Virus's Resilience Highlights Need to Rethink Security

[William Knowles <wk () C4I ORG>]

http://ap.tbo.com/ap/breaking/MGIOXYKYY7C.html

NEW YORK (AP) - The "love bug" virus's infection of millions of
computers worldwide has highlighted a need to rethink computer
security.

Although damages could have been far greater had last year's Melissa
virus outbreak not prompted heightened security, the new virus still
became a global epidemic within hours.

Michael Vatis, the FBI's lead investigator on computer viruses, said
the virus spread so fast that any warning would have come too late.
The "love bug" lesson, he said, wasn't so much about early warning as
prevention.

"It spreads so rapidly around the world in a matter of hours that any
warning is going to be behind. Even in this case, after there was
immense coverage, people were continuing to open e-mail attachments,"
Vatis said.

Vatis on Sunday confirmed that the FBI is cooperating with Philippine
authorities in the investigation of a single suspect in the case, but
he said such attacks can only be prevented by better security, a
warning echoed by private specialists.

"The conclusion we must draw is this will happen again," said Lloyd
Hession, vice president for risk management at Giga Information Group
in New York. "Unfortunately, the existing strategy does not work. The
question is, 'How do we adapt?'"

Of the tens of thousands of known computer viruses, the "love bug"
that began circulating Thursday was by far the fastest-spreading. Once
activated, the virus sent copies automatically to hundreds of other
Internet users, overwhelming computer networks and destroying files.

Virus defense generally involves arming computers with anti-virus
software and warning users not to open mysterious e-mail attachments.

In this case, the bug proliferated before the software could be
updated, and the virus writer seduced e-mail recipients with the
heading "ILOVEYOU" and known sender addresses.

Even after software updates were available, new versions of the bug
appeared, requiring further updates and warnings. By the weekend,
viruses were even disguised as warnings about viruses.

"We're in a reactive mode," said Clay Ryder, chief analyst for Zona
Research Inc. of Redwood City, Calif. "It's like buying fire insurance
once the house burns down."

Security experts say virus defense must begin before the virus hits
the computer. Corporate network administrators could filter suspicious
attachments from incoming e-mail before they reach employees. Internet
service providers could likewise disinfect e-mail before passing it to
home users.

David Remnitz, chief executive of the security firm IFsec in New York,
also suggested revamping the Internet and adding ways to let
individuals verify the origin of e-mail.

Narender Mangalam, director for security strategy for anti-virus
vendor Computer Associates, said many companies last year initially
refused to believe that the Melissa virus could cause system problems.
They looked for other causes first, delaying virus containment.

"This time, everyone instantly jumped at the virus conclusion," he
said. "If Melissa had not happened, this would have been really,
really bad."

AP-ES-05-07-00 1339EDT


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".