Computer Worms and Viruses

by

John Wright

It is early morning, a time I often mull over some current issue. I like to surround an issue with questions from a variety of directions, and by so doing I identify anomalies worthy of attention. This morning is no exception. There is apparently a new worm that can gain entry to our pc simply by our looking at an infected e-mail. That is, one no longer has to open an attachment or click a hyperlink within the e-mail to launch the worm. The trigger that captures my interest in this particular worm is that it represents an entirely new class of invasion that heretofore simply didn’t exist … and we have had computer viruses around for over 15 years.

Along with the worm is a more psychologically sophisticated use of our e-mail address books and message header content in the worm-generated e-mails to those in our address book. The header content is used to falsely convince the receiver that the sender is a friend or associate with an interesting attachment to share. Thus, if we simply read the e-mail from our "friend" the worm is now in our pc. If we also unwittingly open an attachment or click a hyperlink, then any manner of new and destructive worm or virus or Trojan horse can be launched.

This use of friendly e-mail userids makes us unable to trust any e-mail, and a knowledgeable friend has recommended phoning the sender to verify that they indeed did send the e-mail and the attachment or hyperlink. This recommendation seems to be overkill but it is not. The real issue is that we have lost a useful and relatively secure means with which to communicate. Who wants to go through the extra step of calling the sender? What sender wants to field multiple return phone calls to verify that the e-mail and attachment are legitimate?

Flash! A light bulb just turned on in my mind. The word "phone" was the trigger. I start thinking about hacker activity, worms and viruses in the world of large mainframe computers and servers. Most of us know that our phone service worldwide makes extensive use of computers. This is true even for cell phones. Ground installations use switching logic and vast network infrastructure to connect anyone to anyone, and yes, there is software/programs running to accomplish the task. The communication satellites have some processing capacity i.e. programs running that can be dynamically updated.

Paranoia questions: How is it that creators of worms and viruses have not managed to shut down our phone service? Are worm and virus creators simply teenagers having fun (give me a break!)? Are our other businesses that use mainframe computers to conduct business with the outside world every day invulnerable? How is it that we never hear (well, almost never) about our law enforcement agencies catching and prosecuting the people who have created and launched the hundreds of viruses and worms that have caused us to purchase anti-virus software and firewall software? Are those people from different countries?

I could extend the question list considerably but you get my point. Both the frequency and the sophistication of new worms and viruses is making me wonder about the sources. Then, I think about our businesses, especially our phone companies, and while I know hackers have caused headaches for some companies and government agencies, there simply seems to be too much vulnerability in our pc world that is so much better accommodated by businesses. This leads to the obvious questions for software companies like Microsoft®.

How is it that you folks who created all the sophisticated pc programs like operating systems are so ineffective in providing us a bulletproof e-mail environment? Many of us use the Internet today for online banking and purchases and bill paying with trust that the "secure" environments and the talents of the security folks at the bank, store and other computer system groups are reliable. This means we do not expect to have our credit card information stolen, nor do we expect to hit a hyperlink that will launch a worm or virus on our pc. Yet every time I turn around you have another security fix for Internet Explorer, Outlook Express, Windows 2000 or Windows XP. The hacker activity that appears to be the primary reason for the security updates betrays serious weakness in either or both the operating systems and the Internet/E-mail software, or the communication environment of the Internet.

I am saying that these comparative scenarios do not make sense. Either I am a damn fool for trusting "secure" environments or there is something very phony about the inadequate security of the Internet e-mail and Windows operating system/application software environments. For example, consider Microsoft® Network (MSN). MSN is an ISP (Internet Service Provider). If I am a user of MSN then all e-mail destined to come to me must go through an MSN server. This means that the logical place to stop all e-mail related worms and viruses, in both directions, is at the ISP server and not at the users pc. The hacker environment is also non-sensical … no one can get to my pc except through your servers. How can you distinguish a legitimate attempt to communicate with my pc from that of a hacker? Simple … let me tell you whom I will allow in … then you block all other inbound traffic. You certainly could establish that environment if you so chose.

Now I am getting angry. McAfee®, Symantec® (Norton®), the ZoneAlarm® folks and even the Spybot creator are pumping out millions of copies of protection software that should be irrelevant to the e-mail and hacker environments. Yes, these products could still be useful in protecting us from worms and viruses at nasty websites that we might visit, but then again, it really is the same environment … all traffic to and from my pc goes through my ISP’s server. If my ISP is MSN, then I have a fully justifiable reason to expect that extremely wealthy braintrust to control server traffic content.

Okay, I admit that for any new worm or virus that it may take a few days or weeks to identify it at the server and disable it. In the meantime it can be helpful to have something on my pc that would keep the trash out, right? NO! Any protection software I might have will not detect the new worm or virus, until a new set of virus definitions are created by my anti-virus software vendor and loaded onto my pc. This means that I am unprotected and vulnerable. This means that the fix for a given worm or virus belongs on my ISP’s server and not on my pc.

There is still the environment question I raised earlier. The very structure and methods used to have e-mail worldwide are not secure and should be and could be radically changed. The brainpower to do that obviously exists as we have secure military and other government communications. We the public are being hosed by the protection software vendors as well as the creators of worms, viruses and Trojan horses. It is time to stop this silly game and become belligerent with our ISP’s and companies that create our operating systems, i.e. Microsoft®.

As to the perpetrators of worm and viruses, I know too little to say much, so all I will say is that our inability to identify them means that the environment within which they work and within which we work is grossly inadequate, poorly designed and obviously in need of a major overhaul, globally. Let us remember that what I am talking about is protocols and other blocking/permission software. No capital investment in networking or other communication equipment is being compromised. There is no valid reason to keep our present insecure environment.

The focus on bells and whistles for marketing purposes for operating systems and application software is understandable and stupid opposite what is needed today. I am imaging a "dandy" … a guy dressed very well with lots of cash driving through the tenements in an open luxury car convertible. What the hell do you think is going to happen to him? Now think of yourself as a passenger in that car. What the hell do you think is going to happen to you? How many times will you go for a ride with the dandy before you wise up? I am both a driver and a passenger on the Internet highway, but companies like Microsoft® are the open convertible vehicles. It’s raining like hell and all you offer are umbrellas. Put a roof on it!

‘Nuff said.