Worms and other computer problems
We have someone close to us who smokes cigarettes and doesn’t wear a seatbelt. At some point he is likely to die from one or the other of these (hopefully not taking us – or anyone else – with him in the process) and we will feel bad, but not astonished. In much the same way we feel bad but not astonished when individuals and organizations who ignore publicized computer threats and solutions, are hacked or struck by viruses or worms.
As an example, someone we know finally got around to putting an antivirus program on his computer. When he ran his first scan it indicated 97 infected files! One wonders how many machines he infected. By much the same token, companies struck by the Red Worm before the patch was available have my sympathy and understanding, as do those hit by denial of service attacks coming from other infected machines. On the other hand, it is no easier to be astonished about that fifty percent of organizations running Microsoft Internet Information Services (IIS) who didn’t apply the free patch, once the problem had been publicized, than it is to be astonished about smokers having lung problems, or drivers without seatbelts being injured in automobile accidents.
In truth, there will always be vulnerabilities in computer programs and systems. And there will always be some period of time between the discovery of the vulnerability to the development of a patch for the vulnerability. However, once vendors make the fixes available, it is appropriate for individuals and organizations to update their systems.
Red Worm and Red Worm II (and III, and all future variants) only infected computers where the appropriate patch was not applied. And the same holds true of other computer vulnerabilities: Once there is a fix easily available, it is sort of your fault if you do not bother to apply it. However, the truth is that A) not all systems will get patched, and B) it is not fruitful to blame the victim. Instead, we should remember that detection and response are as important as patches.
For individuals not running servers, the problem is even easier to deal with: Install a personal firewall and get good anti-virus software that you update regularly. What constitutes regularly? Well, when we sign onto the internet in the morning we check for updates. If there is one, it is downloaded, and a scan of the system is run. In the evening another check for updates is made.
If there is one, it, too, is downloaded and run. Assuming there is no update, the system is scheduled to do a complete scan in the middle of the night.
In addition, keeping up-to-date with software patches and upgrades is as smart an idea for individual users as it is for business users. Services such as Big Fix (http://www.bigfix.com/) are free, and let you know when upgrades are available for certain software.
Does doing all this make us invulnerable? Absolutely not! We get several infected email attachments a week (all of which, so far, appear to have been caught by our anti-virus software). This being the case, we could as easily as the next user be caught by a new virus for which there is not yet a tracked signature. But between twice-daily checking for new signatures, regular checking for system and vulnerability updates, a personal firewall, and a near-pathological backup regime, we have some confidence that we are managing the risk as best we might.