Truth About Computer Security Hysteria

AOL password-stealing Trojans/viruses

Chain letters long ago screamed about a "Trojan/virus" which steals AOL passwords. These chain letters now identify thousands (if not tens of thousands) of evil filenames AOL users must avoid. They also sometimes identify various AOL usernames as "dangerous hackers."

Password-stealing programs exist for all major online services — but AOL users send out hysterical alerts proportionately more often than users on other services. Some (but not all) experts believe it stems from the fact AOL caters overwhelmingly to new computer users.

Password-stealing programs also receive quite a bit of media exposure (as we saw again just recently). You can basically sum it up as follows: "Fire! Fire!!! There was a fire, somewhere, a few days ago. The family lost everything. Be careful! Don't fall victim to a fire!!! Send this message to everyone you know!"

Some points to ponder:

1. Many hysterical AOL users warn friends not to accept programs with a certain filename because they might contain a dangerous program. How many different filenames can you memorize? Can you memorize, say, 2.8 trillion different filenames?

2. Suppose you receive a binary file attachment from an unknown person and you choose to delete it as a precaution. Does this mean you deleted a malicious file? Or does it simply mean you deleted a file as a precaution?

3. How many buzzwords can you spot in this sentence: "This dangerous and incurable Trojan virus steals passwords, permanently erases hard disks, corrupts CD-ROM drives, and damages modems at 14.4k baud & higher..."

If you receive a chain letter about a threat to AOL users, please don't forward it — and please don't flood AOL with copies of the letter.

Last updated: 2000/2/3