One of my favorite blogs, Dog Reader, just featured a story about finding a computer virus on the space station. I highly recommend this blog and always find myself saying THAT’S RIGHT when I read it.
I want to deconstruct the story and the larger issues a bit. Here are the facts as stated in articles:
* the virus traveled with laptops to the space station
* this isn’t the first time this happened
* the laptops reportedly do not have any anti-virus software (reportedly? their either DO or DON’T)
* NASA plans to put in security systems to prevent this in the future (security systems?)
I went over to Symantec’s page on the specific virus. It targets users of ten popular online games, looking for passwords, then sends them to the hacker via http (web). Symantec recommends shutting down unnecessary Windows services (ftp server, telnet, web server), keeping the OS patched, using complex passwords, blocking certain file attachments, and training employees not to open attachments unless they are expecting them.
Symantec seemed to indicate that this virus comes from infected web pages.
Let me ask a question:Is NASA stupid?
To the best of my knowledge, it’s 2008. Computer viruses aren’t rocket science (sorry, had to). It is no mystery that there are viruses out there and all computers need to be protected from them. Is NASA going to train a computer geek for months so he can fly to the space station on a housecall?
After spending a lot of time in the field, I have a few things to say (and questions to ask) on viruses.
FACT: Computer safety is best achieved by well-educated users.
REALITY: People are lazy. Some are just plain stupid. Most aren’t interested in learning about computer safety – they just want to download, play games, or web surf.
FACT: An educated computer user PLUS security software can be a formidable combination.
Software alone is not the way. Antivirus software is generally reactive: it updates after it becomes aware of a virus. Only a combination can work.
This virus did not magically appear on the laptop. It did not `beam up’ to it. It got there because of a flawed operating system, visiting a compromised site, and lack of security software.
Sorry, folks, you need to get up off your bottoms and learn something about the way viruses spread. If you don’t, you’ll keep getting viruses. It’s really that simple. If you don’t get it from a compromised web site, you’re going to get it by clicking on a bad attachment in email. Yet you continue to click on anything that has a blue line under it.
FACT: Most of the viruses out there require you to do something to activate them.
I’m not just bitching – I’m trying to help. If you look up, you’ll find my guide to computer safety. Go there and have a look. It’s free. It’s full of small things you can do to protect yourself. Educate yourself. Make it that much more difficult for your computer to get infected. Make sure you have antivirus software and update it frequently.
My question? It’s how we deal with this plague in the real world. I have no illusions that my advice will be followed. People are people: they’re not going to educate themselves. In the absence of education and the admission that software won’t do it all either, how do we deal with this once and for all?