Truth About Computer Security Hysteria
Asia thrown back to transistor ageRob Rosenberger, Vmyths co-founder
Tuesday, 27 April 1999
ASIAN GOVERNMENTS SAY CIH "destroyed" or at least erased data on 200,000 to 300,000 PCs yesterday. Media reports put the American toll somewhere in the neighborhood of 70-100, yet circumstantial evidence indicates the U.S. number may actually wind up in the low four figures. Yes, yes, I honestly expected CIH to flop — but not for the reasons you might expect.
Antivirus vendors have cried wolf for eleven years. Hey, it appears a wolf struck. Should we act surprised?
Virus experts emailed me last year about a major destructive event they predicted for 26 April. Each expert presented a reasoned argument; each expert based his hypothesis on empirical evidence. For the record:
These guys worried seven months ago about what would happen yesterday. Why didn't anyone listen to them? Regrettably, antivirus vendors started crying about wolves eleven years ago — and their PR folks decide what to bring to the media's attention. Count the number of CIH press-release warnings issued last year, then check the number of CIH press-release warnings issued this month. Then count the press releases issued right after Melissa surfaced. You'll notice a trend.
I wanted to write an opinion piece in mid-April about those dire predictions. Then Melissa came along.
When the hysteria erupted, panicky users reached for the latest antivirus software. A primary condition for the experts' hypothesis disappeared as users cleansed viruses from their systems (CIH included). However, the media declared Asia an odd exception to the Melissa hysteria ... which means Schrader's prediction didn't lose its primary condition. I imagine he feels pretty frustrated with his accuracy.
To the best of my knowledge, Michelangelo held the record for the most number of computers wiped out in one day by one virus. CIH easily beats the record tenfold if the numbers coming out of Asia ring true. Hang on while I call Guinness...
Software companies accuse Asia of rampant piracy. I guess they didn't bother with antivirus programs before now, eh?
Pseudo-experts may cite Schrader's accuracy as "proof" of other experts' accuracy. Beware this fallacy. Demand to see empirical evidence of rampant worldwide CIH infections cleaned up as a specific result of the Melissa hysteria. Likewise, pseudo-experts may cite Melissa as an example of "beneficial" hysteria. Beware this rationalization. Panicky users represent a direct threat to their computers under any conditions — and they might heed the advice of pseudo-experts instead of genuine experts.
Please keep these things in mind if CIH directly affected you yesterday:
You know what I find curious? Reporters last month said a worldwide virus threat barely afflicted Asia's computer users; now the media says a nearly year-old virus devastated Asia's computer users. We need to find a way to combine Western resistance to CIH with Eastern resistance to Melissa.