 |
|
name: will baker blogrollin' other sites: |
I.T. Op-Ed
On Monday evening, I started seeing reports about a new mass-mailing worm called Novarg by Symantec, and Mydoom by most of the general press. Since I am working off-site until Friday, I sent an email to our entire staff warning them to not open any email attachments that they were not specifically expecting, regardless of the apparent sender. I planned to go in on Tuesday evening and make sure everyone�s virus definitions were up-to-date, since Symantec is sending out new definitions about ever 6.8 seconds these days. So naturally, a user downloaded an attachment that arrived in his personal Yahoo! mail account. He got a pop-up notice from Symantec Antivirus saying that W32.Novarg.A@mm had been detected and deleted. These messages always terrify my users, who automatically think that they have done something wrong and are in �trouble�. Personally, I absolutely love those messages, because they mean that the software protection we�ve invested in is actually working. So anyway, that incident seems to have been contained. So I sent out another email explaining how this worm works and begging everyone to PLEASE PLEASE PLEASE not open attachments that they are not specifically expecting, and to not open ANY attachments with file extensions of .bat, .cmd, .pif, .scr, or .zip. Period. The next email I send out will mention that they don�t need to be fucking around with their Yahoo! mail on company time anyway. I�m sure they�ll all spend tomorrow merrily clicking attachments. Or calling me on my cell phone and telling me that they think their computers are infected because they can�t find a file (which they probably saved somewhere like c:WINDOWSMicrosoft.NETFrameworkv1.1.4322ASP.NET Client Files and are now looking for in �My Documents�). But I digress� I have two thoughts about Novarg/Mydoom. By all accounts, it is spreading like wildfire, and may end up propagating more successfully than Sobig.F, Welchia, or MSBlaster. This absolutely blows my mind, and here�s why: Blaster and Welchia are network-aware. They could infect any networked machine simply by finding it and exploiting the DCOM RPC vulnerability in Micblowsoft�s crappy code. Welchia came around about a two weeks after I had taken this job and inherited a network with no firewall and PCs with no virus protection. I spent several long weekends scraping Blaster and Welchia out of our systems, and then deploying the security measures that should have been put in place about 10 years ago. It was horrible, but given the nature of those particular exploits, there was no one to blame except ourselves (and the punk-asses that wrote Welchia and Blaster). Mydoom is totally different. It requires (yes kids, requires) users to click on an unknown attachment for the infection to occur. Click on an unknown attachment. We�ve been using the Internet for, what, 10 years? Are there still people who just open whatever crap happens to show up in their mailboxes? Are there still people who don�t have antivirus software on their home PCs? Business networks without firewalls? As the Internet goes from being an interesting diversion or useful tool to a vital national and international infrastructure, the question of blame begins to arise. It�s easy to say that the author of Mydoom is ultimately to blame for Mydoom. But since Mydoom is designed to require what amounts to permission from the user, who is responsible for its rapid spread? The Slashdot crowd are crowing about �Micro$oft� as per usual. I�m certainly no big fan of Microsoft. I tend to think that Windows has become so incredibly overcomplicated that it inevitably ships with a zillion crappy flaws. Microsoft just rolls it out, and then waits for the script-kiddies to write exploits that let them know what needs to be in the next patch. It�s a win-win situation, except for the end user, who gets screwed up the ass. Sideways and with no lube. And even if Microsoft didn�t ship such shoddy products, the OS �monoculture� in which Windows supports some 95% of desktops worldwide practically BEGS someone to find that one little flaw that can �take down the system�. A more diverse ecology of operating systems would make for a more robust networked world. Still, Microsoft�s sloppy work and the Windows monoculture are elements of the world we live in, and this shouldn�t be news to anyone. What Mydoom shows us is that a vast percentage of users (maybe a vast majority) are blissfully ignoring the realities of that world. The legions of AOLers who regard the Internet as little more than interactive television (with free porn) are out there clicking away whenever they hear �You�ve Got Mail!� Ultimately, I suspect that they don�t believe that anything �only in a computer� can do any real harm. I�m absolutely certain that they don�t have even a basic understanding of how networked systems work, how these various exploits work, what activities are risky, how to protect themselves, etc. So we can talk about Mydoom �spreading� or �propagating� all we want, reifying it as if it were a subject with agency. But the ugly truth is that every single instance of Mydoom infection was voluntarily initiated by a user. Mydoom didn�t �spread,� it was adopted. There is much to say about the role government should (or shouldn�t) play in protecting what has become the information infrastructure of modern business. There is also a discussion to be had about the dominance of private enterprise in what passes for Internet security at the moment. I don�t really have anything useful to contribute to either discussion. What I am quite sure of is this: if the American people want the Internet to be a useful medium for connecting their personal computers to systems that allow them to do things like manage their bank accounts, order their Christmas purchases, or make their vacation plans, then everyone is going to have to accept a degree of responsibility for the Internet�s security and integrity. And in the first instance, that means educating ourselves about the technologies, the risks, and the solutions. Information technology is no longer the purview of pasty white guys with bad skin. It�s now the air we�re all breathing. It is the context of our culture. It�s the medium of the ongoing conversation that is culture. If you don�t know what anyone is talking about�if you don�t even know what language they�re speaking�how can you join the conversation?
last 5 entries: |
this site is optimized for FireFox 1.0, because Explorer is for mouth-breathers.
