Love Bug: Could it have been prevented?

Analysis: Users will always have to be vigilant about virus attacks, say experts.
Written by Matthew Broersma, Contributor

It might seem absurd that a couple of pages worth of computer code could bring the world's major corporate and governmental email systems to their knees, but that's exactly what the "Love Bug" worm virus has done. And there's no way of making sure the same thing doesn't happen in the future, according to security companies and experts.

There are various cautionary measures that can be taken by anti-virus firms, software companies, organisations and users, but the down side is that a weakness in any one of these links could be successfully exploited by a virus, experts say.

For example, the "ILOVEYOU" worm -- and last year's Melissa virus -- caused so much disruption partly because users received the email from friends or co-workers, leading them to believe it was harmless.

Technology can be devised to recognise and block viruses, but the irony is that the more powerful and complex the technology, the more opportunities it creates for exploitation by virus-writers. "In the future, security may be easier to execute, but as systems get more complex, so with the threats," said Kevin Street, technical director of security software firm Symantec in Europe, the Middle East and Asia. "You can't underestimate the cleverness of people, either in a positive or negative sense. I don't think the threat will ever go away."

Security firms are rolling out ever more effective ways of spotting viruses before they ever get to users -- systems that run on your ISP or your corporation's mail gateway. But ultimately their hands are tied. "There are advanced generic detection techniques, but when we get a significantly new kind of virus, we can't detect all these things generically," said Rob Eatwell, European business development manager for Network Associates. "You have to rely on getting a fix after the virus is known."

But viruses have the advantage of superhuman speed: by the time the first fixes for ILOVEYOU became available, it had already slammed email systems of businesses and government institutions around the world.

Software firms such as Microsoft -- which makes the Outlook mail program used by ILOVEYOU propagate -- hold some responsibility for making their products reasonably secure, according to IT security expert Bruce Tober. Tober and others feel applications such as Outlook and Word have security loopholes other companies would not have left open.

But trying to make software, operating systems and networks completely virus-proof is akin to driving a tank to work to keep your car from being stolen -- it simply isn't practical. Short of steep, worldwide legal penalties for virus creation, there may be no permanent solution to virus attacks. "[Users] will always have to worry about viruses," Tober said. "They can never be sure they have closed up all the avenues of attack.

"It's a very open world we live in, and there are always going to be opportunities for people to exploit that," he said.

It seems that most of the world is still reeling from the shock of the cutely and seductively named ILOVEYOU virus. Go with Peter Coffee to AnchorDesk UK and read the news comment to find out how easy it was and the perils that lie ahead.

What do you think? Tell the Mailroom. And read what others have said.

For full coverage see ZDNet UK's Love Bug Roundup.

Editorial standards