Sunday, May 09, 2004


My brother's computer (in Australia) got infected by the Sasser worm. He is running Norton Anti-Virus, but this didn't help, as the worm arrived by exploiting a vulnerable port rather than via e-mail. Incoming e-mail is scanned for viruses as a matter of course, but that didn't help with this problem. And although Norton would have deleted the worm if it had been able to run, Sasser kept shutting down the computer before we could get that far. Symantec has a downloadable mini-application to remove Sasser too, but the problem was once again that the machine was shut down by Sasser before he could download and run it. (Yes, there is a way of stopping the shutdown after it starts, but my brother is not a very sophisticated user and it was a relatively hard thing to talk him through).

Eventually we managed to download the Symantec tool on another PC, copy it onto a CD and send him the CD. This copy of the tool we were able to run before Sasser shut down the machine, and therefore we managed to remove Sasser. So my brother's computer (a perfectly nice 3 month old Dell desktop) is now working again.

In terms of support from a distance, this was a hard one. Support from a distance is in many cases getting easier, as I can do such things as remotely take control of my brother's computer over the internet, and just fix the problem myself rather than talk him through it. (It's slow over his dialup connection though). But when a worm keeps shutting his machine down, there is not very much I can do, at least not directly.

Now, I think it is biological analogy time. I think Sasser is like the SARS virus, in the sense that it is very contagious withough being extremely harmful in itself. It shuts computers down and causes strife, but it doesn't do things like mess with or delete files, or wipe out your hard disk, or anything like that. A worm that spread the same way and was damaging could do an untold amount of damage, and I think we are pretty wide open to this kind of thing. And why is it like the SARS virus: well, the SARS virus is basically an extremely nasty variant of the common cold: it is airborne and quite contagious, and it causes nasty symptoms but does not kill very people. However, a nasty airborne varient of influenza would be something else. If we had something as deadly as the 1997 influenza virus that could spread like SARS, we would be in serious trouble, and would be talking tens of thousands of deaths. And even this is a long way short of the nastiness of the influenza of 1918.

No comments:

Blog Archive