According to experts quoted in USA Today and elsewhere, 2005 was the worst year yet for computer security. That's saying a lot, considering how many bad years we've had. Besides the depressing raw numbers, the Department of Homeland Security cut the cyber crime research budget, the news reports say, and pieces of legislation mandating better data protection are getting nowhere.
So, thank goodness it's 2006 and all those concerned with computer security, including small businesses, can turn the page.
Well, no. The new year dawned with the news of a virus, WMF, that is extraordinarily insidious. People generally must execute bad software in order for a virus to be released. The cat and mouse game was that virus pushers had to dream up ways to get you to run a file. The public had at least a fighting chance.
No so with WMF. The virus comes disguised as a .jpeg. Reports say that simply having it on the screen activates the virus.
It's been an interesting two days. Just as the FDA holds up on promising drug therapies until it is sure that there are no unintended side effects, Microsoft is carefully vetting patches before releasing them. That's sound scientific (and, no doubt, legal) reasoning, but this virus is so dangerous that something needs to be done immediately.
PC owners--including, no doubt, small businesses--are flocking to an unofficial patch that experts say will do the trick. I ran it on my two machines with some trepidation. Downloading and executing code from a site that I don't know is legit goes against what I have been told to do for years. Couldn’t the site be set up by the bad guys, and do even worse damage to my machine?
I ran the fix because the situation seems different than what I am accustomed to. For years the scenario has been that carefully controlling what you execute on your PC, along with adequate firewalls and updated antivirus software, would keep you safe. WMF may signal that those days are over. Viruses that spread simply by going to a Website would cripple the Net.
So, welcome to 2006. Somebody should hire the people who write these viruses. They obviously don’t mind working over the holidays.