Truth About Computer Security Hysteria
George C. Smith, Ph.D.,
Saturday, 4 August 2001
CODE RED DID serve a purpose. If you cared to see, it was hard to miss the numerous instances of bad business trotted out in response.
Diseased Internet servers? Pfoo! I'm speaking of things that have more impact in the real world: pretentious and offensive news reporting, stupidity peddled as sagacity and cynical media massage, smugly alleged to be for the common good.
Worst of all — the dimwitted self-serving bragging that too often ensues when, inevitably, what was said to be a ravening Net monster turns out to be another scarecrow.
Example: "Code Red Alert May Have Averted Disaster" was a headline taken from my daily paper on the second day of August. Although the story was well-buried on page three of the business section (kudos to the anonymous editor and slot who must have had a hunch about the real news value of the Code Red turd), GPAs were produced. One from the federal government proclaimed: "[the media wave] may have cut off the worm's food supply."
Rewind for historical purpose. In 1992, a USA Today reporter claimed to your editor-at-large, that everyone's PC would have crashed had he and his colleagues not gone on a wild hog ride over the Michelangelo virus.
Also worth mention: the local news machine issued an internal memo reassuring its editorial employees that Code Red was not a threat to their personal computers, presumably in response to the widely held belief, incited by the spectacle of FBI NIPC and Team Dick, that it was.
Which brings us to the topic of education on computer viruses and bad Internet things, in general. Vmyths.com says: education, schmeducation.
Golden Pizzle of Analysis: in the Age of Crummy Information, any "expert" fond of making greatly exaggerated, inane or dumbly obvious statements which the media, acting as flugelman, will not seriously question.
Usage: The worthy GPA from the TrueLies Corporation gaily claimed to the rapt journalist that Code Red would create an Internet meltdown.
-- The Joseph K Guide to Tech Terminology
The new oh-so-sincere recommendation coming from computer security-land is for more public education, working under the unquestioned assumption that everyone is either too sub-adult or mentally ill to grasp the inherent wonderfulness and necessity of the proposition. However, for all practical purposes, edification about computer viruses translates only to the following:
"The Internet is not melting!" screeched a Net vizier and GPA for the rapidly typing journalist.
- Media circuses. They're rationalized using logic that says it's a good thing to yell "Fire!" in a crowded theatre every couple of weeks or so because it gets the night manager's attention.
- Education justified only if its dollar cost works double as corporate marketing, or, as $1000/ticket conventions in which the student (supplicant works well, too) is placed in close physical proximity to peddlers of hardware and software.
- SchadenFreude, or joy over the public shame of others. SchadenFreude is passed off as civic-minded service performed out of the goodness of heart of someone in corporate computer security, usually when it involves exposing someone else's insecure software or hardware in sufficient detail to result in "Code Reds" and/or 1 and 2. (See: eEye Digital Security.)
- Service to a toxic legislative agenda. As in: "Now that we've educated you about all the very bad things that have resulted as a consequence of the Internet, naturally, you will quite agree that the Freedom of Information Act must be changed to enhance corporate and national security." (See: Information Technology Association of America.)
The current cry of education is also a stain upon common sense in that it seeks to place the blame for computer horror on Joe SixPack. You haven't been paying attention, swine — goes the line — and we in computer security land and corporate software America have done all we can under God's grace, so now it's up to you to buy your antivirus software, apply your software patches, keep everything up-to-date all the time, read the Computer Emergency Response Team's bulletins, and ... and, or you'll get your knuckles rapped. Now go sit in the corner!
There are two things wrong here, letting slide the vainglorious attitude required to to come up with it in the first place.
First, it's only a symptomatic answer: let's shift the blame to the users. And ignore the fact that man-in-the-street-with-computer had very little say, other than the permission to purchase something, in any of the current state of affairs re: the Internet over the last half-a-dozen years or so.
Second, it asks everyone to swallow a goal that's not attainable. (Ignore the deceitful propaganda that good ol' American know-how can always cure everything.) It is not possible to "educate" enough people under the current system to make this approach work. There will always be a significant segment of the computer-equipped public that's inured to it, much like there are a lot of people who can never be taught, or who are too stupid to learn, how to change a tire. It's not good or bad, merely an inescapable part of the human condition. A few weeks spent in a PC virus help forum makes the point abundantly clear.
"[Code Red] gets its name from its apparent source: China," wrote the Zogg-Doofus GPA invidiously.
"A Chinese expert says 'Code Red' was probably not made in China," reported the GPA for the big city newspaper.
"The Code Red worm — named after a high-caffeine cola from Mountain Dew," wrote the Zogg-Doofus GPA emphatically.
Larry Magid, the well-known syndicated salesclerk for hardware and software, wrote in his August 2 column about encountering the SirCam virus. "Always run anti-virus software and never open attached files you aren't expecting," wrote Larry in earnest "eat your peas" voice. Then he indicates he infected himself with SirCam, anyway.
So dear reader, know this when dealing with "education, schmeducation!" In this upside-down world, the "school system" can be the equivalent of one in which the syphilitic are lecturers on disease and its prophylaxis.
"I can now reveal that Code Red is named after my friend Lazlo Fezes' dog," said Nick B. while telling a joke to an editor of Vmyths.com.