HOME
TOPICS
ABOUT ME
MAIL

 
Left out of the many accounts of the prank pulled by a Cornell graduate student is something that could be the single most important issue of computer networking in the next decade. It is put most simply in the form of a question: Who is in charge here?
  technofile
Al Fasoldt's reviews and commentaries, continuously available online since 1983

Nationwide virus scare leaves me wondering: Who's in charge?


By Al Fasoldt
Copyright © 1988, The Syracuse Newspapers

   There's an untold story in the furor over the electronic virus that infected 6,000 mainframe computers across the country earlier this month.
   Left out of the many accounts of the prank pulled by a Cornell graduate student is something that could be the single most important issue of computer networking in the next decade.
   It is put most simply in the form of a question: Who is in charge here?
   In more complete terms, it can be stated this way: Are we placing too much trust in the systems managers who run our nation's medium- and large-size computer systems?
   I am posing this question for a practical reason, not a theoretical one. Lost in the furor over the mass electronic break-in is the fact that it could have been prevented -- if the people in charge of the computers had been doing their job.
   The hacker exploited a weakness in the operating system of these computer systems. The weakness was known to the operating system's designers, and the company that supplies the operating system had long ago sent notices to all its customers explaining how to patch the operating system to fix the weakness.
   All these thousands of systems managers had to do was read their mail.
   Most of them didn't. Most of them ignored the plea from the operating system's designers to make the fix before someone broke into these computers through this weak area, called the "back door."
   There is no other word for this than incompetence. Those who think it's unlikely that most mainframe computer systems managers are incompetent -- at least in this one area, if in no other -- have their heads in the sand.
   Think of it in terms of human viruses. If doctors throughout the country were warned of a potentially dangerous weakness in a major drug and most of them did nothing about it, how forgiving would we be? We would demand that the medical profession act immediately to remove those doctors who don't have enough sense to protect the public.
   Are we going to do the same thing in regard to our systems managers?
   I'm a realist. I know what the answer is. They'll go on protecting their jobs by making up excuses. They'll tell the people who hired them that the entire subject is too technical to explain, but they have the situation well in hand.
   Bull. Every systems manager who ignored the warnings on the flaws in Unix, the operating system that the hacker sailed right through, should be fired.
   It's as simple as that. It's time that we treated networked computer systems seriously. It's time that we stopped accepting the technobabble from these incompetents as something that no one else can comprehend. The rest of us can comprehend it just fine, thank you.
   If you agree, mail a copy of this column to your boss. Send a copy to the person who hires and fires the systems manager in your company or university.
   Send 'em a message before another hacker sends them something else.