Truth About Computer Security Hysteria
Blame computer security manager for latest virus woes
Wednesday, 21 June 2000
DEAR MR. DERODES,
A Delta Air Lines spokesman
your firm "closed down its corporate email system [on Monday] as a protective measure after detecting the
[Stages] virus on employee computers. [Yesterday] computer systems were back in operation, but outside
email was limited."
You must blame your computer security manager for this incident. It literally should not have occurred.
Delta should have seen no downtime and no limited email activity as a result of Stages. The firm's
productivity suffered because your computer security manager failed to learn an utterly simple
ILoveYou, NewLove, Serbian-Badman, and Stages used a years-old exploit to hide the true
filename from casual observers. Your computer security manager should block email attachments with two periods in
the last eight characters of the filename. Alas, your subordinate failed to enact this simple protective measure.
And Delta suffered for it.
Your computer security manager will wince at the idea of taking blame — and I suspect he or she will attempt to
shirk responsibility. A lesser employee may try to blame users for failing to notice '.TXT.SHS' with their own
eyeballs. Or he/she may try to blame Microsoft for
building a powerful OS. You must resist this rationalization. By the same logic, you can blame cockpit crews
and/or aircraft manufacturers for failing to stop terrorists who sneak past lazy guards.
A savvy employee will try to blame antivirus software for failing to detect the well-known '.???.???' exploit. Again, you must resist this rationalization. Your subordinate manages a computer security solution, not a
computer security product. If Delta couldn't block a years-old exploit when ILoveYou came along,
then your computer security manager should have augmented it with a product that can do the job. Why didn't
he or she learn this simple lesson early last month during the ILoveYou hysteria?
You must take charge, Mr. DeRodes. Blame your computer security manager for Delta's latest virus woes.
I offer an eye-opening lecture called
"Fundamental Problems on Planet Virus." I'll gladly brief
it to you entirely at my expense. Yes, I'll even buy the plane ticket just to visit your corporate
headquarters. Contact me at your convenience if interested. Please don't feel ashamed by my offer — I did the
same for Microsoft. (I'll visit them on 14 August entirely at my expense.)
Rob Rosenberger, webmaster
An open letter to the CIO of Delta Air Lines
Computer Virus Myths home page