Time to wise up about worms

By Joel Snyder
Network World, 02/16/04

Original Article on Network World Web Site

I'm tired of having an in-box filled with worms. In the last 26 days, infected PCs have sent me 3,787 copies of MyDoom. I know I'm supposed to be an understanding, gentle kind of advice giver, but frankly, I'm sick of it. I'm sick of having my time wasted, and I'm sick of having to help people clean up messes because they can't control their own mice.

Why can't people take responsibility for protecting their own PCs? People never say, "I did something utterly moronic today and infected my own PC and 600 others." No, it's "I got a virus." As if it's not their fault. As if they caught a cold because they just happened to be in the room when someone who was sick walked by.

Well, it is their fault. You don't get MyDoom if you don't click on it. It's not even that clever of a hack, the kind where just staring at it funny infects your PC. It's not novel, either. When the ILoveYou worm came out, that was new. People got duped because they had never seen anything like it. But that was four years ago.

If you got MyDoom last month, you've got a problem, and it's not a software problem. It's a human problem. Here are some ideas for solving it:

Stop relying on virus scanners. When a worm like this breaks out, it can take hours for virus signatures to be updated and days for all the PCs in the world to know about it. A virus scanner is a great thing to have, but you can't blindly stumble through life clicking on anything you see just because you gave Symantec $20. If you have a heuristic virus scanner - they do exist - that can help, but it's still not a sure thing; it just increases the odds of success. You have to realize that even with protection, you're not totally protected.

Start relying on education. You, and all the users you support, should know better than to click on attachments, no matter who they're from, which launch programs or unzip themselves and self-execute. This is as basic as knowing your own e-mail address. When you put a company PC in someone's hands, they should be potty-trained to not mess all over your network. If you think training is expensive, consider the cost of not training.

Stop buying the monoculture. If everyone uses the same mail client and operating system, it's that much easier for malware to take down your network. I don't have any illusions that everyone in the world is suddenly going to stop using Windows, Office and Outlook, but I can tell you this: The only thing Macintosh users got from MyDoom was annoyed. There are Windows e-mail clients, such as Netscape and Eudora, that are less susceptible to the kind of prank that spreads MyDoom.

Start configuring for protection. Modern mail gateways, operating systems and personal firewalls let you block many of the features exploited by worms, such as the ability to download and run your own applications. For naive users who are most likely to get caught, additional protections are justified. Not every PC in the company has to have the same security posture as the IT staff.