1. Historical IT A Quick Overview of Situations we have addressed Stacey L. Vernooy 8-Feb-11
2. Complicated Systems … What are viruses ? How have we reacted ? How do we protect ourselves going forward ? 2/5/2011 S. VERNOOY 2
3. Types of Viruses Viruses by nature are attacks on a computers system files or a users personal files by causing hardware and function failure, inconvenience and potential sharing of secured information. i.e. ‘Nuisance’ – actions that impact the performance and limit a users ability to perform common tasks. I.e.. pop up message boxes ‘Trojan’ – sneak attack through attachment to a system file ‘Worm’ – resides on the computer memory in a hidden file and executes randomly playing ‘hide and seek’ throughout system files 2/5/2011 3 S. VERNOOY
4. Samples from the past… Michael Angelo N a t a s Y2K crisis Cobol crisis Melissa 2/5/2011 4 S. VERNOOY
5. Michael Angelo March 4th 1991 In the early nineties, as home computers were beginning to be more common, a generic date triggered virus threatened the ‘system startup’ of pc’s 2/5/2011 5 S. VERNOOY
6. ‘N a t a s’ SATAN London 1995 A virus of local impact was launched through ‘on-campus’ computer labs. Passed by the transfer of boot disks between workstations, the virus attacked by ‘fragmenting’ programs and documents, re-attached and re-executed itself on each login. When the virus met a home pc, a complete reformat was required by professionals as attempts to use system user disks failed on multiple attempts. At UWO, a complete network reinstallation was required in the junior first year labs. 2/5/2011 6 S. VERNOOY
7. Y2K crisis … December 31st 1999 – January 1st 2000 Triggered by the turn of midnight on New Years Eve, the Y2K virus was the result of legacy systems that used a shortened date format in calculations that did not account for the year 2000. During development of systems in the early 1970’s the anticipation that the same systems would still be full production and usage by the turn of the century was not correct. Impact – Government systems, including nuclear regulatory systems, aviation and navigation systems in use by military, financial calculations of markets and billing, medical and surgical instruments and several stand alone systems that automated routines by date function were impacted 2/5/2011 7 S. VERNOOY
8. Cobol Crisis … September 9th 1999 Legacy systems, including several factory and banking automated routines used the COBOL language which leveraged a date format of ‘nines’ I.e.. 99-99-99 as interpreted DD-MM-YYYY As September 9th 1999, was a sensitive trigger date, many reported that it would be a pre-cursor to the issues to be experienced during the Y2K crisis of the same year. 2/5/2011 8 S. VERNOOY
9. ‘Melissa’ Toronto 2002 An ‘address book’ virus, attached itself through individual users email contact books and would send random messages that would execute the attachment to the next address book. In corporate culture, where all address books contain the entire company roster of employees, the virus would continue to re-circle users and the dramatic effect shutdown networks of internal communication. One of several similar type of viruses that attacked a new generation of users that kept custom address books Untraceable in origin, could be attached to an email without detection, intended or not. 2/5/2011 9 S. VERNOOY
10. Results … Many causes of concern that brought attention to the maintenance required to keep systems reliable, the requirement that accuracy and foresight would create longer lasting applications and the awareness of the intricate nature of the systems themselves. Documentation was required Analysis of all individual components was required Streamlining for easier, ongoing maintenance 2/5/2011 S. VERNOOY 10
11. The ‘Task force’ Knowledge/Experience - programmers with a complex collection of skills within multiple languages to cross-leverage workable solutions. Time – dedicated individuals that spent considerable time to identify the changes required and implemented new routines to parallel existing systems until a smooth transition could be completed seamlessly Effort – learning new languages, applying revisions and testing. 2/5/2011 S. VERNOOY 11
12. Minor fixes … Changes in policy to limit the exposure of larger corporations to public access. Restrictions to employees about personal email that could be sourced from less reliable or less protected outsiders and intruders. Installations of additional safeguards, firewalls and anti-virus programs that were created and regularly updated into systems to be proactive in attacking and resolving potential threats. Additional hardware, user restrictions and accountability. 2/5/2011 S. VERNOOY 12
13. Government support … It wasn’t enough to alert the public of the ‘cause for concern’. The nature of the Y2K instance was global, a wide spread impact and influence that brought together nations of knowledge to offset potential global threat. Incentives were created for new IT graduates to be hired to perform either day-to-day operations, to free the time of more experienced programmers or to hire the fresh programmers for analysis of millions of lines of code and to respond appropriately. 2/5/2011 S. VERNOOY 13
14. Technology is evolving … Complex and with constant changes, new languages and skill sets are required all the time. Where COBOL, Fortran and earlier versions of C remain staples in the learning discipline of the study of computer languages, the ‘fourth generation’ of visual availability and implementation serves a quicker resolution to problems. A ‘web generation’ has faster turnarounds to release online solutions, systems in most cases ‘have already been built once’ and the learning’s are quick to share. 2/5/2011 S. VERNOOY 14
15. Now we know… It has been years since an ‘outbreak’ has occurred and with a wireless generation that builds more resilient and bullet proof coding, many public exposures are reduced. The ‘new threat’ is the availability of the content contained in the systems as a generation has become dependent on sharing, often personal and private details that can be leveraged to obtain even further information. It’s the silent attack from ‘behind the scenes’. 2/5/2011 S. VERNOOY 15