Sorting security fact from fiction
Deb Shinder
Published: 11 Apr 2006 16:20 BST
We're bombarded on an almost daily basis with news of new threats to our computer systems. The year 2006 started with a deluge of new viruses, according to the Commtouch Detection Center's presentation at the RSA Conference in February. Installing a good antivirus program and keeping it up to date isn't enough; other forms of attack — from spyware that infects individual computers to denial of service attacks that bring down whole networks — are on the rise, too.
But along with all the reports of real threats, the Internet spawns numerous security hoaxes. The originators of these messages are sometimes just trying to be funny, but other times they instruct users to do things to protect against the fake threat that really will damage their data or render their computer unusable. Most people who pass on the hoaxes have good intentions, but forwarding copies of virus and attack warnings that haven't been confirmed can do more harm than good. Of course, a number of hoax messages out there promise all sorts of good things. Alas, when they sound too good to be true, they probably are.
Share this list with your users to help raise their awareness of the scams they may encounter. They'll be less likely to fall for a hoax and tie up your resources, and they may think twice before hitting that Forward button.
#1: Good Times: The mother of all virus hoaxes
This virus warning, in various forms, has been making its way around the Internet since at least the mid-1990s. It supposedly originated on America Online, and the warnings claimed that it was far more dangerous than other well-known (and real) viruses of that time, such as Michelangelo and Stoned. Some of the warning messages claimed only that Good Times would "erase" your hard disk. Others really went overboard, claiming that it would physically destroy the disk so it could never used again and could even damage your computer's processor.
A virus can indeed cause all the files on your disk to be deleted or even destroy the partition information on a disk (a good example of this was the CIH virus). Viruses can also overwrite the flash BIOS on a computer, rendering it unusable. However, a virus can damage only software; it can't physically damage a computer's hardware.
#2: The FCC says...
Hoax warnings often give themselves away by trying too hard. They'll invoke the US Federal Communications Commission (FCC) or some other government agency to make their warning sound credible. Others will make the warnings appear to come from Microsoft, Symantec, or some other large software company or include quotes from supposed computer experts. Still others claim that the virus warning was reported on the BBC or by The New York Times or some other reputable media outlet. (Sometimes this is even true; news outlets have occasionally been fooled into repeating hoax warnings.) Many hoaxes also make the claim "checked out by Snopes" (a popular Internet site for verifying the status of urban legends and hoaxes) even when Snopes itself lists them as a hoax.
#3: Exploding the myth about exploding systems
Another clue that a warning is a hoax is that the claims of the virus's destructiveness are just too incredible. For example, the Death Ray Virus warning is still seen occasionally; it claims that a virus called Death Ray causes home computers to "explode in a hellish blast of glass fragments and flames" and that some specified number of people have already been injured and millions risk their lives every day when they sit down at their computers. The virus is also described as not containing the usual markers that enable it to be identified. And rather than explain exactly how the virus causes this explosion, the hoax says only that "it's an extremely complicated process."
#4: Beware the dreaded nth complexity infinite loop
Hoaxes also use technical-sounding jargon that is in fact meaningless. For instance, one variant of the Good Times hoax claimed that it destroyed the computer's processor by setting it to "an nth complexity infinite loop". Sounds impressive — and scary — except that there's no such thing. Hoax warnings count on the fact that most of their recipients are not tech experts and won't know the difference.
#5: Not-so-sweet cookies
Cookies are small text files that some Web sites place on your hard disk, containing information such as user IDs, shopping cart information, and configuration preferences, so that when you visit the site again it recognises you. Many hoax warnings have appeared claiming that a particular site or Internet service puts a cookie on your hard disk that will allow anyone to read "any of the information on your drive". Hackers may be able to access and read the files on your system, but they don't do it through cookies. Cookies are created by the Web site; they contain only information you've entered or that concerns your activities on the site (or in some cases, across multiple Web sites). Besides, a cookie that contained all the information on your disk would be an incredibly large file. Cookies do pose a privacy issue, but they don't disseminate viruses or allow access to your entire hard disk.
#6: Don't delete that "virus"
A popular ploy of more malicious virus hoaxers is a message describing a dangerous virus and telling you to search your hard disk for certain files and then delete them to get rid of the virus. The catch is that if you delete the files they tell you to delete, you're actually deleting important system or application files and you'll cause your system or some software...
For more, click here...
Previous
Did you find this article useful?
133 out of 278 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
