Vmyths.com

Hoaxes, myths,
urban legends

Columnists


Addictive
Update
Model

False
Authority
Syndrome


About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Which is worse — the Slammer worm, or a deadly blizzard?

Rob Rosenberger, Vmyths co-founder
Sunday, 23 February 2003

As read by the author (MP3) I WANT YOU to think. Think hard. Think back to last week. Think about the number of network outages you suffered in those previous five workdays.

Dozens died in a recent U.S. blizzard — some of them because cops & fire­men couldn't reach vic­tims quickly. Yet to hear the media say it, the Slammer worm out­stripped this deadly blizzard — with zero deaths.

Uh, I mean "four" workdays if you worked for a U.S. state or local agency last week. Or "three" workdays if you worked for the federal government in Washington, D.C.

Anyway, I want you to think about the number of unexpected emails you received last week from your firm's system administrators. How many servers in your firm went down last week for "unscheduled maintenance"? One server? Two? Five? How many emails last week warned a network application needed an emergency database repair? One email? Two? Five?

Now I want you to think about the productivity you wasted last week by reading emails from administrators who told you about outages that meant nothing to you. How many emails wailed about a server or application you'd never heard of? One email? Two? Five?

Now I want you to think about the number of times you rebooted your PC (or your Patriot anti-Scud missile battery for that matter) last week because of a software conflict or a network anomaly or just because your firm's help desk told you to give the reboot a try. How many times did you (or your missileer) push the reset button last week? One push? Two? Five?

Now I want you to think about the number of coworkers in your firm who reformatted their hard disks last week just because the Help Desk told them to do it. How many man-months of work & data did your firm lose as a result of this helpful advice? One man-month? Two? Five?

Now I want you to think about the productivity you wasted last week trying to come up with someone's new email address. How many of your colleagues changed their email addresses because they got married or got divorced or changed ISPs — or because the company itself changed its name for marketing reasons?


OKAY, NOW I want you to compare normal, everyday events to the life-or-death damage that occurred when the Slammer worm destroyed whole portions of the Internet in the wee hours of a Saturday morning in January.

IT-ISAC director Peter Allor claimed the Slammer worm crippled commercial & military air traffic. If so, then why didn't the media report the atrocity?

You do recall this devastating worm, don't you? Don't you? {sigh} Okay, let's sidetrack for a moment for those few readers out there who don't know Slammer from a hole in the groundfirewall.

Fearmongers at mi2g estimate this worm caused $950 million to $1.2 billion in damages worldwide, while the fearmongers at Computer Economics estimate it caused $750 million to $1 billion in damages. Many non-business Internet users can recall firsthand how Slammer kicked South Korea off the Internet for a day. How it nearly killed people in Seattle. How it disrupted many thousands of ATMs in the wee hours of a Saturday morning.

AnchorIS CIO Tim Mullen described how "someone could have died" as a direct result of the Slammer worm. IT-ISAC director Peter Allor claimed the Slammer worm crippled commercial & military air traffic — a true first for an Internet worm. "Airplanes couldn't fly," Allor insisted.

One can only imagine the loss of life that might have occurred if an air ambulance couldn't leave the ground with a critically injured victim of physical terrorism!

(I can't explain why Allor's claim earned so little media coverage. Talk about a bombshell news story! We lost air superiority inside the U.S. homeland for a few hours because of 376 bytes of Microsoft code. I once again call on the U.S. to dismantle the Internet for national security reasons.)

It almost goes without saying that Chicago & Rhode Island nightclub patrons need unfettered access to bank funds in the wee hours of a Saturday morning. They can't live without an ATM card, and Slammer made partying an intolerable experience.

Panicky Americans bought duct tape when their gov't implored them to do so. Why didn't Americans buy antivirus software when their gov't implored them to do so?

Enough about Slammer. Time now for some comparisons.


I WANT YOU to compare Slammer's toll versus the monetary damage and potential loss of life when Blackberry devices stopped working nationwide for a day on Valentine's Day.

We know monetary damage occurred for a fact because we know Wall Street relies on Blackberry devices to conduct business. We know potential loss of life occurred for a fact because we know doctors & policemen & paramedics & military generals rely on Blackberry devices to perform their duties. How many of these people couldn't make money or save lives for nearly a full day as a direct result of the Blackberry outage, compared to the Slammer worm?

(No cheating! You can't ask Mullen for the answer.)

Now I want you to compare the number of commercial & military air flights canceled by Slammer versus the number of commercial & military air flights canceled by last week's blizzard. Did an Internet worm prove itself more catastrophic to the U.S. airline industry than Mother Nature?

(No cheating! You can't ask Allor for the answer.)

Now I want you to compare Slammer-borne ATM outages versus blizzard-borne ATM outages last week. How many cash boxes were rendered inaccessible for days by snow storms compared to those cash boxes rendered useless for hours by the Slammer worm?

(No cheating! You can't ask mi2g for the answer.)

Now I want you to compare Slammer-borne ATM outages versus out-of-cash ATM outages. How many ATMs were rendered useless by people who withdrew extra cash to cope with a predicted blizzard, versus those very same out-of-cash ATMs rendered useless for hours by the Slammer worm?

(No cheating! You can't ask Computer Economics for the answer.)

Now I want you to compare the money spent in Washington, D.C. when Slammer struck, versus the money spent in Washington, D.C. when federal workers got paid to stay home on a snow day after getting paid to stay home on a federal holiday — a holiday no longer expected for corporate employees, I might add. How much extra debt did the U.S. pile up as a result of a blizzard compared to the Slammer worm?

Now I want you to compare recent government-implored antivirus purchases versus recent government-implored duct tape purchases. Think about the Americans who bought sticky gray canvas laminate to protect against chemical and/or biological threats. How many rolls did they buy per child on average? One duct tape roll? Two? Five? Why didn't they throw some of their hard-earned money at antivirus software to protect against worms like--

Chicago & Rhode Island nightclub patrons need unfettered access to ATMs in the wee hours of a Saturday morning. Slammer made partying an intolerable experience.

Uh, waitaminit. Antivirus software doesn't protect PCs from the onslaught of worms like Slammer. Ignore the last paragraph: it doesn't follow the crux of my column.


NOW I WANT you to make the most important comparison of all.

Compare a 911 operator who uses a pencil for a few hours to keep track of cops & firemen ... versus a 911 operator who can't find a way to work because a blizzard sealed off all routes to the command center.

Clearly, we must dismantle both the Internet and Mother Nature for national security reasons. Live depend on it. Don't you think?