The Virus 'Ambulance Chasers'

[William Knowles <wk () C4I ORG>]

http://www.wired.com/news/technology/0,1282,36464,00.html

by Katie Dean
3:45 p.m. May. 19, 2000 PDT

The hype surrounding the "NewLove" virus is spreading, well, like a
virus -- and at the center of the hype are the companies themselves.

"Anti-virus companies have always been seen as ambulance chasers, and
sometimes, it's true," said Dan Schrader, the chief security analyst
at Trend Micro. "Because this is an industry that has been built on
hype and alerts and pretensions of being good citizens, the industry
doesn't have a lot of credibility."

That's what happened Friday, Schrader said, when numerous alerts were
sent out by anti-virus companies, and the virus only affected a small
number of computers and networks. But the media, and even Janet Reno,
did their part to fuel the fire as well.

"I have to admit this whole thing became a media feeding frenzy," said
Schrader, who estimated he had been interviewed a dozen times since 5
a.m. (PDT) Friday morning.

"This whole industry runs on hysteria," said Rob Rosenberger,
webmaster of Computer Virus Myths. "It's just one more press release
about a virus that's probably going nowhere."

News of the virus spread rapidly as soon as it was discovered. Trend
Micro learned that one of its customers was infected with the newer,
nasty virus late Thursday, Schrader said. A reporter called him,
having heard from anti-virus company Symantec that one of its
customers was also affected, and Trend Micro then decided to call the
Associated Press.

"This thing is all of a sudden snowballing," Schrader said.

Ironically, the "NewLove" virus, while nasty, has had nowhere near the
effect that its pesky cousin "Love Bug" did two weeks ago.

"We really haven't seen it out there that much," admitted McAfee
director Sal Viveros.

But Schrader said that despite the hype, there are legitimate reasons
to inform the media to get the word out quickly.

"We need to educate 300 million people overnight, and that is an
absurd responsibility," Schrader said. "The pressure to (tell the
media) is huge because you never know when one of these viruses will
be the big one."

"The proactive notification of customers is a responsible thing to
do," said Tom Powledge, a group product manager for Symantec.

McAfee's Viveros added that any time there is a huge outbreak like the
Love Bug, companies are also on high alert.

"Historically, we see a whole slew of copycats and variants after a
major virus outbreak," Viveros said. "We're monitoring extra closely."

Over-hyping of computer viruses is not a new phenomenon. The most
notorious example of hype was during the Michelangelo virus in 1992.
John McAfee, founder of McAfee Associates, warned that Michelangelo
would hit 20 million computers, when in fact the virus infected 20,000
computers at best, Schrader said.

And he believes there are better ways of preventing virus outbreaks,
and the media circus that surrounds them.

"If we had 200 of the largest ISPs scanning the traffic they're
delivering for viruses, we wouldn't have an outbreak of (the "Love
Bug") magnitude," Schrader said.

He pointed out that US West already does this for its customers, and
British Telecom also has plans to scan for viruses.

Rosenberger of the Computer Virus Myths homepage said that the problem
will be corrected once users demand anti-virus software that can
detect viruses before they infect computers, instead of the
after-the-fact detection that companies use now.

"Users are the biggest avenue to change," Rosenberger said.

Nevertheless, part of the credit that the virus was so easily
contained was that people are becoming more aware of these invaders.

"The virus companies were ready and the users were ready," said Chris
Vargas, president of F-Secure. "People were ready for this, which is
really good news."


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".