Just Desserts

Posted on Nov 28, 2003

The last week has seen the Welchia worm/virus causing a bit of havoc at home. Our Windows 2000 machine was attacked and, given that it has no firewall or virus protection, succumbed pretty quickly. Luckily we spotted it (due to the traffic that resulted) within a couple of days and disconnected the affected machine from the network. After burning a CD with the (surprisingly small amount of) important data from the machine, it was time to re-install.

Windows XP installed quite painlessly, quickly to be followed by some Norton anti-virus protection. At this point I figured I was reasonably safe, so I reconnected the machine to the network, updated the virus database and started to download Windows XP Service Pack 1 - around 49MB.

About half-way through the service pack download Norton (or Symantec - who knows - they seem to be the same thing) popped up to tell me that it found Welchia again. Seemed as though it was worthwhile having the anti-virus stuff, except that the report included the fact that the offending file cannot be quarantined and cannot be removed. Fortunately a utility for removing Welchia specifically was at hand (my wife was well prepared!) and it did the right thing without interrupting the download.

Now we're fully patched up to date with critical updates and feeling fine. At the same time, Matthias mentioned on IRC that XP has a stateful firewall 'built-in', so that's enabled as well (it's somewhere down inside the properties for the network adaptor).

Why just desserts? Somewhat over a year ago, I commented on a BBC News article about the number of new viruses appearing every month. There was some scepticism about figures on my part. Over a year later I had a email from a lady (well, the name makes it appear to me that the sender was female) with the same surname as Neil Cowie telling me:

Of course he works for a virus research company.
That I should:
...engage brain before exercising fingers!
More directly, I need to:
Stop sitting on your head and talking out of your arse.

Over the next week of email exchanges (only three - slow response time on both parts) I discovered:

  • There aren't five new viruses every day,
  • Neil doesn't need to talk up the figures.
In the end it was obvious that I needed some driving reason to question the numbers:
Could it be that you have a vested interest in talking the numbers down to give others a false sense of security, therefore making it easier for you to infest their machines with viruses of your own devising?
Hey, that must be it.

Please understand: I am not suggesting that my debate with Ms. Cowie was directly related to my resulting infection, it just seems righteous - dontcha think?