• silicon.com
• Technology
• Security

By silicon.com, 7 August 2003 16:44

COMMENT The ongoing persistence of the mimail worm this week has brought home to many in the IT security industry the need for a healthy dose of realism and less of the publicity-hungry scare tactics adopted by some companies. With more worms and viruses than ever trying to infect home PCs and corporate networks, the last thing over-worked and stressed-out IT managers and system administrators need are hyped up reports of 'proof of concept' viruses or harmless bits of malware limited to a few reported outbreaks in some far flung corner of the world. Some may point the finger at the media for blowing some of these stories out of proportion to exploit the reader's appetite for the security hot topic. But when it comes to reporting vulnerabilities, patches and fixes the media is, by and large, led by the vendors. We can act as a vital channel for them to warn IT users of damaging or fast-spreading security exploits. But when minor or insignificant problems are jumped on as an excuse to get a vendor's name a few column inches it starts to lessen the impact. Users will trust the reports less and less, with the resulting danger that when another slammer, code red or Melissa does hit they will be caught unprepared. It is also a responsibility among security vendors to share information on new exploits and viruses with the rest of the industry as soon as they can. The only loser if they don't is the end-user. This is highlighted in an incident earlier this week with the mimail worm. One niche email protection company that doesn't use the typical signature system for virus protection spotted mimail almost a week before it started to wreak havoc across corporate email systems. We'll give the vendor, who shall remain nameless, the benefit of the doubt this time but surely an early warning like that shared with the industry would have saved UK Plc millions of pounds in cleaning up clogged and infected email systems. At silicon.com we hear all the time from security vendors large and small desperate for some publicity about various tenuous and unlikely security weaknesses that would make a good headline. It's time for the industry to become more responsible and realise that scaring customers unnecessarily through the media will eventually lead to a backlash.