kilen Mathews Special to the Middle East Times Afraid of software viruses ? There's something even scarier: False Authority Syndrome. Many people speak with confidence about software viruses but few people have adequate understanding or real experience in this obscure technical area of computer security. Many people, including computer specialists, are quick to cry "virus" as soon as a PC crashes. I have seen managers literally running through the office to tell everyone to shut down their computers because their own word processor locked up on them. This is part of a pattern of behavior, known as "False Authority Syndrome" (FAS) which can occur in almost any field of interest that seems to have found a window of opportunity in the area of software viruses. I am writing this column to ask you to question everyone's credentials (including mine!) in the area of PC software viruses before you react to warnings of software virus disasters. The FAS term as it is used here was coined by computer virus experts and is discussed at length by virus hoax consultant and writer Rob Rosenberger (see web link below). He works to 'stop the hysteria' with the message that 'the sky is not really falling'. Information is available and while computer viruses are a threat, so is over-reaction to False Authority Syndrome about computer viruses. There are several areas where we meet the FAS with PC viruses. First (watch out!) is journalists. Many technology journalists have some PC skills and experience. In addition they know lots of consultants and key information systems professionals and managers all too eager to be quoted in the press making dire predictions and assessments of software viruses. Over-reaction seems to be the norm in this arena. I once worked in a military institution where the commanding officer ordered everyone to turn their computers off on 5 March and not turn then on again until 7 March in a effort to avoid the Michelangelo virus. Fortunately, that year 6 March was on a weekend so most people didn't go to work anyway. Before 5 March, I had inspected about 50 of the PCs at the installation and found less than five with any viruses. What I worried about was the fact that nearly half of the floppy disks I tested that belonged to those using the infected computers carried the Michelangelo virus! The case of Michelangelo The famous Michelangelo virus is a case in point of False Authority Syndrome at its worst. In the days leading up to the anniversary of the birth of the artist Michelangelo (6 March) in 1992 the press began predicting global catastrophe to be caused by a software virus that would delete files from PC hard disks that were turned on that day. There were reports from respected industry sources including the president of famous anti-virus software company McAfee Associates, John McAfee predicting that millions of PCs worldwide would have their data destroyed by Michelangelo's namesake virus. The media hype in newspaper and national television was enormous and outrageously exaggerated. Finally, on 4 March 1992, just 2 days before "V-Day" as it was being called, Bart Ziegler of the Associated Press filed the first AP article with contradictory views about the pending disaster. True virus experts were predicting under 10,000 PCs at risk worldwide rather than over 10 million as suggested by McAfee. Why the misunderstanding? Why had the true virus experts not been heard from? "Nobody asked" was the common reply. The press was all to eager to jump at sensational reports boldly and confidently offered by respected experts who were talking on a subject beyond their expertise. The sixth of March 1992 came and went: AT&T, which ran 250,000 PCs worldwide, reported that exactly two had been affected by the virus. The media started concentrating on the story of the fear about the virus rather than the virus itself. How could the so-called experts be so wrong? False Authority Syndrome on computer viruses was born. Oh, and John McAfee resigned from the US's National Computer Security Association first thing Monday morning. But the anti-virus software manufacturers had made a killing. Another breeding ground for FAS on software viruses is among computer security consultants. Now, these are people who work to protect corporate information assets and security of systems. That does not make them experts on software viruses. Most people have only encountered a few software viruses or more likely, many instances of just a few or the most common ones. Armed and Dangerous The bad news is that there are real software viruses out there. And some are very malicious and downright nasty. The "One half.3544" virus is a good example. This mean little program is of a class known as "stealth" viruses because it uses tricks to hide itself from specific anti-virus software detection programs. This program encrypts your hard disk a little bit at a time with a secret code only the program knows. Any time you read data from your hard disk while the virus is running it then de-crypts your data back to normal before sending to you. So you can't tell there is anything wrong. It's really not a big problem for a while. But if you try to remove the virus, suddenly your data is corrupted and unreadable. I did say it was mean. There is a way to deal with this but it isn't pleasant. You have to back up your files to external disks before you remove the virus so that you have decrypted versions. Then use F-PROT software to kill the virus and restore your files from the backups. You won't want to do it twice. So what can you do? So prepare your systems to minimize the chances of a software virus attack and react conservatively when you are told there's a software virus threat in your office. Steps you should take, now: 1. Buy anti-virus software, the best you can get. F-PROT, McAfee and Norton are good choices. And if you have a network, you must protect the server as well as every workstation. 2. Make sure you do regular backups of your files. I know it is a bother. But that is nothing compared to losing all of your data because of a software virus. It does happen. 3. Enforce a policy of scanning every file downloaded from the Internet. 4. Enforce a policy of scanning every disk anyone brings into the office. EVERY one. From anywhere. That includes CDs. Several people in Cairo are taking the free CDs that come with international PC magazines and selling copies made on their own CD-ROM drives. Although the original magazine CDs are usually virus-free, the copies can be full of them. 5. Don't disable the anti-virus software! This may seem obvious but I have seen people install anti-virus software then turn it off because it slowed their system down. And in almost every case they had software viruses on their systems when I checked. 6. Don't worry about isolated systems. If you have a standalone PC (not connected to a network), without a modem, that you just use for office processing you can treat it differently. If you can virus scan all diskettes before you use them on the machine, it won't need the virus scanner enabled on it. 7. If you hear of a pending virus disaster, check out the latest and reliable sources for information (see below) not the salesman who sold you the computer, not the technician who repairs hard disks, and not even the articles in the magazines and newspapers crying "Virus the sky is falling!" Remember, don't believe everything you hear or read especially about software viruses. If you want to know more and promise not to fall prey to False Authority Syndrome after reading one article you might want to try these web sites: http://kumite.com/myths/myths and http://www.datafellows.com. Technical note: For you techies out there, pushing the edge of the envelope, be warned the total new software viruses found that you get from email + HTML + Java + ActiveX + = ...(drum roll, please) ...zero. None yet anyway. Think you've had a virus attack? Have a true experience to tell, send them by email to: Kilenm@bigfoot.com. Back Home