Analysis: Love Letter Postmortem: Users, Vendors Not Amused

It took less than 24 hours for the "I Love You" worm to mercilessly strike and infect PC users and businesses around the globe; yet it could take months before the technological holes and social mechanics that led to the Internet massacre are fully addressed.

Part of the cleanup of the damage stemming from this month's devastating worm hit is to try to figure out if more could have been done -- by both the IT industry and general online populace -- to stop its blitzkrieg attack.

Some IT managers hit by the virus are finding themselves with little choice but to take personal security practices out of their users' hands as much as possible, said Douglas Korte, technical director at US-based Whole Foods Market.

"You can't trust your users to combat something like this," Korte said as he toured the NetWorld+Interop show in Las Vegas last week, searching for better security protection for his company. "We're pretty much treading water right now. It's not getting much better, and the technology doesn't seem to be keeping up."

Indeed, even antivirus vendors agree that their current technology at best is reactive to curb attacks such as the "Love Bug".

According to Navander Mangalam, director of security at Computer Associates International, anti-virus technology hasn't been designed to completely stop Visual Basic scripts, which make up about 80 per cent of worm attacks. Doing so, he explained, is not practical for business purposes because so much nonthreatening traffic coming through the firewall and gateway server appears identical to worms.

And yet, simply relying on user awareness to prevent infiltration is not the answer. "I don't think that educating people is going to cut it," Mangalam said. "It's like AIDS. You need a vaccine and have to educate people about it as well."

Korte agreed that his users didn't realise the consequences of opening the Love Bug's harmless-looking e-mail attachment.

Perpetuating the problem might be a degree of "complacency" by users who feel it's not their problem to clean up systems after an infection has taken place, said Paul Williams, system manager at AT&T Labs, in Cambridge, England.

According to a survey by security consultant ICSA.net of 62 companies with more than 200 desktop computers, 98 per cent were found to have received copies of the virus. And 41 companies, or 65 per cent, reported infections as a result of the worm-carrying e-mail.

If antivirus vendors get the hang of trying to incorporate flexible context instead of straight content into their product and service offerings, they may be better prepared to recognise or stop these widespread threats, said Jeff Johnson, president and CEO of Meta Secur e-Com Solutions. "If most antivirus companies did context work, they would have been able to recognise there were things in that code that were truly hostile," he said.

Robert Votta, network engineering and information systems supervisor at Lee Memorial Health Systems Foundation, in Florida, said the problem might be lessened if people simply sent e-mail correctly.

"We're using e-mail for file exchanges instead of for messaging, and it's killing us," Votta said.

Join the newsletter!

Error: Please check your email address.

More about AT&TCA TechnologiesGatewayICSAInteropWhole Foods Market

Show Comments

Market Place