April 29, 2004

OCD and the Cycle of Virus Doom

Compulsion Disorder Sufferers Will Keep Spreading E-mail Bugs

"If the U.S. Post Office sees a stick of dynamite in the mail, they don't deliver it, do they? A .PIF or .SCR file is an easy thing to stop. It's so obvious. And any other sort of executable file can be quickly scanned by an ISP."

- Commentary By John C. Dvorak, PC Magazine

------

An estimated 3.3 million Americans alone have obsessive compulsive disorder, or OCD, and more attention is being paid to the problem than ever before. At least two hit TV shows have main characters who exhibit the problem (Monk and Law & Order: Criminal Intent).

The latest iterations of e-mail-based viruses exploit people in the office who have OCD and that's why there is no way that client-based initiatives to stop virus spreading can ever work. Ever. In fact, the virus problem will just get worse.

This observation was prompted by a posting in my online column on phishing.

A Working Example

Junebug630 writes:

I had a co-worker - a supervisor - call me into her office the other month and ask me about an e-mail that she got. Now my company, a big time government contractor, is super security conscious and damn near inundates us weekly with warning messages to the point of saturation on the evils of e-mail attachments and worms, etc.
The woman, who is very intelligent and knowledgeable, said, "Look, there is a message from someone in my e-mail box. Should I open it?" Now this message was not internal, which she knew, and was of a very dubious nature from someone neither she nor I knew concerning a file or files that someone wanted her to download.
I told her to instantly delete the message and any that came along like it. She was nervous about the message being something important and missing something that she would need to know. I had to practically nail her hands to the desk to keep her from opening the e-mail.
I asked her "Do you open everything you get at home?" She replied, "Yes." I said, "Why?" And then she honestly couldn't tell me why.

A Compelling Threat?

The message goes on, but you get the point. When I read this I realized that no amount of public education will end the virus threat, with millions of compulsive people out there getting messages that say things like "Open the important attachment!"

Apparently you don't need anything more than that simple demand to propagate a virus. You don't need spoofing, or tricks, or passwords or anything else. All you need is an attached virus or Trojan horse program and a note that says, "Open me!" Millions of poor souls with OCD will open it.

And if OCD people fit in well in any sort of environment, it's the modern office environment where the ailment may actually be a benefit and lead to rapid promotions. Many with this ailment are geniuses in their own way and work harder than others to compensate for the OCD issues.

Be that as it may, how many are like the otherwise smart woman described above? These people cannot erase the suspicious document and move on. They might be missing something important, after all. With the eventual "Big One" headed our way we can be assured that when it is delivered, the compulsive office workers of the world will be the triggering mechanisms.

Just Saying 'No' Isn't Enough

Of course, many of us can protect ourselves from the direct problems that will arise, such as hard drive erasures. We are all susceptible to the potential meltdown of the Net itself, which can happen when these click-happy obsessives launch the war.

It's futile to try to stop compulsive people. What that suggests to me is that the entire virus threat prevention mechanism has to exist at a higher level. These viruses have to be stopped at the ISP level or perhaps all e-mail should be pumped through some Internet-based filter. The way I see it, if Kaspersky's anti-virus program can spot every attempt on my machine on the fly and quarantine e-mail attachments as they come in, then why can't this be done at the ISP/server level?

Exactly why is that OCD woman cited above allowed to get this stuff in her e-mail box in the first place? If the U.S. Post Office sees a stick of dynamite in the mail, they don't deliver it, do they? A .PIF or .SCR file is an easy thing to stop. It's so obvious. And any other sort of executable file can be quickly scanned by an ISP.

All the current viruses that go back and forth for months on end are easily identifiable - you see the same ones over and over. Why are they continually being allowed to go from server to server? Maybe these ISPs should do something, given all the money they are making.

Who's Really to Blame?

So why hasn't something been done at the only level that will stop the problem? I think it's the anti-virus lobby. Who stands to lose the most if the virus problem is eliminated at the ISP level? The client-based anti-virus software companies: Symantec, McAffee, Kaspersky, Panda, all of them. This is a billion-dollar business.

I've never been one to think that any of these folks actually code viruses, as some people assert. They don't have to. Other people stupidly do it for reasons only known to themselves. What I do not see is any real universal effort on the part of the anti-virus folks to seriously end the virus threat for good. They would put themselves out of business. It's a conflict of interest. The folks with all the expertise don't need to bring change.

It's ridiculous. What do you think can be done to end this cycle? I think that until the end user is taken out of the loop, we're stuck.

Posted by thinkum at April 29, 2004 04:04 PM
Comments

The thought of suicide is a great source of comfort: with it a calm passage is to be made across many a bad night. by online poker

Posted by: online poker at December 25, 2004 08:06 PM

Distrust everyone in whom the impulse to punish is powerful! by free online poker

Posted by: free online poker at December 25, 2004 08:11 PM

poker books - poker books, online poker sites | poker rules - partypoker, poker tables | poker chips - texas hold'em, poker books | poker online - world series of poker, texas holdem poker | wsop - pacific poker, world poker tour | poker rules - texas holdem, WPT | poker rules - poker books, partypoker | poker rooms - poker tournaments, poker games | free poker online - poker tables, texas holdem poker | poker tables - partypoker, texas hold'em | poker rooms - partypoker, paradise poker | poker supplies - free poker online, party poker | poker tables - texas holdem, paradise poker | partypoker - wsop, texas holdem | online poker rooms - world series of poker, online poker | internet poker - free online poker, internet poker | empirepoker - WPT, poker books | poker stars - wsop, online poker rooms

Posted by: poker rules at February 16, 2005 11:26 PM