Question: Which was worse - The Conficker worm, or all the hype that some security firms and the media whipped up around this worm and the April 1st trigger date?
Answer: The hype.
Earlier this week I wrote my "no bull" guide to the Conficker worm (aka Downadup or Kido) because I was sick of reading one hyped up piece after another. Some of the articles I read were almost guaranteeing that come April 1st the world would be thrown into anarchy and be yanked back into the stone age as ever PC melted into grey goo.
As it turned out, what happened on April 1st was ... well, nothing.
All the hype. All the crazy predictions. All the scare stories (coming from both people talking about things they don't know much about, and people using the trigger date as an opportunity to freak people out and sell products). It all came to nothing.
The levels of hype pushed out by some security firms (I'm not going name names and point fingers, but the companies responsible should be aware that I've made a note of who you all are ... ) was both deliberate and highly irresponsible. It scared people. I know, because over the past week I've fielded over 200 emails from readers, and many of these emails were from people who were scared. Real scared. Some people decided to leave their PCs off over April 1st. Others had scanned their systems but were still worried that the worm was still lurking somewhere within their system. Most of these people were already running security software, but most though that they needed to spend more money on more software.
I'm not saying that worms like Conficker are benign. They're not, and ideally you want to make sure that your system is clean, and if it's not, isolate the system, find the right tools and clean the system. However, it's also important (maybe more important) to keep a clear head, not to panic, and realize that no worm can cause either you or your PC too bleed to death.
Rather than put effort into scaring people, security vendors would do better to try to reassure existing customers that they are safe from high profile threats. A simple message such as "Congratulations! You are protected against XYZ. If you are still worried, click here to run a scan ..." would help put customers at ease and maybe foster a better long-term relationship with the customer, which would help generate future sales come time to renew subscriptions.
I also heard from more than a dozen people who were running up-to-date antivirus products (from big name vendors) and yet had malware on their system that they couldn't get rid of. Imagine these people's surprise when I pointed them to free online tools that carried out the disinfection process quickly and easily. Do you think these people are going to be buying from the same vendor again? I certainly hope not.
Bottom line, don't panic. And, maybe more importantly, don't cause panic.