I was quite astonished yesterday evening when I saw the news on the local commercial television station VTM. Here are some quotes they gave on Blaster and the SoBig virus (freely translated):
1. "Tomorrow evening (Sunday) you have to watch out for a new virus, the SoBig virus."
2. "Internet experts say this is cyber-terrorism, with purpose of damaging the economy." and a bit later in the footage an expert from a Belgian company that distributes ICT security technology said: "We never saw such thing (the fastest spreading of the virus) happening before, so it is possible that the attack was intentional, a complot. This makes us think that this could be a cyber-terroristic attack".
3. "Experts could defeat the expected attack of yesterday (Friday), but there still is danger."
4. "If you think your PC is infected, don't go on the internet tomorrow evening."
5. "All these viruses raise questions. For example, is the internet safe enough to entrust it with your credit card number?".
This is wrong or at least incomplete information that was sent out to a lot of people in Belgium:
1. Trend Micro states that the virus will become active on Fridays or Sundays and that the virus will deactivate itself on September 10th. This means that Sunday August 24th is only the first attack. They don't even mention that the downloading wave of the virus will become active again next Friday and later on... VTM also neglected to mention the other misbehaviour from SoBig: the mass-mailing of itself, which you might have experience yourself from bounced mails. (I know I already had some annoying experiences with this).
2. What is the purpose of a virus anyway? I don't know how much damage and profit losses viruses already caused, but every virus costs at least some money. The impact is not always that big. But anyway, I always consider every virus an act of cyber-terrorism. In the "real" world, not only the tragic September 11th was a terroristic act. Small bomb attacks, for example, are considered as terrorism too. Isn't terrorism the disruption of a society/community? I think many viruses already tried (and some succeeded to some extend) to disrupt the online community....
3. Did the experts succeed to defeat the expected attack? Was no PC at all infected? Why should we still worry if expects already defeated it once? Won't they do it again?
4. This is my favorite one... Do not go on the internet if you think your PC is infected... Wow, great. Why would you even think your PC is infected? If we reverse this, one could think that his PC is not infected while it actually is and go on the internet. They even don't tell you how to see it is infected. But besides that, this is one of the most lame ways I ever heared to defeat a virus... BTW. What means "connecting to the internet" to "regular users"? Opening Internet Explorer? Reading e-mail? Or working on their PC? What about cable users who are automatically connected on the net?
5. Great for all these e-commerce websites. Luckily they immediately added that online buying is still safe for the time being. However, they are not warning about malafide online resellers or uncareful business owners that don't protect their systems enough... There are lots of things that should be considered before buying online.
That said, I agree that a short news bulletin cannot contain all details. Computer security topics are just too complex. HOWEVER (yes, a big one), I wonder why they didn't mention the useful information, like installing an antivirus software and keeping it up-to-date??? Isn't this the prime directive for internet-enabling a PC? They didn't even mention the free online virusscanners, not even a single website for more information on this virus... BIPT, the Belgian regulatory body for postal services and telecommunication, has a special page for all virus threats (in Dutch and French only). Why don't they mention that Microsoft put up a website about protecting Windows computers (http://www.microsoft.com/protect if you didn't know it yet) against virus attack from the outside? Microsoft Belux even has localized Dutch and French instructions on protecting your PC.(It's a pity though that the instructions still refer to the Blaster virus, since they apply to general PC protection, but still...)
I consider it our (people working in IT) responsability to inform "regular users" about the necessary protection their computer needs. Support from the different media is more than welcome. But they should inform the public correctly and at least give some basic information on protecting their PC's (instead of saying: "don't work on your PC because it could be infected by a virus")....
Now, let's hope someone of VTM news desk will read this and make VTM mention the protection instructions on their next news broadcast...
PS. If you want, you may read virii instead of viruses. I don't want to get into this discussion...