Truth About Computer Security Hysteria
Wake-up calls and firsts for ILoveYou
Sunday, 21 May 2000
MIDWIVES WAIL THE obligatory "wake-up call" phrase when a virus gets media attention. Security firms announce all sorts of "firsts," too. We'll start with the alarmists:
- Information Technology Association of America president Harris N. Miller told a hastily convened House
subcommittee "[the] Love Bug was just one more wake up call that corporations,
governments, educational institutions and individuals must collaborate to get out in front of the next
intrusion, virus or threat."
- An Iomega press release quoted VP Germaine Ward as saying "the ILoveYou virus should be a
wake-up call." Ward also admitted "data remains vulnerable to new viruses such as
ILoveYou and its variations" due to the fundamental problem of after-the-fact detection methodologies.
- Riptech VP Elad Yoran, speaking in general terms about ILoveYou and preceding attacks, said "each
of these separate incidents should serve as a wake-up call." Yoran predictably went on
to predict things will get soooo much worse: "these [incidents] are like tremors and the real
earthquake is yet to come."
- Reuters reporter Jim Wolf noted "several [who gave Congressional testimony] referred to it as
a wake-up call." Reuters reporter Richard Meares even used
"WAKE-UP CALL" as a sub-headline in a story he wrote about the virus.
- A Mail.com press release quotes Allegro president Aaron Fessler as saying "companies that didn't hear the
wake-up call from 'Melissa' and institute vigorous safeguards for their e-mail systems were
scrambling needlessly today."
- A TechWeb report labeled it "a piercing wake-up call to IT managers, many of
whom concluded they need more formal — and rigorous — policies to protect against such viruses."
Aladdin declared one of its products "the industry's first anti-vandal protection system requiring no updates." Didn't Certus make the same claim in the early 1990s?
An honorable mention goes to Vincent Gullotto (Network Associates) for describing ILoveYou as "a watershed." Poor Melissa, we hardly knew ye...
Okay, now let's follow up with the many "firsts":
- Ontrack "released the world's first fix to the devastating 'I Love You Bug.' "
They also "released the first do-it-yourself (DIY) data recovery solution for data lost as a result of the
ILOVEYOU worm virus."
- W. Quinn Associates, "a leading provider of Microsoft(R) Windows NT(R)/2000 storage capacity optimization
solutions, announced that its FileScreen 2000(TM) software solution is the first and only
product that blocks executable files such as the 'ILOVEYOU' virus long before anti-virus patches are available,
saving companies from experiencing serious damages to its computer servers."
- Trend Micro "said it was the first to put out instructions to remedy the virus,"
according to an AsiaPulse newswire story. They also declared one of their products as "the
first true cluster compliant antivirus solution that integrates with the Microsoft Cluster
- F-Secure told Reuters it discovered the virus "first." They also
unveiled three firsts in the product category. One offers the "first-ever
policy-based management of critical security applications under one GUI." A second package provides
"the first personal firewall designed for the enterprise." The third "is the
first product that protects wireless communications, transactions and e-commerce from viruses
and Trojan horses in the content to be transferred to WAP-enabled devices (mobile phones equipped with Web
- McAfee announced a new "WebImmune service, the industry's first and only Web-based virus
research offering for instant cures and information to combat newly discovered Internet viruses and malicious
code, such as the recent LoveLetter worm and its variants."
- Finjan announced "the first free security utility for PCs to 'sandbox' and monitor
executable programs in real-time for malicious behavior." It "prevents all variants of the ILOVEYOU
Worm from attacking a user's PC."
- Aladdin declared one of its free products "the industry's first anti-vandal protection
system requiring no updates." (Hmmm. Didn't Certus make the same claim in the early 1990s?)
- Digital Island hailed its software delivery system as "the first content delivery
solution fully integrated with a global network that gives Digital Island the unique ability to reach users
anytime, anywhere with unparalleled performance."
- RVT Technologies "is the first to introduce a hardware delivery system, which will
contain embedded anti-virus libraries and also encryption components."
- Trend Micro announced "the first antivirus solution integrated with NetIQ's leading
Windows management tool."
Some honorable mentions in the "firsts" category:
- Computer Associates received an on-the-spot editor's choice award from PC World because their
after-the-fact update " 'was
one of the first fixes we found for the 'I LOVE YOU' Worm and its variants,' said Rebecca
Freed, PC World.com's managing editor."
- WKIT's recovery tool for ILoveYou victims was "the first software ever being able
to defeat the CIH virus."
- Electric Mail declared itself "the world's first company to offer outsourced virus
scanning services to businesses."
- PDI-Consulting in Norway released "a free antidote against the virus... It is the
first time [the company] has offered software free to Internet users."
- Trend Micro and Network Appliance announced they will someday create the "first virus
scanning application to utilize [the] I-CAP standard." (The press release admits it contains
- A Reuters newswire notes "this was the first time the [Philippine National
Bureau of Investigation] had investigated a case of computer crime and that a lack of experience may have
Please forgive me if I overlooked any "wake-up calls" or "firsts." I probably missed it when my news clipping service overflowed for the first time as a result of the ILoveYou hysteria.