No more draining discussion if AV needed to be installed on particular systems, the right to wipe any employees desk or laptop in case of "issues", create outbound firewall rules (yes those where new, and yes it saved a lot of damage 3 years later when Slammer hit, but that's another story) and budget to install "monitoring services" on whatever we'd like.
The total data loss was limited, the costs of employees not being able to work was a lot worst.
I thought it was rude to pay for an OS and then have to pay separately for software to protect that OS. It seemed off to me that the guy who wrote Melissa got jail time, but nothing happened to those who sold the software needed to run viruses.
I stopped having Windows installed after Slammer hit. After almost two decades away, I got a job at a big American company that issues Windows laptops and lo-and-behold there's some seperately purchsed AV software installed.
It makes the laptop a space heater. If I don't explicitly shut it down, the AV software never drops below 30% CPU and the thing's fans never stop running. They accidentally dropped AV for a couple weeks when they upgraded my machine from Windows 7 to 10 and it shaved five minutes off a ~17 minute Maven build. I'm one employ of tens or hundreds of thousands producing all this extraneous waste heat.
My friends needle me about BitCoin's environmental impact. I ask them what the overhead of AV has been.
That said, both are wasteful and ultimately neither should exist.
No, rather companies are buying thousands of computers to install AV on.
Bitcoin miners are a actually a very small minority of computer users, whereas AV results in an extra 10-30% power overhead (possibly more, if we factor in that modern cpus throttle way down if not under load) for the majority of all the corporate PCs in operation, to say nothing of home users.
Back of the napkin math suggests that the comparison is indeed ridiculous, but only because AV usage absolutely dwarfs bitcoin usage.
It's even impossible to play 8K YouTube videos on highest end MacBook and Chrome. It's ironic that MKBHD uploading them without being able to play them himself.
No, but they run almost everywhere.
I'd be very surprised if bitcoin mining produces even 1% of the CO2 emissions of what AV software does. Mostly because the reward from mining has been competed so low that if you have to pay normal amounts for electricity, it's nowhere near profitable, so mining mostly happens in places with very low electricity prices, such as towns in China near hydroelectric dams with massive excess production.
The productivity costs of all those mitigating measures shouldn't be ignored either. Modern corporate Windows images are incredible in how much CPU and RAM they can waste even at idle.
But it was certainly a wake-up call. And such a simple trick, to fool the world in a day.
Reminds me of rtm's chapter in the book CYBERPUNK by Katie Hafner, pg's in there too. Except neither of them are now broke and running a phone stall in Manila.
His dad was Chief Scientist of the NSA National Computer Security Center at the time :)
My point is - it was quite exciting and interesting job for early 2000s, probably paid ok too. There was some software to crack and occasionally write something. Nowadays the hardware is much cheaper when adjusted for inflation, but people still need the service. Jailbreak scene continues to exist too.
Also transitioning from writing a simple virus into production software is a long long way.
Here's a fun thought: was that cheaper to the global community than whatever infrastructural improvements that would have allowed de Guzman stable-enough internet access to not seek out his infamous solution? What other situations like this are there waiting in the wings, and would fixing them cost more or less than the alternative of letting those situations play out as they may? Think how 9/11, terrorist attacks in general, are spurred on by groups aggrieved by socioeconomic or cultural conditions; what would it cost to placate them? Do we not because it would ultimately be more onerous?
You’ve only to pay ‘em the Danegeld and then you’ll get rid of the Dane!
I ask because perfectly equal wealth distribution or maybe even desirable (see many attempts at communism ending badly). Further, there are parts of the world where people have very different cultures and “standards of living” and are happy, which is not dangerous even as it is not “equal.”
So how do you best quantify and anticipate which “infrastructure differences” are fine and maybe even locally optimal, versus which ones are going to lead to harm?
Therein lies another problem: the perceived cost of improvements is modified by the perceptions of "deservedness" on the part of the people paying. Compare post-WWII to post-WOT investment. The Marshall Plan et al. were correctly perceived as being less expensive than the alternative of letting wounds fester and courting another war, but I'd argue that this relatively clear-eyed approach was influenced by who the investment was going to (Westerners, European, white people) and what it was to be used for (returning Europe to its former glory after utter destruction). There has been no talk of that kind of investment in Iraq/Syria/Afghanistan/Libya, whatever their people may desire.
Great product management
On the other hand, a poor person probably has access to a very limited range of technology, so ends up learning the technology inside and out. Maybe they also don't even have regular electricity or internet, so has to learn technology using pencil, paper and by thinking about it. Much more likely to give a deep understanding of the subject matter.
I think it's because when you grow up poor, you _have_ to hack. If not computers, then something. I'm living in Mexico right now, and it's incredible the ways people figure out how to make money, and figure out how to just make things work.
> "Filipino Onel de Guzman, now 44, says he unleashed the Love Bug computer worm to steal passwords so he could access the internet without paying."
But that's not true, according to the same article. That was just the first one he created, then he created something different to spread around the world. It doesn't say his intentions, but for sure it was not to steal local passwords for internet access.
By the end of the article:
> "He claims he initially sent the virus only to Philippine victims, with whom he communicated in chat rooms, because he only wanted to steal internet access passwords that worked in his local area.
However, in spring 2000 he tweaked the code, adding an auto-spreading feature that would send copies of the virus to victims' Outlook contacts, using a flaw in Microsoft's Windows 95 operating system. He also created a title for the email attachment that would have global appeal, tempting people across the world to open it."
> The Love Bug pandemic began on 4 May, 2000.
The Melissa virus happened the year prior. The Morris worm happened in 1988. Also, interestingly, PG shows up in the article for that one,
> It is usually reported that around 6,000 major UNIX machines were infected by the Morris worm; however, Morris' colleague Paul Graham claimed, "I was there when this statistic was cooked up, and this was the recipe: someone guessed that there were about 60,000 computers attached to the Internet, and that the worm might have infected ten percent of them."
What's the flaw?
As far as I remember, this wasn’t a more advanced virus that self-executed upon being opened. People had to willingly double-click the VBS file. The self-replication and use of the address book was clever — and it was a definite Windows flaw that ultimately allowed it all to work — but I don’t think allowing people to willfully execute an attachment is a flaw.
It was after Melissa and this incident that you started seeing the very public campaigns telling people not to open unknown or weird attachments. And AV vendors like Norton started doing more robust AV updates online (rather than selling new virus definitions on floppy disk or CD-ROM) each year. Norton was already doing online definition updates in 2000, but I seem to recall (I was 16 so my memory is fuzzy) the updates becoming more frequent. I do remember having to install ILoveYou patches on my dad’s computer and my uncle’s computer down the street. I’m also pretty sure this was one of the viruses we purposefully sent around our high school’s network that helped get the entire county infected. Novell’s enterprise rules didn’t catch up until it was too late.
That sounds reasonable. You should have to save the attachment and run it from disk. The chances of any hunk of executable code being of some potential use on your particular architecture and OS was low back in the Win95 days and is even lower these days.
That file extensions were hidden by default and that double clicking on a .vbs file ran it.
Does it tho? In what way? Anyone can create or steal a developer account. You can still notarise malicious software. It just that it gives some lead for investigators to follow (for couple of cases per year that are significant enough).
p.s. how App Stores were designed by accepting binaries rather than source code for review is beyond me. Such an obvious oversight.
edit: Although, this is decent https://malware.wikia.org/wiki/ILoveYou
In their defense, it wasn't really designed for cash registers anyway.
When I was a kid and saw an out of order POS was showing Win95 desktop (could be NT. When did NT start having start menu?), I thought it was cool. I wanted to play Solitaire on it while waiting for my mom to finish paying at some other counter.
> When did NT start having start menu?
Windows NT 4 in 1996 had a similar shell to Windows 95.
That was a master level dad joke. I didn't realize either until reading your comment.
I love that the guy put in his email and physical location.
It was made easier by the fact they included their address and phone in the code, back in the days when viruses were legal and everyone read the code.
Time did a Cyberpunk-esque classic write up at the time, but it is paywalled
Another blog- https://nustscienceblog.wordpress.com/2015/05/12/the-compute...
Security is an economic problem.
The economy is a technical problem. Just like computer viruses.
That's what money is. A technology. We need to make it into a high technology.
The optics are a bit different there...
I thought a shop in Manila had tracked down the bug’s creator to repair their computers.
ILOVEYOU would probably trigger OWMYEYES complaints. Not the global minimum.
Well, relatively sure, anyhow. We sift through the spam bin pretty carefully.
Don't know where I got the idea.