Truth About Computer Security Hysteria
Morris Internet wormCATEGORY: Misconceptions about genuine threats
Robert T. Morris III, the son of a chief computer scientist at the U.S. National Security Agency, decided one day to take advantage of bugs in the software which controls the Internet (which the Defense Department uses heavily). These tiny bugs let Morris send a worm throughout the network. Among other things, the "Internet worm" sent copies of itself to other computers — and clogged the entire network in a matter of hours due to bugs in the worm module itself.
The press called it a "virus," like it called the 1987 "Christmas worm" a virus, because it spread to other computers. Yet Morris's work didn't infect any computers (a subtle point indeed). A few notes:
The [Morris worm] received worldwide press coverage, and the extent of the damage was magnified along the way. One of the first estimates — from John McAfee, the personable chairman of [the controversial Computer Virus Industry Association] — was that cleaning up the networks and fixing the system's flaws would cost $96 million. Other estimates ran as high as $186 million. These figures were widely repeated, and it wasn't until later that cooler heads began to assess the damage realistically. The initial estimate that about 6,200 machines, some 10 percent of the computers on Internet, had been infected was revised to roughly 2,000, and the cleanup cost has now been calculated at about $1 million, a figure that is based on the assumed value of "downtime," the estimated loss of income while a computer is idle. The actual restitutional cost has been assessed as $150,000; McAfee's exaggerated estimate of $96 million was dismissed.
Last updated: 2001/1/18