John PescatoreBack in the mid/late-1990′s, Gartner was pretty active warning about Y2K date code problems. By 1999, Y2K hysteria got pretty feverish – “60 Minutes” even dedicated segments to Y2K in November 1998 and May 1999. Then after the clock turned over to 00:00:01 2000 and the world didn’t end, there was a lot of discussion of over-hype.
The past week of Conficker hype reminded me very much of a mini-Y2K, but it also pointed out how very different security issues are compared to Y2K – there is never a deadline. Y2K was a nice, predictable stationary threat – it was like when the Old Faithful geyser in Yellowstone National Park used to have a sign with a clock that would say ”Next Expected Eruption.” Though, these days, even Old Faithful isn’t so predictable anymore.
Back in 2002/3 I used to tell vendors “Don’t get addicted to worms.” The security industry loved worms – they caused large Denial of Service attacks that the press covered breathlessly. While threats like Conficker with deadlines capture press interest in a similar manner, the short term bump in awareness is usually way outweighed by the long term “the security geeks were crying ‘the sky is falling again’” effect.
In the real (physical) world, we don’t look for all banks to be robbed at once, or all mink coats to be stolen at once, or all $100 bills to be counterfeited at once in order to do the security job of reducing the risk to businesses. In Conficker, I think the security industry had a pretty balanced response – most of the heavy lifting was done with minimal publicity and there only a few scattered outbreaks of silly overhype that came from the security side.
Category: Uncategorized Tags:
3 responses so far ↓
1 Jim Ivers April 2, 2009 at 8:41 am
Well said. The very nature of this worm would indicate that it is built for survival, not for a high profile event to garner publicity. Expecting an overt, highly public event was contrary to the nature of this worm, which can be said of most of the sophisticated attacks that we see today. Stealth and patience is far more important for those seeking financial gain versus notoriety.
In fairness, the industry may have indirectly fed the animal a bit this time. The creation of the “Conficker Cabal” and the Microsoft bounty created the perception that this was a significant event, and the press naturally ran with that perception. The pace accelerated from there when the idea of the April 1 deadline became public.
As you mentioned in your 3/31 research, the fact that it remains on millions of machines is a threat. But to your point here, Conficker’s ultimate game – if there is one – will likely play out with far less public fanfare than we saw around the April 1 hype.
2 Odds and Ends - Conficker, Big Ben, and Real Time Detection and Remediation « Triumfant Blog April 2, 2009 at 11:20 am
[...] entry by John Pescatore on his Gartner blog today about day after the April 1 Conficker hype. I agree with his take, which mirrored my post [...]
3 Stiennon April 2, 2009 at 5:04 pm
I certainly got more pitches from PR firms saying they had a security expert on tap to talk about Conficker than I usually get. And of course Sunday night people were calling and texting me to “turn on 60 Minutes” which I found an amusingly anachronistic having given up TV five years ago (again, we did not have TV in my house growing up, and please don’t exclaim “that explains it!”)
Turns out most Conficker infections are in China where a bunch of folks for some reason are not allowed to update their versions of Windows. I wonder if a bunch of people actually began to use MSFT Update because of the scare. That would be a good thing.
-Stiennon
BTW, have you looked into the reCAPTCHA service you use for comments? Actual words taken from scanned books and manuscripts. When people type in what they see they are helping a book digitization project! (Am I the last person to hear about this?)
Leave a Comment