Truth About Computer Security Hysteria
With managers like these, who needs hackers?Rob Rosenberger, Vmyths co-founder
Friday, 24 December 1999
WHAT DO ALPHA Technologies, Iowa State University, Mid-American Energy, and the Swiss government have in common? Answer: media hype convinced them to stop using the Internet. They've joined the likes of the U.S. Air Force "Year 2000" Office....
"Alpha Technologies introduced the concept of reliable standby power to the cable television industry," notes CEO Fred Kaiser on his company's website. Ironically, his firm will need no backup network power on New Year's Day — because they'll use a corporate-wide precautionary disconnect to avoid unknown Y2K viruses.
Network director Keith Batt sent an email to all users (including Kaiser) on Tuesday saying "Alpha Technologies servers, e-mail and dial-up capabilities will be unavailable ... from 8:00am on 12/31/99 to 8:00pm 01/02/2000... This down time will help ensure that we minimize our exposure to Millennium viruses." At least one employee dutifully forwarded it as an FYI to colleagues outside the firm.
Batt obviously let the media hype sway him. "There are a great number of stories circulating about viruses that will become active at midnight of January 1, 2000," he admitted. He then offered a typical "better safe than sorry" rationalization: "while the actual likelihood of [a Y2K virus attack] is very remote, the downed systems should prevent these viruses from running."
Employees' PCs need a precautionary disconnect, too. "We would also like to ask everyone to shutdown their desktop PCs when you go home for the New Years holiday weekend for the same reasons as described above," Batt urged.
Logic says Batt should first get a handle on his company's virus problem. I'd suggest some virus metrics for starters — I mean, this guy doesn't even know if his firm's PCs have viruses. Shameful!
(What antivirus software does Alpha Technologies use? It obviously doesn't work against Y2K viruses. Batt clearly must know this. He should purchase a better antivirus solution for his firm, no doubt about it.)
Iowa State University and Mid-American Energy will shut down their networks as well. Iowa TV stations told of administrators scared bitless by the mere thought of a Y2K virus or Y2K hacker. A frightened (yes, frightened) Mid-American spokeswoman called the disconnect prudent because they don't want to face the possibility of another Melissa incident.
A Reuters newswire says the Swiss government will go even farther. "E-mail sent to the federal administration over the year-end period would be deleted automatically to prevent system failures resulting from bugs put in mail messages." Ah, of course.
Can you imagine Snidely Whiplash's frustration on Y2K Day? "Curses! Now I'll never get to attack those savvy firms! This was the only day I could plant a deadly virus on their PCs!" I swear, these people should stay off the Internet until they get their virus epidemics under control.
F-Secure (formerly Data Fellows) issued a press release this week which immediately won praise among computer security skeptics. Alpha Technologies, Mid-American Energy, the Swiss government, and Iowa State University would do well to read it:
[Our] research shows no increased activity on the part of the virus-writing underground in anticipation of the coming Y2K weekend...
Can you believe an antivirus firm wrote this? F-Secure decided not to milk the cash cow of Y2K virus hysteria. They'll reap big rewards in about two weeks when the world uses 20/20 hindsight.
F-Secure goes on to describe a forthcoming "Y2K virus clinic" similar to those planned by other antivirus firms. "People around the world [will] have a place to go for the latest information on hoaxes and minor issues, and can receive up-to-the-minute fixes for any real viruses that are uncovered." All at no charge.
("F-Secure will hold a Press Conference on the 1st of January 2000 ... to summarize the latest news on Y2K virus-related problems around the world." A rather boring event, I'll wager, punctuated only by reporters desperate for a storyline. I'll gladly participate by phone if I can recover from my Y2K hangover in time.)
Officials who ordered a Y2K shutdown as a virus preventive measure will try to justify their decisions after the fact. A "better safe than sorry" excuse won't hold water on 2 Jan 00, so they'll think up something else. They might claim something along the lines of "we overreacted because the whole world overreacted."
Anyone who ever raised a teenager knows the correct response. "If Keith Batt jumped off a Cisco bridge, would you jump off a Cisco bridge too?"
Embarrassed officials might dismiss their shutdown orders by saying "we needed to do it anyway to avoid unpredictable Y2K midnight rollover effects." This reasoning does make sense — yet again, it raises an obvious question. "Why didn't you just say so in the first place? Why did you give a foolish Y2K virus excuse?" Duh...
Only the strongest ego will give the correct answer. "Okay, I admit it. I got swept up in the Y2K virus media fiasco. I wasn't thinking clearly."