ELECTRONIC HOUSE CALL - July 23, 1999

If I am off on a rant here, please forgive me but it seems like time for a reminder on this subject.

WE HAVE MET THE ENEMY AND IT IS US
It seems to come in waves, but this week I received several e-mail hoax warnings ranging from "Chicken Little" type notices that the cyber sky was falling to some great deal to be had merely for passing along e-mail messages. Virtually all of this stuff is just junk that clutters up bandwidth and slows down the entire e-mail network. It is irritating that it is out there in the first place and it is irritating that so many people just blindly pass it along. The only way to stop it is to have it never leave your desk.

HOW TO IDENTIFY A HOAX
Here is some advice from CIAC, the Computer Incident Advisory Capability of the US Department of Energy

There are several methods to identify virus hoaxes, but first consider what makes a successful hoax on the Internet. There are two known factors that make a successful virus hoax, they are(1) technical sounding language, and (2) credibility by association. If the warning uses the proper technical jargon, most individuals, including technologically savy individuals, tend to believe the warning is real.

For example, the Good Times hoax says that "...if the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor...". The first time you read this, it sounds like it might be something real. With a little research, you find that there is no such thing as an nth-complexity infinite binary loop and that processors are designed to run loops for weeks at a time without damage.

When we say credibility by association we are referring to whom sent the warning. If the janitor at a large technological organization sends a warning to someone outside of that organization, people on the outside tend to believe the warning because the company should know about those things. Even though the person sending the warning may not have a clue what he is talking about, the prestige of the company backs the warning, making it appear real. If a manager at the company sends the warning, the message is doubly backed by the company's and the manager's reputations.

Individuals should also be especially alert if the warning urges you to pass it on to your friends. This should raise a red flag that the warning may be a hoax.

Another flag to watch for is when the warning indicates that it is a Federal Communication Commission (FCC) warning. According to the FCC, they have not and never will disseminate warnings on viruses. It is not part of their job.

KNOW THE DANGER
Your computer cannot be affected by simply reading an e-mail text message. For any damage to be done, you need to execute an attached program (usually with a ".exe" extension.) This is a common sense issue -- if you receive a file attached to an e-mail, don't open it if you have any doubts about it. For myself, even if I know the sender, I will not open an attachment unless I know there is something there I want.

While I recommend that you invest in a good antivirus program (and keep it updated), there is no such thing as a foolproof antivirus program. Viruses and other Trojan horses can be (and have been) designed to bypass them. Antivirus products also can be tricky to use at times and they occasionally suffer from programming errors. (Of course you need to actually USE antivirus software for it to protect you in the first place -- many people turn off this protection after awhile because it slows them down.) Likewise, people often fail to make adequate backups of their computer data. Always rely on a good set of backups as your first line of defense and use antivirus software only as a secondary measure.

CHECK IT OUT
It is becoming more of a jungle out there every day . . . but don't succumb to the fear factor that causes most people to immediately pass along these hoaxes to everyone they know. Here are several sources that will give you a heads-up on viruses or hoaxes before you innocently pass them along to the world. I suggest you bookmark them in your browser so you won't have to look them up the next time you get a suspicious message.

http://www.ciac.org/
http://urbanlegends.miningco.com/library/weekly/aa072998.htm
http://www.icsa.net/services/consortia/anti-virus/alerthoax.shtml
http://www.kumite.com/myths
http://korova.com/virus/hoax.htm

In addition, most anti-virus companies have a web page containing information about most known viruses and hoaxes. You can also call or check the web site of the company that produces the product that is supposed to contain the virus. In most cases, common sense would eliminate Internet hoaxes.

BE PART OF THE SOLUTION
If you are at all in doubt about whether a warning is valid or not, don't pass it on until you have personally verified it, either by checking with one of the sources above or by contacting the alleged originator of the initial message. Take responsibility for what you send and it won't come back to embarrass you later.

Thus endeth the sermon for today. Happy surfing!