p1@arkham.wimsey.bc.ca (Rob Slade) (05/07/91)
Monday, May 6, 1991 Open letter to: Editor, The Sun Vancouver, BC V6H 3G2 Dear Sir: It is with considerable dismay that I read your reprint of the Canadian Press article on computer viral programs ("A Plague on the Government", High Tech, Wednesday, May 1st, 1991.) Although it is somewhat encouraging to see that the growing problem is receiving some coverage, I find it disheartening that the media is still mixing up information from various data security problems and failing to accurately inform the public. The first problem is that of suggesting the problem is limited to the government. While government computers are being hit (and my own experience in government offices indicates that the figures published are at least an order fo magnitude too low), private companies and individuals are suffering as well. Certus International, a company specialising in antiviral and disk recovery programs, recently published a study in which 26% of responding corporations admitted to having been hit with a computer viral "infection" in January of 1991 alone. The study also indicates that the problem is growing at a rate of 160% per quarter. This suggests that by the end of this year, almost all large companies can expect to be hit with at least one infection every month. The second problem is the sandwiching of paragraphs describing attempts by outsiders to access government mainframe computers between descriptions of the actions of microcomputer viral attacks. The structure of the article implies a relation between the "crackers" who are trying to break into computers through "public access" ports and links through "wide area networks" and the action of computer viral programs, most of which are only intended to spread as widely as possible through the microcomputer community. While the former are of concern only to large corporations, government and military, the latter can affect anyone who uses a microcomputer. The third problem is the poor description of the viral programs themselves. What is the meaning of the statement that the "Eddie" ("Dark Avenger" is somewhat of a misnomer, being the name of the author, who has written a number of other viral programs) virus "attacks a system's main storage area"? It is true that the virus will, on occasion, overwrite random sectors on the hard disk of an infected microcomputer, and possibly corrupt files. Or the statement about the "so-called Stoned virus which destroys data." Why "so-called"? The Stoned virus, which is currently far and away the most common virus in North America, causes the least debate about its name, and any destruction of data it causes is unintentional and strictly limited to individual and special types of disks. Comuter viral programs are certainly not the end of computers, as some have reported, but they definitely do exist. Viral programs present some risk to microcomputer users of all backgrounds, particularly when so few among the general population are well enough informed to take appropriate precautions. The problem of "viral illiteracy" is a matter of computer "public health". In the same way that healthy people are at greater risk when the general population is full of diseased "carriers", the average or even well-informed computer user stands a greater chance of being infected if most computer users around the individual may be infected and not know it. Unfortunately, even the computer trade media is poorly informed on this issue. Lat year Computing Canada reported a story about a sophisticated extortion attempt that made use of a "trojan horse" program which pretended to be an AIDS information program while actually setting your system up to be "encrypted" in such a way that you would have to call upon the author's services. While there was never any indication that the program would reporduce itself in any way, it was reported as a virus, thus supporting the general myth that any type of computer problem is a virus. Because correct information is so rare, myths about viral programs abound. One is that viral programs only come from "pirate" software, another that those who use only "commercial" software are safe. (Unfortunately, we have all to many examples of retailers, and even commercial software authors, distributing infected software.) Electronic bulletin board systems are often seen as a source (unlikely) and, astonishingly, many believe that the use of a modem itself is a means of infection (technically impossible.) I wish to commend you on extending coverage of this important topic, but fervently hope that in future the information provided is more accurate. ============= Vancouver p1@arkham.wimsey.bc.ca | "If you do buy a Institute for Robert_Slade@mtsg.sfu.ca | computer, don't Research into (SUZY) INtegrity | turn it on." User Canada V7K 2G6 | Richards' 2nd Law Security | of Data Security