TCS Daily

Damned If You Do, Damned If You Don't?

By Alan Reynolds - August 18, 2003 12:00 AM

The world uses about 660 million PCs, says eTForecasts. The Blaster worm has reportedly infected only about 250,000 in the first day or two. The original Code Red hit that many computers in just 9 hours; a second version messed up the White House web site. Nimda infected more than 817,000 computers, according to Trend Micro.


Blaster is a relative nuisance, yet it appears to have generated more press excitement than more damaging worms, trojans and viruses, particularly in the nation's capital. One reason for the D.C. fascination was that Blaster shut down Maryland's notoriously incompetent department of motor vehicles (a local wise guy wisely remarked that DMV customers would be unlikely to notice any difference in service). Blaster also shut down the computer of Washington Post Tech Thursday columnist Leslie Walker. With only about one in 2600 computers victimized by Blaster, it required unique skills for a tech writer to become one of them.


Ms. Walker's latest column, "Worms Shouldn't Break Windows," went to great lengths to blame Bill Gates. That was like blaming a burglary on your homebuilder even though you turned off the alarm and left the front door unlocked. Windows is indeed the most tempting target of those who design worms and such, for the same reason AOL is the biggest market for spam. The first famous "internet worm" of 1988, however, was aimed at Sun3 and VAX computers. Recent Linux worms include cheese, lion, ramen and slappen. Mac has been relatively immune, aside from AutoStart 9805, but that may be mainly because Macs are rarely used in networks and even more rarely used as servers. No matter what operating system you're using, you had better use a firewall and keep your virus and operating system up to date. Is that asking too much? Ms. Walker thinks so.


Ms. Walker explains that she usually runs firewall software but "had turned it off temporarily to run a conflicting application." I can understand disabling a firewall while installing new software, but not leaving it off even temporarily while online. After Blaster shut down and rebooted her computer (which is what it does) her firewall automatically came back on and alerted her that a high-risk program called msblast.exe was trying to access the Internet. Any mysterious program with exe at the end is bad news. You might think that by then an Internet columnist would have figured out that it was time to update her virus program and scan the hard drive. But that would be much too easy.


How did she react to the firewall warning? "I went rooting around my hard drive in search of this thing." After "a maddening two hours" while her system rebooted "several more times" the antivirus program automatically "displayed an alert box" saying it detected W32.Blaster.Worm but could not repair it (as any updated virus program surely could).


I hate to be rude, but why did she root around for a couple of hours rather than simply update and then run her virus program? Any updated virus program could have fixed the problem caused by first disabling her firewall and then not updating the virus software. And even with the firewall foolishly disabled and the virus software dangerously out of date, the problem still could not have happened if at any time since July 16 Mr. Walker had simply installed the "critical update" from Such essential updating can be done automatically but Ms. Walker "didn't trust Microsoft enough to have its computers automatically communicating with mine, so I had never switched on auto-updating." That suggests she hasn't read the privacy statement on the update page, doesn't own or trust privacy software either and may be oddly paranoid.


"How sad that I don't trust the world's largest software company . . . And how pathetic that the creator of the operating system running more than 90 percent of the world's computers can't figure out how to protect its customers . . .. When is Microsoft going to realize that it can't count on computer users like me to clean up its mistakes every time?"


It didn't take Microsoft long to realize it can't count on computer users who refuse to turn on firewalls and refuse to update virus software, much less Windows. Microsoft could include virus software in Windows, but think of what a stink that would cause with critics who even objected to a free browser (the Department of Justice) and a free media player (the EU). And even if Microsoft did get into the virus-checking business -- much to the dismay of Norton, McAfee and others -- computers users like Ms. Walker would still refuse to either update it themselves or to trust Microsoft to do it for them. Microsoft did build a firewall into Windows XP, but has heretofore left it for users to turn it on presumably because many of us prefer the many free firewalls which are hyperlinked on the Windows security site (such as Zone Alarm, Black Ice and Tiny) or purchase broader security packages from Norton and others.


In the wake of Blaster, Microsoft now plans to enable its internal firewall in future shipments of Windows. But even that may not help the likes of Leslie Walker -- people who insist on trumping up excuses for running archaic software and even for disabling the firewall "temporarily" while surfing the web. Leslie Walker is a terrific writer, who used to cover politics and crime. All of us who write weekly columns sometimes write about things we don't fully understand. But we have some reason to expect someone who writes a weekly column about the Internet to know something about basic Internet security, and to at least set a good example.


Alan Reynolds is a senior fellow with the Cato Institute.


TCS Daily Archives