Truth About Computer Security Hysteria
With managers like these, who needs hackers?
Friday, 24 December 1999
WHAT DO ALPHA Technologies, Iowa State University, Mid-American Energy, and the Swiss government
have in common? Answer: media hype convinced them to stop using the Internet. They've joined the likes of
the U.S. Air Force "Year 2000" Office....
"Alpha Technologies introduced the concept of reliable standby power to the cable television industry,"
notes CEO Fred Kaiser on his company's website. Ironically, his firm will need no backup network
power on New Year's Day — because they'll use a corporate-wide
precautionary disconnect to avoid
unknown Y2K viruses.
Network director Keith Batt sent an email to all users (including Kaiser) on Tuesday saying "Alpha
Technologies servers, e-mail and dial-up capabilities will be unavailable ... from 8:00am on 12/31/99 to 8:00pm
01/02/2000... This down time will help ensure that we minimize our exposure to Millennium viruses."
At least one employee dutifully forwarded it as an FYI to colleagues outside the firm.
Batt obviously let the media hype sway him. "There are a great number of stories circulating about
viruses that will become active at midnight of January 1, 2000," he admitted. He then offered a typical
"better safe than sorry" rationalization: "while the actual likelihood of [a Y2K virus attack] is
very remote, the downed systems should prevent these viruses from running."
Employees' PCs need a precautionary disconnect, too. "We would also like to ask everyone to shutdown their
desktop PCs when you go home for the New Years holiday weekend for the same reasons as described above," Batt
Logic says Batt should first get a handle on his company's virus problem. I'd suggest some
virus metrics for starters — I mean, this guy doesn't even know
if his firm's PCs have viruses. Shameful!
(What antivirus software does Alpha Technologies use? It obviously doesn't work against Y2K viruses. Batt
clearly must know this. He should purchase a better antivirus solution for his firm, no doubt about it.)
Iowa State University and Mid-American Energy will shut down their networks as well. Iowa TV stations told of
administrators scared bitless by the mere thought of a Y2K virus or Y2K hacker. A frightened
(yes, frightened) Mid-American spokeswoman called the disconnect prudent because they don't want to face
the possibility of another Melissa incident.
A Reuters newswire says the Swiss government will go even farther. "E-mail sent to the federal
administration over the year-end period would be deleted automatically to prevent system failures resulting from
bugs put in mail messages." Ah, of course.
Can you imagine Snidely Whiplash's frustration on Y2K Day? "Curses! Now I'll never get to attack
those savvy firms! This was the only day I could plant a deadly virus on their PCs!" I swear, these
people should stay off the Internet until they get their virus epidemics under control.
"Curses!" shouted Snidely Whiplash. "Everyone shut down their computers on New Year's Day. I
missed the only possible chance to plant a deadly virus on their systems..."
F-Secure (formerly Data Fellows) issued a
press release this week which
immediately won praise among computer security skeptics. Alpha Technologies, Mid-American
Energy, the Swiss government, and Iowa State University would do well to read it:
Coincidence? Yesterday, the A&E network ran an old "Law & Order" episode
about an über-virus which killed some medical patients.
[Our] research shows no increased activity on the part of the virus-writing underground in anticipation of the
coming Y2K weekend...
Many security companies have warned about the possibility of thousands of Y2K viruses appearing overnight, either
intentionally spread over the new year or spread earlier but programmed to activate and do damage on or around
January 1, 2000. Yet in actual fact, by the middle of December 1999, just ten viruses or trojans designed to do
damage at New Year 2000 had been found, and of these only two were found in the wild, intended to cause damage to
"Of course there will be virus cases on New Year's Day 2000, just as there are virus cases on any other day
of the year. But to date we have seen no indication that there would be anything out of the ordinary this new
year," comments Mikko Hypponen, Manager of anti-virus research at F-Secure Corporation. "More important,
if there are Y2K problems, most of them won't even be seen for several days, since the majority of users will
celebrate their Millennium somewhere other than in front of a computer."
Can you believe an antivirus firm wrote this? F-Secure decided not to milk the cash cow of Y2K
virus hysteria. They'll reap big rewards in about two weeks when the world uses 20/20 hindsight.
F-Secure goes on to describe a forthcoming "Y2K virus clinic" similar to those planned by other
antivirus firms. "People around the world [will] have a place to go for the latest information on hoaxes and
minor issues, and can receive up-to-the-minute fixes for any real viruses that are uncovered." All at no
("F-Secure will hold a Press Conference on the 1st of January 2000 ... to summarize the latest news on Y2K
virus-related problems around the world." A rather boring event, I'll wager, punctuated only by reporters
desperate for a storyline. I'll gladly participate by phone if I can recover from my Y2K hangover in
Officials who ordered a Y2K shutdown as a virus preventive measure will try to justify their decisions after the
fact. A "better safe than sorry" excuse won't hold water on 2 Jan 00, so they'll think up
something else. They might claim something along the lines of "we overreacted because the whole world
Anyone who ever raised a teenager knows the correct response. "If Keith Batt jumped off a Cisco bridge,
would you jump off a Cisco bridge too?"
Embarrassed officials might dismiss their shutdown orders by saying "we needed to do it anyway to avoid
unpredictable Y2K midnight rollover effects." This reasoning does make sense — yet again,
it raises an obvious question. "Why didn't you just say so in the first place? Why did you give a foolish
Y2K virus excuse?" Duh...
Only the strongest ego will give the correct answer. "Okay, I admit it. I got swept up in the Y2K virus
media fiasco. I wasn't thinking clearly."
A frightened spokeswoman said Mid-American Energy doesn't want to face another
potential Melissa incident. Viruses can strike anytime, so — logically — Mid-American should leave their
computers turned off. Forever.