Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Urea of Cat

George C. Smith, Ph.D., Editor-at-large
Thursday, 24 January 2002
Trust­worthy Com­pu­ting: an imagi­nary state, de­scribed by Micro­soft, for the wooing and cap­ti­va­tion of people with the dis­cern­ment of a barn­yard chicken.
Trust­worthy Com­pu­ting® had to it even as he de­leted the many copies of SirCam and BadTrans that had mys­teri­ously found their way to his mail­box over the weekend.

— The Joseph K Guide to Tech Terminology

THE KAISER OF Microsoft memo'd his lackeys on the need for better security in the company's products last week. Trustworthy Computing® was the nugget of nosegold to emerge. Stirring and worthy of trademarking, it was possibly the work of a true master alchemist of spin, an alkahest in which to dissolve and rinse away the toxic salt of the security doubter. We shall now usher in the era of Trustworthy Computing®! However, according to the Joseph K Guide to Tech Terminology, Trustworthy Computing® is "an imaginary state, described by Microsoft, for the wooing and captivation of people with the discernment of a barnyard chicken."
Usage: The Chairman hummed to himself in happiness over the nice ring Trustworthy Computing® had to it even as he deleted the many copies of SirCam and BadTrans that had mysteriously found their way to his mailbox over the weekend.
OK, now you have been immunized, patched and updated, as it were, with regards to Trustworthy Computing®. To add color to today's tale I went into the Crypt Newsletter's Joseph K Memorial HystericalHistorical Archive and pulled the following bit from 1997. It's helpful to understand that at the time, anyone who wrote sarcastically and negatively about Microsoft security, like if the company distributed tens of thousands of CD-ROMs contaminated with "old" macro viruses, such as Concept or Wazzu, you were thought to be nothing more than mealy-mouthed swine, possibly a believer in conspiracy theories and on no account to be taken seriously because-- Well, because. Computer virus groupies and other really weird people scrabbled over their collections of infection because everyone didn't get a couple or a even dozen malicious file attachments in the mail each week. But even at this time, computer viruses were not rare. What was missing, however, was the ginchy let's-make-lemonade-from-lemons idea that viruses-everyday-for-you was normal. Why would one even blink at 70,000 copies of a Wazzu variant shipped by the inventor of Trustworthy Computing® to developers when nation-wide Microsoft-styled Trustworthy Computing® now guarantees we'll be counting those copies of SirCam in the mail until ... you're counting the copies of BadTrans which you'll be counting ... until you're counting...
Why would one even blink at 70,000 copies of a Wazzu variant shipped by the inven­tor of Trust­worthy Com­pu­ting® to soft­ware developers?
That's the way it is now and we like it! (More on this in a bit.)
PARAPHRASING, THEN, FROM the 1997 archive, material of a tone and material now rendered quaint by time and entropy. We complained about Microsoft's distribution of mere macro viruses! How odd.
In America, only the computer software industry has [a] carte blanche ticket to screw with people unapologetically. If any other type of company in your hometown were caught — through ignorance — of allowing saltpeter to be put in the water supply for years, you could go after them. If this analogy isn't clear enough, consider the case of Williamson Sales of San Diego and its distribution of hepatitis A contaminated strawberries in 1997. Now, you should know hepatitis A — if it is mandated you get hepatitis — is the hepatitis to get.
[The word mandated is chosen for its accuracy in doing double duty as a descriptor of your current relationship to computer viruses. Your exposure to them is mandated in a complex de facto way.]
Anyway, the virus that causes hepatitis A is, relatively speaking, mild. Some people who contract the disease often don't know they have it; symptoms vary widely and may never appear noticeably ill. Children, who were the main potential consumers of Williamson's contaminated strawberries in 1997, generally don't get as sick as adults. Victims may become extremely jaundiced or not at all. In no cases during the media firestorm in southern California over virus-contaminated strawberries in 1997 were corporate officials caught saying things one expects from the software industry like, "It's not our fault, there's no liability, you broke the shrinkwrap and ate the strawberries," or "It's just a minor hepatitis virus (not B or non-A/non-B which are extremely bad), a relative prankster, no one will get very sick, perhaps not visibly" or "We've made a patch — so get your Hep A vaccination, lads, and there will be no worries!"
How much Trust­worthy Com­pu­ting® can you stand?
Actually, comparisons of computer virus and security troubles with even the most minor illnesses from the real world are inexact. It's the lack of physical impact, the missing capacity for bloodshed or the infliction of actual pain, the absence of yellow eyeballs, the swelling of the liver, for example, that does the analogies in. Coming up with good ones requires error on the side of the trivial or humorous and everyone tends toward the gravitas of lead in writing on the subject, so you see a certain degree of reality sacrificed for a more politically correct air of seriousness. For example, viruses in your e-mail load everyday is probably more like if one were to receive the sports section in the local newspaper impregnated with the urine of a tomcat every other day. The level of seriousness of the problem is variant with respect to each individual's regard for the sports page. Please note: this in no way says it would be a good thing, like Trustworthy Computing®, if we were to all have to get used to the idea that our newspapers be delivered along with the urea of cat. Now, if one were to receive a static electricity shock every time a virus...
Warning: include(/home/content/56/3696556/html/textquot/headrite.php) [function.include]: failed to open stream: No such file or directory in /home/content/56/3696556/html/column/2/2002/1/24/column.php on line 77

Warning: include() [function.include]: Failed opening '/home/content/56/3696556/html/textquot/headrite.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/56/3696556/html/column/2/2002/1/24/column.php on line 77
Returning to the 1997 archival passages: Microsoft's distribution of Concept and Wazzu macro viruses were one reason these viruses became two of the most widely reported macro virus infections. At the time, one hundred crazed virus writers busily uploading virus-infected binaries to alt.cracks or alt.sex.filthy.etc, a then popular method for seeding viruses into a population of promiscuous suckers, couldn't accomplish in five years what Microsoft facilitated in the two years leading up to 1997. For example, in 1995, the first Word macro virus — now called Concept — was massively distributed by Microsoft on a CD-ROM called Microsoft Windows 95 Software Compatibility Test. The shipment went to hundreds of companies in August of that year. Microsoft neglected to acknowledge the severity of the problem for a few weeks, a pattern which became standard practice in the intervening years.
"Assume a virtue if you have it not."

— "Hamlet"

When it finally did acknowledge Concept, Microsoft named the virus Prank as spin control, an early example of Trustworthy Computing®, so to speak.
REMEMBER WHAT YOUR editor-at-large said about "liking" the current state of affairs. It's true. I wouldn't mind if I received even more virus file attachments. Everyone should get more and more computer viruses. Sooner than later, too. How much Trustworthy Computing® can you stand? I predict the threshold for failure of Trustworthy Computing® is quite high. I think The Kaiser knew that when he came up with it, too. As a society we're nowhere close to the limit of the amount of treacherous swill we'll take from our viziers of computing.