|
Computer
Viruses and "False Authority Syndrome"
Computer security
experts
SOME PEOPLE HOLD
a rare position in large companies where their entire job title is
"computer security." It's not just an additional duty. Their job
covers the whole range of security issues, from teenage hacking to espionage,
from fires to natural disasters -- and of course computer viruses. You'll
find False Authority Syndrome here as well.
Computer security
personnel at Scott Air Force Base, Illinois attended a job-related course
in early 1995. The course included a special handout: Russell & Gangemi's
Computer Security Basics, a book last updated in 1992. Computer
books typically have short lifespans: many will disappear from store shelves
within a year. But Computer Security Basics serves as an industry
reference and you could still find it at Waldenbooks stores in mid-1996.
Russell & Gangemi
mention the shareware program "Flu_Shot" by name on page 88 and
tell readers they can obtain it "from both commercial and public domain
sources," i.e. from BBSs. Yet on page 87 the book warns readers to
"be wary about new public-domain or shareware programs... Don't allow
users to install software obtained from [BBSs]."
This contradiction
sounds minor on the surface; in reality it perpetuates a common virus myth.
Specifically, it helps fuel a myth among computer security personnel.
Russell & Gangemi also recommend readers to the "Computer Virus
Industry Association," an organization widely dismissed before
the book's first publication as a publicity front for antivirus mogul
John McAfee.
Computer security personnel
don't just read books -- they watch training videos, too. ViaGrafix, a company
specializing in computer training videos, markets a video about computer
viruses. Produced in 1992 and still sold as of June 1996, the ViaGrafix
video touts the mythical story of the "Gulf War virus." Again,
this only helps fuel myths among computer security personnel.
Wolfgang
Stiller, an internationally recognized virus expert and author of the
"Integrity Master" antivirus program, says "computer security
experts today -- people who deserve that title -- tend to have a
good background on how viruses operate. They can dispense some good advice."
But he chooses his words carefully when asked to comment on virus expertise
among computer security personnel.
"They're a little
more likely than the average person to understand viruses," Stiller
notes. "Some would say they're a lot more likely to understand
them, but I've met a fair number who don't know a thing about viruses,
or, even worse, they've got misconceptions. In light of the fact they are
computer security experts, their misconceptions carry a lot more weight
than the average person. Errors are much more damaging when they come out
of the mouths of these people."
Stiller sums up False
Authority Syndrome among computer security experts: "Put me on a panel
with a computer security person, and I won't claim to have his level of
security expertise. But the computer security guy will invariably claim
to have my level of virus expertise. How can you convince the audience
in a diplomatic way that he doesn't?"
(Stiller offers an
interesting analogy: he wonders about the policemen who vouch on TV for
The Club®. Do the officers specialize in car-theft investigations
-- or do they write traffic tickets?)
<<PREV NEXT>>
|
