ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Analysis: Feeding the virus frenzy


June 27, 2000
Web posted at: 11:15 a.m. EDT (1515 GMT)

(IDG) -- I woke up last Friday to my radio blaring in dramatic tones dire warnings about the latest "hacker danger lurking on your PC."

Groan. Another writing day shot to hell, sorting out facts from fiction for concerned clients.

It turns out that this was nothing nearly as dire as Melissa or the Love Bug. In fact, many industry experts considered it to be nothing more than an attempt at cheap publicity by a relatively unknown computer security company.


Now, let's be honest: news about security incidents helps sell security services. That's a fact. As a partner in a security company, you would think I would be happy about such revenue-generating panics. I'm not. I plan to be in this industry for the long term. Eventually, people will get immune to hearing that "the sky is falling" and ignore all security warnings.

  SunWorld home page's server hardware page's high end systems page
  Internet reality check
  Reviews & in-depth info at
  Questions about computers? Let's editors help you
  Subscribe to free daily newsletter for system admins
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

The people from Network Security Technologies (NetSec) defended themselves by stating that it was the media's fault that this warning got so out of hand. In a statement sent to the Hacker News Network, M. Scott Shreve, director of NSOC Technologies for NetSec, states: "Nobody said there was a cutting-edge new tool out there. We just found definitive evidence that several thousand machines fell victim to a slightly modified version of an old tool."

Well then, why the press release -- complete with extensive background on a previously unknown company? Why give the Trojan a new name, Serbian Badman Trojan, when it was already known as the SubSeven Trojan? If the company discovered a potentially dangerous situation with regard to a known Trojan, wouldn't it have been more appropriate to alert the virus vendors or at least check the signatures with them?

Rain Forest Puppy was also criticized when he released details about finding a backdoor in a Microsoft product that was activated with the phrase "Netscape engineers are weenies!"

The difference is that what RFP discovered actually was new and he gets no financial benefit from hyping an exploit. RFP has since written a policy "to establish a guideline for interaction between a researcher and software maintainer."

While NetSec's motivations for alerting the media to an old Trojan may be debatable, there are people who obviously benefit by exploiting FUD (fear, uncertainty, and doubt). Lew Koch recently reviewed Winn Schwartau's book, Cybershock: Surviving Hackers, Phreakers, Identity Thieves and Weapons of Mass Destruction.

Schwartau is either a respected information security professional or a self-promoting charlatan, depending on whom you talk to. An earlier book of his, Information Warfare, was generally considered to be a good wake-up call to managers about potential problems. His latest appears to be, well, more of a shrill scream for attention.

A bit of sensationalism is sometimes necessary to get the appropriate resources to address a problem. If no one raised an alarm about the Y2K problem, would management have devoted the necessary resources to fixing it? Granted, that particular alarm went way overboard, but that doesn't change the fact that there was a problem that needed attention.

Sometimes a little hype is a good thing. Too much, though, will eventually backfire.

The sky isn't falling. Or is it?

Can you hack back?
June 1, 2000
Philippines: School for Hackers
May 22, 2000
Windows' popularity makes it easy target to hackers
May 16, 2000
Security experts say hackers have the edge
May 11, 2000
Should cyber ethics be taught at school?
May 9, 2000
Experts say more legislation will not deter computer hackers
May 5, 2000
Technology - Can you counter-attack hackers?
April 7, 2000

Reporting hackers seen as best deterrent
When it comes to security, there's no such thing as crying wolf
Service-based security
Virus: A love story
Internet reality check
(The Industry Standard)
Hackers attack DSL, cable modem users
IT gets an assist with security
Denial-of-service victims share lessons learned

Hacker News Network
Rain Forest Puppy
Winn's war against the Net

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.