My Doom - Our Doom!
by zYX/a51


I'm pissed off! It's Sunday 1st February 2004 and a good proportion 
of my last week at work was spent sifting through emails on Outlook 
and deleting junk email created as a result of the latest mass 
mailing virus commonly known as "MyDoom". I don't work in the IT 
sector and most of the time I tend to have more to do than I actually 
have time to allocate. So checking a flood of mails constantly 
appearing in my inbox wasn't a welcome task.

But I don't blame the virus writer. The guy/girl isn't my favourite 
person at the moment but they aren't guilty of the worst crime being 
committed here. That title is reserved for software developers and IT
 personnel who are just plain lazy or don't have the knowledge to
 protect the systems they are "trying" to administrate!

I've a feeling I might generate a little uproar here but hear me out 
first.

I have never actually received a copy of this virus at my personal 
email box. In fact, I never actually got a copy of it on my work email. 
The actual emails being flooded through were "cleaned" as they passed 
through the virus scanning software on the system and forwarded on. 
The SMTP engine in this virus was intelligent enough to scan for 
random email addresses in documents on the machines it had infected 
and also come up with a variety of different subject lines. There 
wasn't much that could be done to block these emails unless the virus 
scanner knew exactly how the virus created them.

What could have been stopped is the flood of emails notifying me that 
the previous mail had been cleaned. The scanner software had effectively
DOUBLED the load of email on the server all by itself. In all this 
chaos I think I'm safe in assuming that our IT service centre received 
more than a few calls of concern and complaint judging by the next 
mail to land in the Inbox folder.

It was a notification from the IT service centre (hand typed, as 
opposed to autogenerated, this time which was something of a novelty) 
advising us that our network had been the victim of a "MyDoom" virus. 
Of course, we had probably overlooked the previous five hundred 
emails or so and knew nothing of this fact! The next line said they 
were "working" on turning off the email notifications which were 
adding to the mail bombing. Twenty fours hours later and the 
nofifications were still coming through as thick and fast as the cleaned 
virus mails. It didn't last for much longer though because the mail
server went down a few hours afterwards.

I won't name any names because I still like my job (hehe!) and it's 
something businesses are guilty of all over the world, but there is
a moral to this story.

Why are we emphasising everything here on the virus writers? I think 
someone has put up a reward for $250,000 following the capture of 
whoever wrote "MyDoom". Fine, they deserve to be caught but my car 
got broken into about two weeks ago. There is no reward for whoever 
did that! In fact if I had left it unlocked and the window down 
everyone would have just said it was my own stupid fault.

So why don't we take the same principle into account with our computer 
networks. There are always going to be assholes. They are always going 
to want to fuck everyone elses shit up. That's never going to change 
unless there is a hideously frightening advance in human genetics that 
allows us to extract the gene that causes a person to be a cunt to 
another person. Anything else we own that has the potential to be 
accessed by others we secure. We lock our homes and cars, we don't 
leave our mobile phones or money lying around. We usually call this 
common sense.

But how can we defend against this threat unless we have studied for 
years to acquire knowledge of our systems and the many possible threats 
against it. Obviously that is unrealistic. The same as you can't 
possibly know every way a car thief might get into your vehicle. 
(Sorry, I'll go easy on the car analogy now. It was just a good one 
to use!)

The first guilty party in the dock is the software developer. 
Unsurprisingly I place Micro$oft squarely at the top of the wanted 
list. The name evades me at this moment in time but an M$ executive 
was recently quoted as saying the reason there are more viruses, 
trojans and worms for Windows is because it's the most popular 
operating system in use. While there is logic to this argument it's 
far from the entire truth of the matter. The reason for the high 
attack rate of Windows is because of M$'s total disregard for security.

It's taken until Windows XP for M$ to build firewall technology into 
the operating system itself. Even then it is hidden deep inside the 
Control Panel, is relatively unmentioned in M$ main documentation, 
and best of all turned OFF by default. M$ also created an insecure 
way of integrating applications which led to the arrival of the 
Macro virus. A virus almost exclusive to M$ technology. Whilst the 
mighty monopoly makes less than half hearted attempts to "patch" 
these bugs (soon to be known as "development issues"), they are still 
leaving massive holes to be exploited. Great pains were taken to ensure 
that technologies such as Java and Javascript couldn't be used to 
compromise a system by limiting file access functions, so why does 
M$ feel it's not important to take the same precautions with it's 
own software. What the hell, Windows is probably sharing your files 
and printers across the internet right now as a default setting. 
If you bought a washing machine which was working fine but had a 
major fault that could result in your house being flooded would 
you be happy with it?

The second guilty party is IT personnel and system administrators. 
These people are getting paid generous salaries for the task of
 maintaining a network but some have a scarily low level of knowledge 
for the task. In fact some don't even seem to know what the basic 
mechanics of a virus, trojan or worm are. Only they are "bad" and 
you need to install a scanner to "deal" with them. Of course, why 
should system admins need to have this sort of insider knowledge, 
the company can recruit a network security consultant for a "modest"
fee. A half decent admin should be able to see if network traffic 
is unusually high and track the source or look for any suspicious 
exe's on a system's startup. Even better, blocking any incoming 
EXE, BAT or VBS files coming into the company network via email 
or web downloads. Most organisations would never need to download 
these filetypes on a regular basis anyway. These precautions alone 
would probably cease a good proportion of total virus propergation. 
When you work in IT, ignorance is bliss eh!

The final guilty party is your standard everyday computer user, 
not necessarily technically minded or any intention to be. Apart 
from switching on a firewall program (if they are told there is 
one in their version of Windows!) they can't really be expected 
to get involved in any more technical activities. It all comes 
down to common sense then... And that's where it fails!

Possibly the most likely way to be infected is by running a 
"highly suspect" email attachment. Unless most people have good 
friends in Nigeria that they help out with financial arragements 
or supply them with Viagra on a daily basis. Maybe they are just 
the lucky winners of "free porn" every week. Perhaps most people
are just gullible enough to run the attachment of any and every 
email they receive. The question that has to be asked is: If you
got a big box with a loud ticking sound in your letterbox, would 
you still be so eager to rip it open?

Viruses aren't going to go away, so maybe we need to change the 
way we deal with them. Mass ignorance followed shortly by mass 
hysteria doesn't seem to be working. They are just little computer 
programs after all, not an AIDS outbreak!

Okay, I'm going to go get a good nights sleep so I can be up bright
and early to clear another two hundred notification emails 
in my work inbox tomorrow. Sigh!


zYX/a51
[alan@a51.org.uk - http://www.a51.org.uk]

close window