Looking beyond the Melissa virus.
"The Melissa virus represents a new level of sophistication in the progression of computer viruses," says Richard Pethia of Carnegie Mellon University's Software Engineering Institute in Pittsburgh. Pethia was one of several computer security experts who testified at a congressional hearing last month on ways to protect information technology from emerging threats.
The Melissa virus exploited a well-known vulnerability of small computer programs called macros. Word processing software often attaches macros to documents in a way invisible to the typical user. The Melissa virus, posing as a macro, was hidden in a Microsoft Word document, which was distributed by E-mail. Opening the document activated the virus, which would then look for an organizer program called Microsoft Outlook. The virus would mail itself to the first 50 addresses listed in the organizer's E-mail directory.
Because Word and Outlook are widely used, often without sufficient security precautions, the virus spread rapidly. It merely perpetuated itself and forced the suspension of E-mail service at sites that it inundated. A virus designed to destroy data, however, could use the same security loophole to wreak much more havoc.
One encouraging aspect of the Melissa episode was the quick response by several virus-monitoring organizations, which collected information and provided timely, well-publicized warnings. Within a few days, new infections slowed to a trickle.
Response times measured in hours and days, however, may not be fast enough in the future. "Future mutations ... could easily be much harder to detect, spread even more quickly, and cause significantly more damage," Pethia contends.
Experts estimate that about 30,000 viruses are now in circulation, with 300 new ones created each month. "Users should be sure that their computers are running the most up-to-date virus protection software," warns Michael A. Vatis, director of the Federal Bureau of Investigation's National Infrastructure Protection Center in Washington, D.C.
"The long-term solutions to the problems represented by Melissa will require fundamental changes to the way technology is developed, packaged, and used," Pethia concludes. "It is critical that [computer] system operators and product developers recognize that their systems and products are now operating in hostile environments."
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Mar 1999 computer virus|
|Article Type:||Brief Article|
|Date:||May 8, 1999|
|Previous Article:||Portrait of the artery as a motivator.|
|Next Article:||Developing digital fluency.|