Truth About Computer Security Hysteria
Irony, humor, politics, and back-stabbing
Friday, 25 June 1999
COMPANIES LOVE TO ride on the coattails of a popular news event like ExploreZip. Irony, humor, politics, back-stabbing ... what more could you ask for? You'll find some interesting names affiliated with it:
ATL Products offered some of the best irony with their "do as I say, not as I do" press release.
The FBI manhunt for ExploreZip's author raises an important question: "why go on a manhunt in the first place if you won't extradite suspects?" Indeed, even U.S. virus writers seem immune from prosecution. Remember the man accused of writing Melissa? Everybody jumped on David Smith's coattails at the time of his arrest, yet he remains free on bail and politicians no longer care to discuss the matter. It looks like FBI NIPC just wants to play 'tag' with virus writers for publicity reasons.
A special note to Andy Campbell at Reflex Magnetics: antivirus software did contribute to the spread of Melissa, Chernobyl, and ExploreZip — but you blamed the wrong people for it. More than a decade ago, naïve journalists started recommending signature-based products even though they knew nothing of computer security. Profile-based scanning withered on the vine because reviewers convinced readers to use crippled detection methodologies. Major antivirus vendors focused on signature-based scanning in order to stay alive. You want to save the world, Andy? Blame the media for misleading computer security experts and consumers alike.
Speaking of the press... a few more tidbits:
- Press releases from Symantec and OnTrack each announced the "first"
utility to deal with ExploreZip.
- An Executive Software press release touted a free utility to easily recover files deleted by
ExploreZip. A Symantec press release claimed Norton Utilities can easily recover files
deleted by ExploreZip. Ontrack warned users in a press release to avoid competitors'
utilities: "Ontrack experts have discovered aspects of the virus that make it nearly impossible to correct
with standard utility programs and cautions users against trying them."
- FBI NIPC (the "long arm of the cyber-law") picked up a lot of media exposure by
launching another manhunt. Some trails lead to Israel — and NIPC didn't extradite Chernobyl's author --
so we should assume they won't extradite ExploreZip's author.
It looks like FBI NIPC just wants to play 'tag' with virus writers for publicity reasons.
- CERT continued its recent PR campaign, picking up valuable media exposure as a result of
ExploreZip. A persistent rumor says CERT went on this publicity tour after growing jealous of
CIAC's widespread popularity.
- ATL Products issued a press release saying ExploreZip "highlighted the need for
global companies to incorporate virus protection strategies" for every critical system. They then admitted
their own failure to incorporate virus protection strategies for every critical system. "ATL Products
successfully put its own disaster recovery practices to use as a result of this worm virus that affected some of
the company's important business data..."
- Sun Tzu Security popped out of the woodwork with a "security advisory" press release.
Oddly, it appears they last updated their website on 12/1/98.
- A press release from Reflex Magnetics
"blames the anti-virus industry for the rapid spread of Worm.ExploreZip."
- KVLabs hailed their enterprise management software as an ExploreZip deterrent. The
press release urged reporters to "forward this note to others and tell them about KVLabs!"
- A press release from Staples.com touted a $5 discount for Norton AntiVirus, plus free 2-3 day
ground shipping to combat the fast-spreading critter. "We're helping our customers slash the hassle and
the worry of running their offices," SrVP Jeff Levitan said.
- Beyond.com issued a press release telling reporters they provide links to other websites.
- PC Connection issued a press release (with a misleading headline) telling reporters they
provide links to other websites.
- United Messaging (an email outsource provider) announced "Stephen Layne, 'Mr. Postmaster
General of E-mail,' is available for interviews and comment regarding the 'Worm.Explore.Zip' e-mail virus
reported June 10, 1999, and others e-mail viruses that have cropped up recently. He is an industry expert on
how e-mail viruses are developed, how they spread, the harm they cause, and the safety precautions necessary to
avoid virus-related problems." DejaNews archives turned up
zero references to him and his company.
One press release urged reporters to "forward this note to others and tell them about KVLabs!"
- Control Data (another email outsource provider) hailed a software patch to detect
ExploreZip. VP Robert Booker praised his team's ability to respond to virus threats after the fact.
- Electric Mail (another email outsource provider) announced they can detect ExploreZip.
More accurately, they updated their antivirus software after the fact to detect it.
- Allegro (another email outsource provider)
trumpeted their resistance to
ExploreZip. Oddly, Allegro called ExploreZip a "macro virus", said it travels as
"an infected Microsoft Word document," and claimed it deletes "drives C through Z."
- An "advisory" press release from Internet Security Systems claims ExploreZip
descended from Melissa.
- A DriveSavers press release announced discounts for ExploreZip-related data recovery
- Jobs.com issued a press release touting the safety of their résumé forwarding
service. "Jobs.com, Inc. holds the only solution that guarantees resumes delivered over the Internet will
arrive at an employer's desktop 100 percent virus-free." The solution: "proprietary technology."
Oddly, Jobs.com didn't guarantee the safety of the proprietary software you must download...
In theory, ZDNews promoted their reporters as, say, "meta-experts" who talk to real experts and know the lingo. If nothing else, they would serve as a liaison or translator for the mainstream media. Realistically, though, ZDNews highlighted the stupidity of reporters quoting reporters.
Some ExploreZip anecdotes:
- Media reports don't agree on ExploreZip's payload. Some say it will wipe out almost all files on a PC.
Others say it attacks Word documents. Some say it attacks software source code files in addition to Microsoft
Office documents. Some claim it deletes files stored on networks. A few say it deletes email.
- A press release from ZDNews (part of the Ziff-Davis publishing empire) promoted
"reporters and columnists" who would gladly talk to other reporters and
columnists about ExploreZip.
- Newsbytes reporter Craig Menefee said ExploreZip "had been reported on
every continent but Antarctica." This means at least six computer users reported the virus.
ZDNews distributed the phone numbers of reporters willing to talk to other reporters about ExploreZip.
- Thirteen days after ExploreZip struck, the Xinhua news agency reported
"China's leading antivirus company ... issued new software containing an antidote to the new worm virus
that swept through the Internet early this month." [Yeah, like I should talk. I spent 15 days compiling
- Reuters reporter Dick Satran released a newswire v1.1 with the following upgrade
notice: "recasts lead, adds new countries hit, comments from companies."
- The first sentence of a CMP story warned "a new worm spreading across the Net
could make the Melissa virus look benign."
- Newsbytes reporter Steve Gold penned a story titled "Preventing Future
Worm.ExploreZip Debacles." It reads like an advertisement for Reflex Magnetics.
Judge Jackson's statement concerns me just a little. Let's suppose his eventual ruling references this "self-evident" virus threat. I don't consider myself a legal scholar, but it seems "self-evident" it would cast a wrench into the legal liability of bundling any browser with Linux, Unix, MacOS, MVS, GCOS...
- During Microsoft's antitrust trial, judge Thomas Penfield Jackson asked expert witness Edward
Felton if a browser increases the chance for a computer virus infection. AP quoted His Honor as
saying "it seems self-evident to me that the presence of a browser increases the risk of penetration of a
- The Australian Taxation Office didn't succumb to ExploreZip. It seems they disconnected
from the Internet for 3-5 days as a precaution when they
detected a Melissa variant. ATO possibly chose to remain disconnected as a precaution when the media
went berserk over ExploreZip during their outage. Mind you, the down-under bean counters have a
history of showing respect to
14yr-old virus writers.
- During testimony before a Senate panel, Microsoft chairman Bill Gates said "we need to
design our systems to be far more resilient to these types of virus attacks."