|
|
 |
|
 |
 |
| THE LOVE BUG | |
 May 5, 2000  |
|
|
Network administrators worldwide struggled to contain the "Love Bug" computer virus. After a background report, three experts discuss the virus and the damage it has caused.
|
|
MARGARET WARNER: Elizabeth Farnsworth in San Francisco takes it from there. ELIZABETH FARNSWORTH: And for more, we are joined by Mark Rasch, vice president for cyber law at Global Integrity Corporation, a computer security company. He is a former Justice Department computer crimes prosecutor. Jim Yost, chief information officer at the Ford Motor Company, one of the companies hit by the "love bug" virus; and Dan Schrader, chief security analyst for Trend Micro Inc., one of the country's largest manufacturers of anti-virus software. |
||||||||||
| Microsoft Exchange vulnerable | |||||||||||
| Mr. Schrader, what's the latest on this virus, is it continuing
to propagate?
ELIZABETH FARNSWORTH: Just briefly, so we understand, why are those the ones likely to get hit? DAN SCHRADER: Well, this virus requires you to have something installed called the Microsoft Visual Basic scripting host, or Windows scripting host, which many people have. It uses Microsoft Exchange, and Microsoft Outlook e-mail client to open up an address book and spread itself. Again, people using Lotus Notes or some other e-mail systems won't have that software in place, it won't spread through their computers. ELIZABETH FARNSWORTH: Mark Rasch, is it the most lethal virus so far?
ELIZABETH FARNSWORTH: Jim Yost, tell us what happened to Ford Mother Company, first start with today and then yesterday.
ELIZABETH FARNSWORTH: Put all that together for us, Mr. Yost, how disruptive was that for the company's operations? JIM YOST: In the end it turned out to be not very disruptive. We have our mail system totally separated from our applications and our e-mail systems from our customer bases. So, in reality, we isolated the issue to our exchange servers, shut those down, prevented the spread. And the inconvenience was the inability for people to send e-mails. But we obviously maintained our other -- communications, voice, telephone, fax. So there was really no substantive disruption to our operations. We lost no production, we lost no sales. We really had no disruption to our production operations. ELIZABETH FARNSWORTH: Dan Schrader, you have something to say about that?
|
 |
||||||||||
| An unsophisticated programmer | |||||||||||
 ELIZABETH
FARNSWORTH: Tell us about the virus; what do you know about it and how
do you know it?
DAN SCHRADER: I've seen the virus code, as have many other people now. It's been widely spread, the source code of it has been published, which is unfortunate; I wish people wouldn't do that. The virus is not a very sophisticated virus. The person who wrote this was not an educated or experienced programmer; it looks like it's bits and pieces from other viruses like the Melissa Virus and kind of cobbled them together. It has misspellings; it has grammatical problems; it has bugs in the virus. There's text in it that indicates it came from the Philippines, and that may be true, but I think the jury is still out. That's what the virus writer wants us to believe. Now, the virus again deletes multimedia files in your computer, which is unusual. Many viruses try to either wipe out your computer or they try to target usually more valuable documents like word processing documents, spread sheet files and databases. We're fortunate it wasn't the case this time. ELIZABETH FARNSWORTH: Mark Rasch, add anything you want to, to that, and tell us what we know about people who develop these programs.
DAN SCHRADER: I agree with the motives in this case, however, this virus writer did try to steal passwords. Fortunately, the code didn't work, but one of the things the virus did was it tried to change what Web site your computer would go to, and when it went there, it would automatically download a file that would take passwords off your computer and e-mail it back to some location. That code didn't work very much; the Web site wasn't working; it didn't get widespread, but that was a problem with this virus as well. |
|||||||||||
| Avoiding the next virus | |||||||||||
| ELIZABETH FARNSWORTH: Jim Yost, let's talk about what can
be done to avoid this. You told us how you solved the problem with minimal
disruption, according to what you have told us. Is that because you were
really prepared, because your computers were programmed in a certain way?
Or explain what you had done to prevent disruption.
ELIZABETH FARNSWORTH: And Mr. Yost, how worried are you about this? Do you get the feeling that the viruses are getting more dangerous, more sophisticated with each attack?
ELIZABETH FARNSWORTH: Mark Rasch, comment on that, this vulnerability of our networked world. MARK RASCH: What's happened as we become more networked, we become more vulnerable because we rely on these e-mails systems and these other systems all the time. The other problem is that just like what was just explained, you can only prevent the viruses that you know about. If somebody comes out with a brand new variant that you've never seen before, you have to be prepared to react, and really there's very little prevention that can be done. ELIZABETH FARNSWORTH: Mr. Rasch, if it attacked the Microsoft e-mail system, will some computers in a company have to be on a different system? You know, it's like mono culture and crops, if you have one crop, it's more vulnerable to a pest. MARK RASCH: Certainly if you have diversity in operating systems and e-mail systems, you'll be less affected by a virus that attacks only one variant. The problem is there's some functional reasons to want to have similar systems within a company. So it's a tradeoff, again, between functionality and security. ELIZABETH FARNSWORTH: Mr. Schrader, on the vulnerability.
ELIZABETH FARNSWORTH: Is any of that happening? DAN SCHRADER: Well, it's starting to. A few companies like Sprint and U.S. West that offer managed e-mail services or Internet service providers are offering as a value added service to scan their data for viruses. If you're a U.S. West customer, for I think $15 a month you get Internet access, for another $1.50 a month they'll scan everything for viruses. That's very good model, because that means the end user doesn't have to worry about running anti-virus software, updating anti-virus software, getting the update. It means vendors like ourselves don't have to worry about trying to update 300 million desktops in time to stop the next Melissa Virus. So U.S. West customers, they were protected. People who were getting their e-mail primarily through U.S. West and had signed up for that service, within an hour of our identifying it they were protected without doing a thing. That's the kind of model we need to move to over the future. ELIZABETH FARNSWORTH: Mr. Yost, do you agree with that from the point of view of a big corporation like Ford Motor Company?
|
 |
||||||||||
| Security vs. privacy | |||||||||||
| ELIZABETH FARNSWORTH: And, Mr. Rasch, the privacy issues
start to come up -- don't they? -- when talking about the need for more
security?
ELIZABETH FARNSWORTH: Mr. Schrader. DAN SCHRADER: It's a very legitimate problem. In fact, we have a constant tradeoff between security and privacy, and it's a debate we need to have on a national level. Every security expert has an opinion on this. If you're going to stop every e-mail and scan for virus, the next step is scanning junk mail or scanning for unsolicited mail. At what point do you want to give control to some foreign user or to some organization and where do you want to make the decisions yourself? ELIZABETH FARNSWORTH: Okay. Briefly, what should our viewers who are computer users be watching all for? DAN SCHRADER: Very simply, you should not open any file sent to you unless you know why somebody sent it to you. You should use your automatic update function within Microsoft Windows Explorer to update with the latest security patches. You just go up to the tools menu, and you click on Windows Update, and Microsoft will automatically download all these security updates. Finally, run anti-virus software, update it I would say at least weekly.
MARK RASCH: The only thing is from a corporate standpoint also, you need to have an emergency response plan and try to figure out who's going to be able to pull the plug on the e-mail. ELIZABETH FARNSWORTH: And Jim Yost, anything to add? JIM YOST: I think that pretty well covers it. ELIZABETH FARNSWORTH: Okay. Thank you all three very much. |
 |
||||||||||
 |
   
|
|
| Support the kind of journalism done by the NewsHour...Become a member of your local PBS station. | ||
| ||
| PBS Online Privacy Policy Copyright ©1996- MacNeil/Lehrer Productions. All Rights Reserved. | ||
| ||
DAN
SCHRADER, Trend Micro, Inc.: Well, it's continuing to propagate, but
the rate is definitely slowing down. I think some of the estimates we've
been hearing of 80% of companies being hit in Australia, perhaps the
same percentage in the U.S., those are probably a bit high. Though anyone
running certain Windows environments can get hit by the virus, it will
only propagate within companies using Microsoft Exchange servers; they
have maybe 40 or 50 percent of the marketplace. So the highest rate
likely to get hit, about 40 or 50% of companies. That's still an awful
lot of companies. 
MARK
RASCH, Global Integrity Corporation: It's the one that's caused the
most damage because of the way it propagated and how broadly it propagated.
There are viruses that are designed to be more lethal to individual
machines that can delete the entire hard drive. This doesn't do that.
The damage it caused was by propagating widely and clogging the e-mail
systems. 
JIM
YOST, Ford Motor Company: Well, today we got the bulk of our servers
back up and running, our mail servers, which was really the major impact
to us. Yesterday when we became a area of the virus very early in the
morning, based on our situation in Europe, we made a decision before
8:00 Eastern Time to shut down our whole mail system worldwide to basically
make sure that the virus was contained. We spent yesterday preparing
for putting the antidote into our system. We disinfected our servers,
made the decision last night on how to distribute that to our clients,
and then by noon this afternoon were bringing all of our mail servers
back up and running. 
DAN
SCHRADER: I'd mention Ford was lucky in that case. Many companies rely
entirely on e-mail. It has become the killer application of the Internet.
People call it their mission critical application. If I can't get e-mail,
I might as well go home, and I think a lot of white collar workers feel
the same way.
JIM
YOST: Well, we have a very active security effort within the company.
We have layered security, we have firewalls at different levels. We
physically separate our different types of servers, so to the extent
there is infection we can isolate it and keep it separate. So there's
a physical and logical control that we have on the spread. Unfortunately
this was a virus for which there was no protection; it did get in. We've
trained our people to search out and understand when they get unknown
very odd e-mail to alert us immediately, so we can go into action. Our
team did go into action, determined very quickly that this was a potentially
very dangerous virus. And that was the reason why we shut down the systems
very quickly. So it was basically being very well prepared, having good
security in place. But I think also, as always, it relies on very quick
identification by people that it's a problem. 
ELIZABETH
FARNSWORTH: Mr. Rasch, do you have anything to add to that?