- Tram Ho
Steven Sinofsky, former head of Microsoft’s Windows and Office division, recalled his experience with the ILOVEYOU virus that spread to the world in 2000.
One morning in 2000, Steven Sinofky, then the director of Microsoft’s enterprise software, received a strange call from a female reporter before driving to work with the mysterious message, “I love you.” , I love you ”(I love you, I love you).
Before Sinofky could understand the story, ILOVEYOU – a “cute” computer virus, had infiltrated the entire Internet system, destroying millions of email inboxes worldwide through Microsoft Outlook and Exchange software. .
The first lesson of Microsoft
In his Fast Company article, Sinofsky said that ILOVEYOU was not the first virus to cause headaches for Microsoft executives. In the mid-1990s, Microsoft had to deal with completely new viruses.
A virus called WM / Concept.A does not take advantage of errors or programming errors in Word. The exploited vulnerability is macros of Word 6.0. Considered to be an achievement in boosting productivity, a macro command allows users to record their actions and repeat them.
WM / Concept.A takes advantage of the ability to open and execute as soon as the file is clicked to infect the computer. After the executable file is opened, every document on the computer will be infected with the virus, and every time it is shared via the virus network, it is distributed.
“Unlike what people often think, successful viruses do not do harmful tasks like wiping files or reinstalling hard drives. If they do, they will not be distributed, and lose their original purpose, ”Mr. Sinofsky described.
By that standard, WM / Concept.A was so successful in the global distribution that what it did was just annoying users. When opening files with viruses, an error window will pop up, and users just need to press “OK” to be able to ignore. Removing the virus is quite simple, but it also creates a new industry: antivirus.
|The WM / Concept.A virus does not cause much harm to computers, but spreads very quickly and opens up the anti-virus service industry. Photo: Fast Company.|
“WM / Concept.A is our first lesson about the balance between building a scalable system, customizing and ensuring the safety and reliability of computers; as well as how users can react if the security associated with the way the work has to change, ”Mr. Sinofsky describes the first lesson from this virus.
Crashes Microsoft server
In 1999, Microsoft received the next lesson on viruses. Mr. Sinofky describes one morning, he received a series of unusual emails on Outlook with the subject line “Important Message from. . . ” (This is an important message for …)
Each message only contains a text “This is the document you requested … don’t show it to others ;-)”, along with the attached .doc file.
Sinofky is not the only one who receives this strange message chain, but at the same time, all Outlook users receive it.
|W97M.Melissa virus infects hundreds of thousands of people when sending themselves via email. Photo: Fast Company.|
Soon after, the worldwide email service system stopped working.
The culprit is this W97M.Melissa virus. Also exploiting vulnerabilities from macros but copying itself via email, Mellisa has completely paralyzed the global email service.
After being spread via an intentionally simple email, the Melissa virus spread when the recipient opened the attached file. The message is designed to look familiar, so most users open the file.
If the user launches from Outlook, the code in the Melissa virus will use the macro to send the same “Important message” to the first 50 people in the Outlook address book. Each infected person will infect 50 people, and each person opening the attachment spreads to an additional 50 people.
The incident happened over the weekend, meaning millions of users worldwide won’t be able to use email when the workday on Monday begins.
“Our customers and offices around the world are angry,” Mr. Sinofsky described.
This is the first virus called a “worm”, because of its ability to spread itself to other computers without the user’s action. It also makes good use of the psychological aspect, a trick later called “social engineering”.
Sinofsky said that Melissa has once again pointed out limitations on Microsoft’s software design.
“Our products and customers are at risk as the world becomes more connected. The effective design approach for technology-savvy people is now ineffective as more and more Internet users do not understand how computers work, ”the former Microsoft executive said.
The price of ILOVEYOU
ILOVEYOU also spreads via email, but instead of sending it to the first 50 people in the directory, it sends an email to the whole. It also installs a copy on your computer to run in the background all the time, delete files and replace them with virus copies.
The consequences of ILOVEYOU amount to billions of dollars. Some experts said that only one morning, half of North American computers were infected with ILOVEYOU virus, and about 100,000 email servers in Europe were infected or shut down as a precaution.
The ILOVEYOU virus has even disabled servers and networked computers in many important government agencies from the US Department of Defense to the UK National Health Service.
|In just a few weeks, the ILOVEYOU virus has caused billions of dollars in damage. Photo: Fast Company.|
“Things are bad, very bad. Our team must find a way to handle and consider many options, ”Mr. Sinofsky recounted the period when Microsoft responded to the crisis. The former leader described the moment as a Tylenol crisis, causing seven deaths in 1982.
In the face of that risk, Microsoft must take strong measures such as disabling sending a variety of attachments or running executable code, cutting off access to contacts, or marking every email as not worthwhile. trust.
However, it will take up to 4 weeks for Microsoft to complete the patch and fix bugs that ILOVEYOU exploits.
With ILOVEYOU, Mr. Sinofsky once again affirmed the different views of computer users and general users. That’s the big lesson of Microsoft: how to design safe software that common users accept to use.
“Everyone is busy and just wants the computer to work stable,” Mr. Sinofsky said.
Source : Techtalk