'Love Bug': A lesson, a warning

THE BALTIMORE SUN

WASHINGTON - The "Love Bug" computer virus and its copycat cousins, which wreaked havoc with Microsoft-based e-mail systems and Internet servers around the globe last week, underscore the vulnerability of a world increasingly online and dominated by a single software giant, critics say.

The very technological sameness that makes computers more accessible to consumers makes it easier for these malicious programs to spread like wildfire.

Taking advantage of a particular feature of Microsoft's Outlook e-mail program, the virus-generated flood of infected e-mail traffic shut down huge swaths of the Internet, forcing corporate and government users to go offline and cleanse their computer systems.

But it left systems and servers that don't use Microsoft programs relatively unscathed, placing another rhetorical brickbat in the arsenal of those who call for a breakup of the world's richest programming corporation.

Under the banner of technological diversity, these critics point out the danger of a global Internet ruled by a Microsoft "monoculture," a biological phrase that evokes images of natural selection and Darwin.

Here's the logic: Just as a diverse gene pool favors a life form's ability to adapt to adverse circumstances, so would a diverse set of operating systems make the world's computer users less vulnerable to cyberattack."That virus came so close to shutting down the whole Internet and that's only possible in a monoculture environment," said John Paul Moore, a Web developer in Austin, Texas. "Nobody has done more to undermine Internet standards than Microsoft has by trying to dominate this system. Get Microsoft out of the way and let the market happen."

But others who push technological diversity aren't sure that breaking up Microsoft would end the type of software vulnerabilities exploited by the creator or creators of the "Love Bug."

"It's really absolutely correct that when you have a single operating system and a system that is as widely distributed as Microsoft, and that operating system rather consistently and absolutely shows no concern about security, you're going to have these problems," said Adam Shostack, director of technology at Zero-Knowledge Systems, Inc., a Montreal-based firm specializing in Internet privacy programs. "Diversity helps. It makes it much harder to have the breadth of impact you've just seen."

Shostack, however, thinks the main problem is Microsoft's failure to place a priority on security - a failing shared by other software developers, including those who write for the MacIntosh operating system. This failure is linked to each system's original purpose.

Both Microsoft and Mac programmers have a history of writing for individual computer users and are unaccustomed to thinking about security issues. In particular, Microsoft products emphasize automatic features that make them easier for customers to use, but that may have unintended vulnerabilities.

On the other hand, programmers for Unix - originally used primarily by universities, corporations and government - write code in a language rooted in systems with multiple operators and a high need for security.

Unix and its descendants, most notably the Linux operating system, have built-in security features. These include a hierarchy of access that limits those who can get into the guts of the program, and features that allow the user to monitor sensitive files for signs of tampering.

The "Love Bug" virus took advantage of an automation feature in Microsoft's Outlook. It allows users to send messages while working from a different application , such as a word processing function. And it allows various Microsoft business applications to talk to each other.

In other words, the system is set up to accept commands and messages from outside sources. But while that gives users the convenience of not having to jump back and forth to fetch or send e-mail, it provides an easy opening for a computer virus.

It is also an opening that is easy to close, said Richard Smith, a retired software executive and white-hat hacker from Brookline, Mass.

Smith, who spends his days chasing down authors of malicious programs like the infamous Melissa virus, said it would be a simple matter for Microsoft to ship Outlook with this automation feature turned off instead of turned on. Most users don't know it's there; someone sophisticated enough to use it is sophisticated enough to turn it on.

For Smith, the Microsoft monoculture plays into a powerfully related issue - the rapid spread of the Internet and the changing pattern of online use.

Ten years ago, only institutions like universities were online virtually all the time; now, particularly because of the rise of broadband Internet access, more individual users have their computers wired for longer stretches of time.

This means there are more potential targets for a virus to hit and more computers that can be infected because they run the same operating system."It's certainly true that when one system dominates, it's easier for viruses to spread," said Smith. "It's difficult to write viruses that hit different kinds of systems at the same time."But the problem is a combination of the connectivity we've got and the number of computers running the same operating system. Greater connectivity means a greater potential for accidental spread of viruses like these. We'll just have more people online all the time, more possibilities of people opening up these viruses by accident, out of ignorance."

Greater Internet connectivity also means computer users are flooded with e-mail of all types -- personal, professional and commercial. And that makes it much easier to slip an infected message into the traffic."We do not wall off our personal and professional e-mails," said Philip Anderson, a business professor at Dartmouth College. "During the flow of our day, we don't say 'oh, that's a joke or that's a love note, I'll wait until 5 o'clock to open it.' That's what makes these attacks so insidious."

Anderson's college was immune from the attack because it relies on a MacIntosh system. But even though he agrees that greater diversity would make it more difficult for these viruses to spread, he's not sure monocultures are entirely a bad thing.

For example, because so many customers use Microsoft programs, one fix - called a patch - will shut down the problem."Both the offense and the defense have the same problems and advantages when it comes to monoculture," Anderson said.

The Microsoft monoculture also gives companies the economic savings of standardization, said Frank Prince, a senior analyst at Forrester Research, Inc., a Cambridge, Mass., marketing firm specializing in Internet commerce."Even though it's appealing from a sort of genetic point of view, technological diversity only makes sense for organizations that have the scale and size that make it economical to maintain different systems," Prince said. "Most organizations get their economies of scale from driving toward standardization. And the savings from that standardization far outweigh the costs of these occasional attacks."

An international corporation such as Daimler-Chrysler Corp., the German-American auto giant, might have several operating systems across its global network -- some Microsoft based, some based on MacIntosh or another system. So a rough form of technological diversity already exists across the vast expanse of the company, one that a smaller business can't duplicate."Diversity in the large is important," said Prince. "Diversity in the small is probably offset by the economies of standardization."

Moore, the Texas Web developer, disagrees. To him, diversity is the essence of survival in an increasingly wired world, one where more and more of everyday life is traveling across the Internet.

"Live by the wire, die by the wire," Moore said.

Jim Nesbitt is a writer for New house News Service

Copyright © 2020, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad
68°