Vmyths.com

Hoaxes, myths,
urban legends

Columnists


Addictive
Update
Model

False
Authority
Syndrome


About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Rob Rosenberger

Wake-up calls and firsts for ILoveYou

Rob Rosenberger, Vmyths co-founder
Sunday, 21 May 2000

MIDWIVES WAIL THE obligatory "wake-up call" phrase when a virus gets media attention. Security firms announce all sorts of "firsts," too. We'll start with the alarmists:

  • Information Technology Association of America president Harris N. Miller told a hastily convened House subcommittee "[the] Love Bug was just one more wake up call that corporations, governments, educational institutions and individuals must collaborate to get out in front of the next intrusion, virus or threat."
  • An Iomega press release quoted VP Germaine Ward as saying "the ILoveYou virus should be a wake-up call." Ward also admitted "data remains vulnerable to new viruses such as ILoveYou and its variations" due to the fundamental problem of after-the-fact detection methodologies.
  • Riptech VP Elad Yoran, speaking in general terms about ILoveYou and preceding attacks, said "each of these separate incidents should serve as a wake-up call." Yoran predictably went on to predict things will get soooo much worse: "these [incidents] are like tremors and the real earthquake is yet to come."
  • Reuters reporter Jim Wolf noted "several [who gave Congressional testimony] referred to it as a wake-up call." Reuters reporter Richard Meares even used "WAKE-UP CALL" as a sub-headline in a story he wrote about the virus.
  • A Mail.com press release quotes Allegro president Aaron Fessler as saying "companies that didn't hear the wake-up call from 'Melissa' and institute vigorous safeguards for their e-mail systems were scrambling needlessly today."
  • A TechWeb report labeled it "a piercing wake-up call to IT managers, many of whom concluded they need more formal — and rigorous — policies to protect against such viruses."

Aladdin de­clared one of its pro­ducts "the indus­try's first anti-vandal pro­tec­tion sys­tem re­quiring no up­dates." Didn't Certus make the same claim in the early 1990s?

An honorable mention goes to Vincent Gullotto (Network Associates) for describing ILoveYou as "a watershed." Poor Melissa, we hardly knew ye...

Okay, now let's follow up with the many "firsts":

  1. Ontrack "released the world's first fix to the devastating 'I Love You Bug.' " They also "released the first do-it-yourself (DIY) data recovery solution for data lost as a result of the ILOVEYOU worm virus."
  2. W. Quinn Associates, "a leading provider of Microsoft(R) Windows NT(R)/2000 storage capacity optimization solutions, announced that its FileScreen 2000(TM) software solution is the first and only product that blocks executable files such as the 'ILOVEYOU' virus long before anti-virus patches are available, saving companies from experiencing serious damages to its computer servers."
  3. Trend Micro "said it was the first to put out instructions to remedy the virus," according to an AsiaPulse newswire story. They also declared one of their products as "the first true cluster compliant antivirus solution that integrates with the Microsoft Cluster API. "
  4. F-Secure told Reuters it discovered the virus "first." They also unveiled three firsts in the product category. One offers the "first-ever policy-based management of critical security applications under one GUI." A second package provides "the first personal firewall designed for the enterprise." The third "is the first product that protects wireless communications, transactions and e-commerce from viruses and Trojan horses in the content to be transferred to WAP-enabled devices (mobile phones equipped with Web browsers)."
  5. McAfee announced a new "WebImmune service, the industry's first and only Web-based virus research offering for instant cures and information to combat newly discovered Internet viruses and malicious code, such as the recent LoveLetter worm and its variants."
  6. Finjan announced "the first free security utility for PCs to 'sandbox' and monitor executable programs in real-time for malicious behavior." It "prevents all variants of the ILOVEYOU Worm from attacking a user's PC."
  7. Aladdin declared one of its free products "the industry's first anti-vandal protection system requiring no updates." (Hmmm. Didn't Certus make the same claim in the early 1990s?)
  8. Digital Island hailed its software delivery system as "the first content delivery solution fully integrated with a global network that gives Digital Island the unique ability to reach users anytime, anywhere with unparalleled performance."
  9. RVT Technologies "is the first to introduce a hardware delivery system, which will contain embedded anti-virus libraries and also encryption components."
  10. Trend Micro announced "the first antivirus solution integrated with NetIQ's leading Windows management tool."

Some honorable mentions in the "firsts" category:

  1. Computer Associates received an on-the-spot editor's choice award from PC World because their after-the-fact update " 'was one of the first fixes we found for the 'I LOVE YOU' Worm and its variants,' said Rebecca Freed, PC World.com's managing editor."
  2. WKIT's recovery tool for ILoveYou victims was "the first software ever being able to defeat the CIH virus."
  3. Electric Mail declared itself "the world's first company to offer outsourced virus scanning services to businesses."
  4. PDI-Consulting in Norway released "a free antidote against the virus... It is the first time [the company] has offered software free to Internet users."
  5. Trend Micro and Network Appliance announced they will someday create the "first virus scanning application to utilize [the] I-CAP standard." (The press release admits it contains "forward-looking statements.")
  6. A Reuters newswire notes "this was the first time the [Philippine National Bureau of Investigation] had investigated a case of computer crime and that a lack of experience may have hamstrung detectives."

Please forgive me if I overlooked any "wake-up calls" or "firsts." I probably missed it when my news clipping service overflowed for the first time as a result of the ILoveYou hysteria.