Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Being perry-noid doesn't mean they're not out to infect you

Rob Rosenberger, Vmyths co-founder
Friday, 10 August 2001

DAVID PERRY (TREND Micro) called me with a curious theory. Do "MCSE students" unknowingly contribute to the Code Red worm?

If Perry's theory rings true, then logic says homework creates "A Very Real and Present Threat to the Internet."
MCSE stands for Microsoft Certified Systems Engineer. Network administrators love to put the acronym on their business cards. MCSE courses cost big bucks and involve a lot of hands-on training ... building powerful Microsoft servers from scratch ... and installing IIS on them ... multiple times.

(You already know where I'm going with this, don't you?)

Perry wonders if MCSE students take their work home with them. I know I would! I'd, uh, "borrow" the master software disks — hey, I'd return them! — and I'd turn every PC in my home into a networked server with IIS running on it. All of them would talk directly to the Internet via a cable modem or DSL line, of course.

And naturally, I'd skip the security patches. "Too much effort for a test network," I'd rationalize. (You must reboot each PC roughly a half-dozen times just to install security patches. Very time-consuming. Trust me on this.) Then Code Red would compromise each of my home-based servers while I'm off at MCSE training. And each of those servers would in turn try to compromise other MCSE student's servers.

But why should we limit Perry's theory to MCSE students? MCP students (Microsoft Certified Professionals) don't get much hands-on training ... which leads me to suspect they, too, build servers at home just to test their skills.

And let's not forget college computer courses. A university source once told me the fraternities & dorms reek of Microsoft-centric networks built by "comp sci" students. It wouldn't surprise me if horny nerds wired the sororities, too.

Indeed, we shouldn't limit Perry's theory to those who take professional courses. Many PC technicians turn their desktop systems into Microsoft servers so they can access files remotely when they go on a support call. You'll find gobs of servers running on the maintenance crew's desktops at Fortune 1000 firms. Some will even turn their laptops into powerful servers. Many of those same technicians build powerful test networks in their homes as an exercise in knowledge.

Yes, just think of all the unpatched Microsoft servers out there. Web servers, FTP servers, proxy servers, MP3 servers, spam-mail servers, Half-Life servers, SMB servers, Ghost multicast servers... Here a server, there a server, everywhere a server server! It certainly would explain why AT&T cracked down on home servers.


OF COURSE, WE'RE talking about a theory proposed by a "draconian" AOL user who doesn't trust his own antivirus firm to send virus-free emails. Methinks Perry sees perry-noia everywhere.

(Delete emails from your boss for security reasons? Hmmm. That's not a bad idea. I bet he gets more work done than the majority of us.)

Yet if Perry's theory rings true, then Microsoft professionals unwittingly threaten a Code Red "meltdown" as an exercise in knowledge. The logical conclusion — homework presents "A Very Real and Present Threat to the Internet." I think Congress should outlaw homework in an effort to protect our critical national infrastructures. "Better safe than sorry," I always say.

All those college students who think we should ban homework, raise your hand...