Truth About Computer Security Hysteria
Everybody rode on the coattails of MelissaRob Rosenberger, Vmyths co-founder
Sunday, 4 April 1999
POLICE ARRESTED A man who allegedly wrote Melissa. An AP newswire says he named it after a topless dancer. Reporter Nancy Parello mentioned the stripper before she identified the suspect but, sadly, she didn't tell us if Melissa prefers saline over silicone. I fully expect AP will include the dancer's photo in a future newswire.
Have you seen the crowd riding on the coattails of this virus? Every major computer security agency published an alert. Every major news organization wrote stories. Computer security offices sent email alerts to everyone in their company. Every virus expert got involved. Every major antivirus firm got involved. Every major email server vendor got involved. FBI NIPC Director Michael Vatis got involved. New Jersey Governor Christie Todd Whitman got involved. Deputy Secretary of Defense John Hamre received briefings about Melissa and JCS Chairman Gen. Henry Shelton probably received the same briefings.
FBI rumor-mongering may make it harder for prosecutors to argue their case. Ironic, but not unexpected. Can't these guys just stick to the facts? Oh, well: I hope Mulder & Scully pursue the 8-13 other people worldwide who created Melissa variants.
Eugene Spafford, Ira Winkler, and other computer security experts got swamped with media queries after the arrest. One reporter admits he called me because he couldn't reach anyone else — Spafford alone had at least 15 interviewers in queue. "Thank you for calling Hackers 'R Us. Our experts will give you a sound bite in the order in which your call was received." This might explain why ZDTV interviewed a ZDNews reporter.
Does CNN know if digital vigilante Lou Cypher plans to kill Melissa's author?
I set aside my vacation day when I learned of the arrest. No big deal: I enjoyed the media attention. One reporter didn't know why his colleagues told him to speak with me — after all, Melissa isn't a hoax. "Oh, it exists" I said. "Likewise, DataCrime and Michelangelo and Hare and Remote Explorer exist too." The little bulb over his head started to light up...
Oddly, Newsbytes and Wall Street Journal newswires say Melissa "appears to have left Asia relatively unscathed" because they "had enough warning to avoid the virus." Okay, I'll bite: how did Asia get more warning time than the rest of the world? Perhaps Asian computer users enjoyed a long weekend last week? Or — here's a wild thought — did the other six continents escape Melissa's wrath as well?
I've not yet spoken to a legit virus expert who accepts the "hundreds of thousands" estimate at face value. "It's only an assumption," admitted a source at one antivirus firm who begged for anonymity. I also hope to find someone who will back PC Week commentator David Berlind's assessment of monetary damages. "Despite the relatively benign nature of this macro virus," he wrote, "the worldwide cost of dealing with it can easily escalate into the hundreds of millions of dollars."
Does anyone know the name of Governor Whitman's supervisor? I want to find out how much overtime pay she'll get as a direct result of Melissa...