August 3, 1998
BIOS Virus and e-mail flaws put your data in double jeopardy
By Bob O'Donnell
Imagine for a moment what it would be like if someone walked into your office, took
away your computer, and then told you that you still had to get your job done. Sound like
some kind of nightmare? Well, if you fall victim to any one of the latest spate of viruses
or security flaws being covered in the news, that's exactly the situation you could find
yourself in. You might end up without a working computer or any of the data you've labored
to create.
Ironically, as our collective dependence on computers and computer-based information
has increased, so too has the fragility and vulnerability of that critical data. We are at
the mercy of an increasingly hostile computing environment. The CIH "BIOS Virus"
covered in the news two weeks ago, for example, has the potential to not only wipe out
your hard drive, but to make your PC completely unusable by scrambling your BIOS (basic
input/output system). Symantec's AntiVirus
Research Center has some very useful info as well as a free DOS-based tool you can use
to eradicate CIH.)
And if that weren't bad enough, last week's discovery of the security hole that could
conceivably let malicious code run on your machine by simply downloading your e-mail has
enormously important implications. (Microsoft has posted patches for Outlook
98 and Outlook
Express and Netscape has directions
on how to avoid the problem, but won't have a patch for a staggering two weeks.) Put the
two together -- download a mail message and suddenly find that all your data is erased and
the BIOS scrambled, making your computer completely unusable -- and you have probably the
most lethal combination to face personal computers since their inception.
In fact, threats to the integrity of your computer's data and even the operation of the
computer itself seem to be increasing at a frightening pace, yet I don't get the sense
that people are increasing their vigilance in protecting that data. If anything, I get the
feeling that people are getting more complacent about it.
I think the problem is that when you use computers all the time and depend on them
almost entirely to do any productive work, it's easy to forget how vulnerable you are. The
relatively stable environment that most computer users encounter lulls them into a false
sense of security that everything about their computer's operation is good and safe.
As these two recent wake-up calls have clearly demonstrated, however, nothing could be
further from the truth. Computer data is still astonishingly fragile and much too
susceptible to complete destruction. Sure, good backup policies, vigilant use of
anti-virus programs and constant updates to your Internet-based applications can help
avoid these problems, but that requires more knowledge and more effort than many
individuals and organizations are willing or able to make.
I certainly don't want to encourage paranoia, but I find it interesting that all the
crazy fears that new computer users often have about computer viruses (and that
experienced users would reassure them weren't possible) are now, in fact, very real. Even
worse, I get the feeling that things are going to get a lot worse before they get any
better. Clever hackers are jumping on every possible opportunity and exploiting every tiny
security hole they can in order to try and make their mark.
I have no doubt that the companies involved with these issues will address some of the
particular issues that have recently arisen. But the computer industry as a whole is sadly
lacking in its efforts to build in more protection against these problems arising in the
first place and in educating computer users on the risks involved. Instead of sheepishly
hiding critical information about these problems somewhere in the middle of their Web
haystack, affected companies need to be out shouting from all points warning people about
the potential dangers they face.
And from the user's perspective I'm afraid a lot of innocent victims' data will be
obliterated before we see the kind of absolute outrage (directed against companies who
have missed these problems in the first place) that it's going to take to make things
better. Sad, but I fear, true.
©
Copyright 1998, by InfoWorld Publishing Corp., a
subsidiary of IDG Communications, Inc. Reprinted from InfoWorld,
155 Bovet Road, San Mateo, CA 94402. Further reproduction is prohibited.
