http://www.kumite.com/myths
Someone is clueless about viruses? Send them a clue
Send email to Rob Rosenberger
The guy behind the Computer Virus Myths home page
Please feel free to send kudos, comments, and/or constructive criticisms! I receive a lot of email these days but
I still read every message ... and yes, I do respond as much as possible. Please note: I focus on
computer virus myths/hoaxes. Check out
urbanlegends.About.com and
snopes.com and
urbanlegends.com and
Hoax du Jour and
US DoE CIAC and
alt.folklore.urban
if you want to know about other myths, hoaxes, urban legends, and old wives' tales.
Do you participate in the "SETI@home" project? Why not donate via the
CVMhp group for a
short while? You can return to your primary group whenever you like...
Questions people frequently ask me
- Did a genuine computer security expert send you the email? If your mother-in-law sent it to you,
and she claims she got it from her dentist, who got it from a podiatrist, who got it from his secretary's
daughter, who (supposedly) received the email at college directly from IBM's virus experts...
- Does it urge you to forward it to everyone you know? Genuine virus alerts don't ask you to participate
in a chaotic email distribution scheme.
- Does it include a link to an authoritative details page? Chain-letter virus alerts shouldn't
go into detail about a virus. It should summarize the threat and provide a link to a "for more info"
page stored on a well-known computer security website.
Ask the authoritative source to send a copy to each of your friends. If you received the alert via a computer
security mailing list, tell your friends about the list and give them instructions on how to sign up.
(Caution: don't add your friends to the mailing list without their permission. They may retaliate by
adding you to dozens of mailing lists.)
If you started the chain letter, then you should definitely report your problem to AOL. If
you did not start the chain letter, then please refrain from flooding AOL with copies. The
same goes for any Internet service provider, really. Thanks for understanding.
(return to top)
Giving help to the clueless...
Yes, if the person lives in the United States. I purchased business cards specifically for the website; I can
send one to your colleague if you wish.
Address an envelope (any size) to your colleague. Leave the return address blank if you want to remain anonymous.
Put a stamp on the envelope and place it in another envelope. Address the outer envelope to:
CVMhp Clue Offer
P.O. Box 50
Wellman, IA 52356
I'll slide a website business card in the envelope you provided and drop it in the mailbox. Please forgive me: I
can only afford to do this for U.S.-addressed envelopes. The local post office doesn't handle international
mailing coupons (I'd have to drive to a regional post office)...
(return to top)
Ask your CIO to sign the following notice:
To all employees,
We have experienced another rash of hoax virus alerts spreading around the company. These hoaxes are disguised as
"helpful" emails with a warning about a dangerous new computing threat. These emails are
hoax chain letters which make the sender look stupid. They waste employee time and spread false
information.
Stupid employees may forward hoax alerts with my blessing. If you're not stupid, and you receive an email
warning of any type, forward it to the "Computer Security" email account. Our experts will investigate
it and notify you if further action is required.
Questions can be directed to {employee} at extension {phone}. Please visit
http://ciac.llnl.gov/ciac/CIACHoaxes.html and
http://www.kumite.com/myths for more info about computer virus hoaxes.
Thank you.
Signed,
The CIO
Sadly, you may need to spam this notice to every employee once a year. Caution: the point of contact
will hear from a lot of clueless people. (Trust me, I know.) Delegate the task if possible. Don't say I didn't
warn you.
(return to top)
You probably want something short, fun, and to the point. Feel free to use this with my compliments:
Which of these things is not like the others?
- Win a Holiday computer virus alert
- Returned/Unable To Deliver computer virus alert
- Join the Crew computer virus alert
- Word.Concept computer virus alert
- Penpal Greetings computer virus alert
Answer: (4). The Word.Concept virus is real. The rest are hoaxes designed to frighten you. Don't panic
about a virus alert -- especially if you receive the alert on April Fool's Day. Visit
http://ciac.llnl.gov/ciac/CIACHoaxes.html and
http://www.kumite.com/myths for more information about computer virus
hoaxes.
If a specific hoax plagues your organization, insert it in place of another alert in this list.
(return to top)
When you plop a computer on their desk, configure the browser's start page for
www.kumite.com/myths by default. They'll change the start page on their
own sooner or later anyway, so why not give them a useful lesson in the process?
If your firm's website must appear as the start page, you can still pull an interesting trick. Take
this HTML code and change one HREF variable from
www.news.com to the URL of your choice. Copy it to the user's computer as the default start page. The top
half of the browser will display your website; the bottom half will display this website. Enjoy!
(Don't worry about stressing my server. It talks directly to the ATM cloud and I get unlimited bandwidth in my
domain contract.)
(return to top)
Certainly! Feel free to use these logo graphics
if you wish. You don't even need to copy them to your website -- just reference them directly from here (very
useful if your provider charges you for space or bandwidth). I get unlimited bandwidth in my domain contract, so
don't worry about stressing my website just because you link to it or reference a graphic.
(return to top)
I recommend Yahoo as one of the best starting points. Type
"computer virus" in the search field and get going!
(return to top)
Just about any major antivirus program will do the job. The key issues:
- You must understand your needs. Would you blindly purchase a sports car if you really need a
minivan? Too many computer users buy antivirus software before understanding their needs. Even worse, some
people demand capabilities they'll never use. "Look, I like this car, but it needs an airbag in the trunk
to protect the spare tire..."
- You must recognize the program's limitations. Some people honestly believe antivirus software is
bug-free, for example. Others arbitrarily mix & match operating system requirements without understanding
the limitations it imposes. And did you know all virus detectors suffer from an unsolvable
design problem? (Among other things, this design problem accounts for many false alarms.) Even large
companies and government agencies sometimes fail to understand these limitations.
- You must use antivirus software correctly. People who don't know what they need in the first
place will often use antivirus software incorrectly. Many others eventually stop using it after growing
weary of the tedium. Large organizations compound the issue when they centrally manage all computer virus
policy -- workers don't feel a strong urge to check for viruses because "the guys in networking handle
that stuff."
(return to top)
No. Virus researcher Sarah Gordon said it best: "There
are serious problems with all of the [antivirus] evaluations on which people are currently relying."
(return to top)
No, but thank you for asking.
If you find a genuine virus and your antivirus software correctly detects it, then just delete it or keep it to
yourself.
If you find a genuine virus (not a false alarm) and your antivirus software
doesn't correctly detect it, then I recommend you send a copy to whichever firm produces your antivirus
software. They'll want to see it. Include as much information as possible about your incident.
(return to top)
I certainly do use antivirus software. I currently employ four different products on my systems. I don't like to
identify which specific products I use, for this reason.
I update virus-scanning packages whenever I get around to it, generally about every 6-10 weeks. I don't expect
them to find viruses on my own computers -- rather, I run an updated scanner the first time just to see if it
generates any false alarms.
I don't scan for viruses during the bootup process -- I only recommend at-bootup scanning in
situations where untrusted users receive full, unsupervised access (e.g. at college computing centers). I
do recommend "macro protection" facilities such as Microsoft's ScanProt, although
I personally don't bother with macro protection on my own computers. (Shocked? Don't be: I check files when I
receive them.)
Call me reckless, but I also accept Java & ActiveX in my web browser
despite what the fearmongers say. Some magazines (e.g. PC/Computing) tell you to disable Java in your
browser, yet they ironically use Java on their own websites. Go figure.
(return to top)
I "worry" about viruses about as much as I "worry" about getting into a car accident. I don't
sweat at the sight of every vehicle, fearing it contains a drunk driver destined to plow into me.
I don't run through the house every morning waving a gun as I search the cabinets for a deranged killer who might
have broken into the house without my knowledge. Likewise, I don't run antivirus software at bootup every morning
to search every file for a deranged virus which might have broken into the computer without my knowledge. (See my
opinion piece on this subject.)
Besides, I don't need to worry about viruses -- the computing world ended long ago. In fact, the computing world
has ended eight or nine times already. Viruses are nothing compared to the forthcoming tenth
obliteration of the computing world, so I don't worry about them.
(return to top)
Infected by accident -- no. See my writeup about the many people who rise to the stature of
office virus expert because their computers got infected.
On purpose, certainly. Colleagues occasionally send me the latest "fad" virus for review. I'll spend a
whole day infecting a computer, studying the effects & attributes, etc. But for the most part I prefer to let
far more qualified researchers do the code-studying.
(return to top)
I occasionally buy five shares (regardless of price) just to keep tabs on the company. I'm not a
stockbroker nor do I play one on TV. I don't invest in antivirus companies; I don't care what happens to the
value of any five-share purchase; and I don't vote in stockholder matters.
(return to top)
I think "Caesar si viveret, ad remum dareris." If Caesar were alive, they'd be chained to an
oar. (Ha!)
Seriously, I believe antivirus firms provide an absolutely essential service for computer users.
I also believe they should profit handsomely for their efforts. I just want them to make gobs of
money in an ethical manner.
Do I write off the whole antivirus industry as a bunch of ambulance chasers? No. Unfortunately,
a number of bad apples over the years pumped out most of the security hype we've seen to date. They created so
much Chicken Little hysteria that we now thank firms for reducing the hype they generate on a regular
basis.
(return to top)
None: I consider them all a nuisance. I worry about the incoming water line entering my house just 15 feet from
where my computers sit. If it springs another leak like the last time... I also worry about an earthquake like
the one St. Louis suffered in 1987, or a lightning strike like the one in 1989, or another Mississippi River flood
like the one in 1993. Any one of those could physically destroy my computers (unlike a virus).
(return to top)
Typo TSR-B, hands down. Just over 710 bytes as I recall -- less than a 50% chance you'd notice an increase
in cluster usage. Only infects .COM files and only spreads on even-numbered days. It watches what you type and
occasionally replaces a keystroke with the key just to the right of it. If you type dir for example,
you might get dor. Pretty annoying if you type 80 words per minute!
(return to top)
Certainly! I charge $0.00, but I need you to get me there & back. Details here.
(return to top)
Nope. Far too many people write viruses already. I don't need to get involved.
(return to top)
I maintain a puny little virus library. It's practically nothing. Ask
these guys if you want to mess around with live viruses.
Some people want just one or two live viruses so they can test their antivirus software. Read
my opinion on this subject -- and please don't take it personally.
Thanks for understanding.
(return to top)
Why don't you...?
I generally offer hotlinks which help dispel computer virus myths. Many great
information warfare hotlinks, for example, just don't meet this
website's charter.
Some people ask why I didn't recommend a certain antivirus vendor's site. Most of them exist primarily to (a) sell
software and (b) provide tech support. If they offer specific pages of interest, I'll gladly consider that page
for a hotlink.
Others ask why I didn't recommend a certain book. I either didn't read it yet (I buy books out of my own pocket)
or I didn't find enough time to visit the library. Besides, my boss wouldn't like it if I read books all day...
(return to top)
First: I don't want someone mistaking my copy of an alert message as a genuine alert notice. It concerns me
for the same reason when antivirus vendors include the text of hoax alerts on their websites. I've already seen one
case where a user believed a hoax after reading it on an antivirus vendor's website.
Second: I don't see the need for it. Either you've already seen the alert in question, or you'll see it soon enough
when a frightened colleague forwards it to you. I'd rather summarize the alert and explain why it qualifes
as a hoax or urban legend.
(return to top)
I just can't find enough time in the day. I "lurk" in certain newsgroups and of course I do plenty of
Usenet-related research via DejaNews. You'll also find me
lurking in various CompuServe security-related forums.
(return to top)
I didn't try to dispel virus myths in 1988 with profit in mind -- I just wanted to expose Chicken Little.
However, after all these years, this website has grown too big for a hobby effort. I recently started looking for
a sole sponsor to help me turn this website into a full-time job...
(return to top)
The domain server records the IP address and date/time for each HTTP request. That's it. (I don't even track the
referring URL right now.) These logs let me gauge the popular pages and prolific visitors at my website every day.
I provide raw log data to outsiders only when forced (e.g. to document attacks against my
domain).
This website uses no "cookies" to store/track information about you. You
don't need to "register" yourself or participate in any surveys.
(return to top)
Definitions, abbreviations, etc.
In a word, it means "verbatim." Webster's New World Dictionary defines it as "thus; so:
used within brackets, [sic], to show that a quoted passage, esp. one containing some error or something
questionable, is precisely reproduced."
(return to top)
It means "to fight" in the martial arts world. You pronounce it KOO-mih-tay. "Fight myths" --
get it?
(return to top)
It means "super-virus" in a loose German translation.
Nietzche coined the prefix
to describe something which overcame all of its intrinsic flaws & weaknesses. An über-virus is the
ultimate supervirus; an über-hacker is the ultimate superhacker; an über-threat is the
ultimate computer security superthreat; and so on. I typically use the prefix in a sarcastic context.
(return to top)
I use Microsoft WordPad, a poor man's word processor included with every copy of Win9x. No joke. I change my file
associations to make it the default right-click text/html editor. I even write most of my
opinion pieces in WordPad. I use a licensed copy of WS_FTP to upload files to
my domain server.
(return to top)
You're wrong, it's not a hoax...
Please submit a copy of the virus to whichever antivirus company you prefer. If a repairman replaced the parts,
please ask him/her to provide you with a copy of the virus so you can forward it to your preferred antivirus
company. If the repairman doesn't trust you with a copy of the virus, demand proof showing he/she forwarded it to
an antivirus company for inspection.
If the repairman says the virus destroyed itself as a result of destroying your computer... well, you're stuck with
an unverifiable urban legend.
(return to top)
Not to nitpick, but the [name] virus could exist under the right circumstances.
I love to debate theory, don't get me wrong -- but we can nitpick everything. For example, a guard rail will
launch your car into the air if you drive into it at high speed at an 85-degree angle and slam on the brakes just
before impact. Does this mean you'll stop driving into guard rails at extreme angles from now on?
Please feel free to begin a dialog if you recognize the theoretical nature of a theoretical threat. If you think we
need a worldwide media alert about it ... well, you won't find me very receptive to a debate.
