http://www.kumite.com/myths
Find out what "kumite" means in www.kumite.com
No known Java viruses that can infect your machine across the Web exist and, I dare to claim, none will.
Unfortunately, the media have trouble distinguishing between real science and propaganda cross-dressed as science.
Since the media, [antivirus] vendors, and those smitten by [false authority syndrome] often tend to focus upon the apocalyptic, a bit of debunking and humor is a necessary prophylactic to maintain a reasonably accurate perspective on the threats, proposed solutions, and issues involved. Be a skeptic and demand evidence and accountability.
It seems fitting somehow that the one day on which the "rioters" are said to have lots of free time to spend on rioting would be, well, Valentine's Day...Chess again (writing with Steve R. White & Jeffrey O. Kephart), discussing the supposed "exponential increase" in new viruses:
The number of new viruses is not 'increasing exponentially,' as is often claimed. The rate of appearance of new viruses in the collections of anti-virus workers has been increasing gradually for several years, at roughly a linear rate. Thus the number of known viruses is growing quadratically at worst. In fact, almost nothing at all about viruses is 'increasing exponentially.' The problem is significant, and it is growing somewhat worse, but prophets of doom in this field have poor track records.Chess again (writing with Steve R. White & Jeffrey O. Kephart), on 1992's dire predictions regarding the Michelangelo virus:
Our own research at the time showed that the Michelangelo virus was not very prevalent, and certainly not one of the most common viruses. We estimated that about the same number of systems would have their hard disks crash due to random hardware failures on March 6 as would have their data destroyed by the Michelangelo virus.Chess again (writing with Steve R. White & Jeffrey O. Kephart), chiding the many Chicken Littles who predicted a worldwide catastrophe in 1992:
We hope that those involved [in the Michelangelo media fiasco] learned from the experience ... and that the media will examine predictions of impending doom with a somewhat more critical eye.Chess again (writing with Steve R. White & Jeffrey O. Kephart), on the role antivirus software plays in ridding the world of viruses:
A closer look at our own data show that, while anti-virus software and policies can make a real difference within organizations, anti-virus software does not seem to have made as much of a difference to the world in general. All of the common viruses have been known for quite some time. All of them are detected, even by older anti-virus programs.
Internet security vendors are selling protection, so there's an unfortunate tendency to 'stimulate the market' by hyping the Net's lack of security.
A good deal of virus education is wasted on users who tune in for the entertainment value of the topic, but walk away without changing their habits relative to virus protection.
In the trade press, as in "official source" quotes from the Pentagon during wartime, certain authorities -- and every new reporter quickly learns very quickly who they are -- can be counted on to say certain things at deadline time.Publications of repute, such as InfoWorld (a weekly with a 310,000 circulation), have an admirable three-source rule. The problem is, too often, all these sources are ignorant fools bucking for press, evangelists with an interest in a certain model or product, or just ... misguided and overpaid "experts."
There are serious problems with all of the evaluations on which people are currently relying. 'It is unfortunate, but a large majority (say 90 percent) of the current anti-virus tests published within the last couple of years are worthless, or even worse than that, purposefully made misleading.'
Nobody [in the mass media] likes to hear somebody say "Make a backup. Type FDISK /MBR. Go away." Headlines such as 'Virus Eats Planet Earth' sell more papers.Greenberg again, commenting on how he could go into semi-retirement in his mid-30s:
I'd still be slaving away at a desk for another 25 years if people backed up [their computer data] and kept a cool head.Greenberg again, explaining why he went into semi-retirement in his mid-30s:
I don't mind being out of the antivirus business because, frankly, it was boring. The money was good but the tedium was enormous.
The correct answer to give to any inquiries about September 22 was, "It's a Sunday." Regardless of whatever they ask, the reply was to be, "It's a Sunday."
It is worth repeating that there is no such thing as perfect security. This is true for any system on the Internet, not just systems using Java... In the real world, all you can expect is reasonable security. The solution to this conundrum is finding an acceptable tradeoff between functionality and security.
The Hare virus story has generated countless questions from on-line users who thought they were in danger from it, although realistically they were statistically more likely to be hit by an automobile.Smith again, commenting on the sixth-anniversary trigger date for the Michelangelo virus:
Michelangelo is an IQ test you can use to gauge the acumen of your local newspaper's tech editors and reporters. If they run a story on it six years after it flopped -- they flunk.Smith again, commenting on frightened users who innocently spread virus hoaxes when they hit the 'forward email to all' button:
Disinformation wants to be free.Smith again, commenting on the media's almost-mythological stereotype of virus writers:
Sure, there are hackers who can invade systems all along the Internet by exploiting obscure flaws in complex software, steal telephone service to just about anywhere, and pathologically root through shopping mall garbage cans for discarded credit card invoices and system passwords scribbled on post-it [sic] notes. But they have only a tangential relationship to the vast unsophisticated majority of the so-called virus underground.Smith again, commenting on the typically self-proclaimed virus writer:
The vast majority of virus writers are, essentially, Caspar Milquetoasts ... They tend to prefer collecting viruses or fragments of them in large numbers and mounting them as public collections on bulletin boards or Internet providers; writing aggressively menacing-sounding electronic press releases; and cobbling together hacks of any one of the thousands of DOS viruses already in existence.Smith again, offering sarcastic advice on how to get reporters to listen to you:
When you get inquiries, keep it simple and accentuate the sexy hook [e.g. "It's the Good Times virus for real!"].... It won't hurt to keep the tone close to "the sky is falling." For maximum impact, you want to get the point across that everyone who uses the [Internet] is at risk. Of course, it isn't true but the reporters who are doing the stories won't mind and no one will hold their feet to the fire over it later, anyway.
Unfortunately, magazine reviewers face the same problems as other humans when it comes to reviewing software, and have collectively made some very embarrasing mistakes.Stang again, on incidental damages caused by people who don't know how to properly clean a virus:So it is not surprising that many consumers turn to advertising as their source of information. In the anti-virus world in the U.S., advertising is full of myth, tricky wording, and outright falsehood, but users are in no position to sift the evidence.
We hear stories all the time of the 'mayhem' that comes from a virus attack, and it's almost always mayhem that's self-induced by the recovery crew... [These people] have to be surgeons in life when it comes to computers. You cannot be butchers.
I've never been much impressed by the supposed tremendous hazards of computer viruses. A lot of both virus and anti-virus rhetoric is seriously overblown. Virus hype makes computers seem far more dangerous and intimidating than computers actually are. Virus hype helps to keep the computer-illiterate intimidated and in their place.
[Computer security experts] are a little more likely than the average person to understand viruses. Some would say they're a lot more likely to understand them, but I've met a fair number who don't know a thing about viruses, or, even worse, they've got misconceptions. In light of the fact they are computer security experts, their misconceptions carry a lot more weight than the average person. Errors are much more damaging when they come out of the mouths of these people.Put me on a panel with a computer security person, and I won't claim to have his level of security expertise. But the computer security guy will invariably claim to have my level of virus expertise. How can you convince the audience in a diplomatic way that he doesn't?
|
