Safety Tips in an Insecure World: Cutting Through the Hype and Hyperbole
With the most recent spate of viruses hitting computers, and with continuing rallying cries about how inherently insecure computers are in general, I thought I’d spend a few moments discussing some actual facts. Think you know it all when it comes to online security? Well, find out now.
It’s hard to imagine what computers would be like a decade after Windows 3.x was born. Viruses were passed around on diskettes, when people exchanged data or programs with floppies, not with network connections. (A computer virus is nothing more than a computer program which follows certain instructions the author programs into it — copy itself to other computers, delete files, rename files, etc.) So virus programs were pretty simple — scan the diskette before allowing access to it. The operating systems which run the majority of our computers also took a pretty simplistic view of how viruses are passed. Microsoft never imagined that everybody’s computer would be networked with everyone else’s computer (e.g., the Internet). So they built all of their consumer operating systems to be inherently pretty insecure when networked.
The Internet changed the world of virus makers. Disk-borne viruses are practically nonexistent today, while Internet-based viruses take over. Virus makers were given another gift from Microsoft as well. Microsoft started allowing ordinary end-users the power of programming through things called “macros” in word processing and spreadsheet programs. This gave users a lot more power in these programs, but also introduce a whole new strain of viruses. Virus authors could exploit macros to cause all sorts of havoc. And throughout the 1990s, this is exactly what they did.
Much of the problems experienced by users could have been solved if Microsoft put security concerns before feature bloat, but Microsoft made the decision to closely integrate its software with its operating system. This decision hasn’t helped security, but has allowed virus authors to thrive.
Microsoft, to its credit, has tried to patch its consumer operating systems to make them more secure, with varying degrees of success. For example, to run the “I LOVE YOU” virus from email, a pretty large warning box pops up and explains the danger of trying to run the program unless it is from a trusted source.
Virus writers are quite ingenious though. “Trusted” means, to most people, that the email and accompanying virus comes from someone you know. So the popular means of distribution these days is to send email with attached viruses to everyone in the target’s email address book. Again, Microsoft’s programs make it very easy to disseminate viruses this way, entirely unintentionally. Other email programs are less susceptible to this problem.
Oh, and if you have a Mac and think your immune to viruses like this, don’t be fooled. Most virus writers concentrate on infecting the largest amount of machines possible. Since Mac users are a tiny percentage of all computer users (5-6%), they are usually less of a target. But viruses have been and continue to be written to take advantage of Mac-specific OS and software exploits.
Even virus protection programs didn’t pick up the “I LOVE YOU” virus until after it was released (which was too late for most people). So while it is important to invest in a virus detection and cleaning program, it is not enough. You, the end-user, need to change some of your behaviors to keep the virus from spreading.