Fool me once, shame on youHow many times do users of Windows need to be kicked in the head? It's as if we have a community of people who, upon discovery of "kick me" signs attached to their backs, do nothing -- and then complain when they eventually do get kicked.
Fool me twice, shame on me
The first time was Melissa, and that should have been the wake-up call. Hello, is anyone out there listening? Apparently not.
So, surprise of surprises, now we have Melissa's successor, the ILOVEYOU worm. To me it's simply no coincidence that ILOVEYOU shares its name with Barney's theme song. For you see, Microsoft Outlook (and other email software that's susceptible to ILOVEYOU) shares much with the Barney program. Eye candy is paramount. Short term visual stimulation means more than substance (which is OK if you're three years old, beyond that there's not much excuse). The emphasis is on the visual, and attention spans run on Internet time.
Until recently I believed that the blame was squarely on Microsoft's shoulders. After all, when most people buy a computer, they don't know that they're being sold a box with gaping security holes. However, it appears that business users got hit harder by ILOVEYOU than home users. While I received more than a dozen love letters Thursday morning, neither my wife nor my kids or any of their friends received any copies at all.
It's not Microsoft that's at fault, nor the anti-virus companies that capitalize on such events yet, when all is said and done, are powerless to prevent them. It's the IT managers in businesses and governments, whose systems got hit, who should know better by now. The problem lies with the sheep who continu e to use such dangerous products when credible and safer alternatives exist.
The heart of the matter
Compounding the problem, to me, is Microsoft's response -- nothing. The company denies blame or indeed the need to make any modifications to Outlook. In other words, they don't care.
I just wonder how many times Microsoft users will allow themselves to be kicked before they come to their senses.
The Outlook facility that allows you to run arbitrary pieces of emailed software without asking you first is Evil, pure and simple. It allows others to send you software that does strange and unknown things to your system. And even virus scanners can't pre-warn you of the dangers inside a bundle of bits that's shipped to you in compressed or encrypted form. It's no surprise that by the time any of the popular virus catching software was modified to repel ILOVEYOU, it was too late. And you can count on anti-virus software's inability to repel the next one too.
Even when we have "legitimate" uses for the facility of running programs from email, I wonder whether the pain is worth the gain. In February The Register reported on such a "legitimate" download, from GoHip.com. In return for giving you the ability to watch full-length movies, you must download a program that appends an ad to all your outgoing email and changes your browser's home and search pages. Furthermore, these "enhancements" are hidden from you in such a manner that you need another download from GoHip to remove them.
Now, this ain't no fraud -- GoHip's customer service manager, David Spencer, pointed out that customers are made aware, up front, of what the software does before they download it. If this is what passes for legitimate use of Microsoft's (in)security features, I still must ask whether it is really worth the grief that we have seen inflicted on email users the world over.
So what to do? Don't trust the sellers of a house who tell you that it looks prettier without door locks. Stop buying products that sacrifice your most basic security in favor of a fake veneer of sophistication. If this is the kind of innovation Microsoft says would be endangered by its breakup, maybe that's reason enough for a split.
Microsoft continues to assert -- despite Department of Justice pronouncements -- that its own concerns override those of its users. Yesterday it was Internet security, today it's your ability to do simple system restores if security problems (or any other reason) forces you to re-install.
If you'd like an even more detailed shopping list describing Microsoft's disrespect for its users, my old friend Bill Campbell (owner of a Washington-state Linux VAR), has assembled a good one. Among other things, Bill discovers that when Microsoft itself wants a virus-free environment, it doesn't use Windows. Get the hint?
Later in the day when ILOVEYOU hit, a Unix-using friend posted this to a mailing list:
M$ virus days are the best candidates for catching up on sleep when you don't have to worry about them while the unwashed masses are "down."When I first read it I thought it was awfully pompous. But the more I think of it, the more I've come to believe that most of the people -- especially business users -- who got kicked by this love bug, were just asking for it.
Ignorance is no longer an excuse... as if it ever was.
Could ILOVEYOU have been avoided? Let me know in the TalkBack below.