Effect Measure

A viral infection with serious public health consequences occurred in Canada on January with little publicity:

Hundreds of computers at the Public Health Agency of Canada fell victim to a “worm,” a bit of malicious software that nearly brought operations to a halt.

The trouble began Monday, Jan. 15, 2007, when a few computer users at the agency and at Health Canada reported getting error messages. The worm eventually knocked out 1,308 or 80 per cent of work stations in three cities and took more than a month to eradicate, say newly released documents.

The attack is estimated to have cost the agency up to $1.5-million, including down time for employees made idle by their ailing work stations. More than 50 technicians and other experts struggled for weeks to contain the damage.

A Nov. 26, 2007, post-mortem report on the emergency warned that “the total cost of this incident could have been higher if this event occurred during a time of public health crisis, including loss of life.” (Canadian Press; link now behind subscription firewall)

Technically a computer virus and a computer worm are different. From the computer hygiene point of view, however, they both represent a propagating piece of computer malware that does damage to the community. Public health, like many other community services, has become increasingly dependent on digital communication systems. Few if any public health authorities have their own cyber security expertise and with budgets getting tighter and tighter it isn’t likely many will acquire it.

This just piles one more vulnerability onto public health at a time when it is tottering towards collapse, or at best, a vegetative existence.

NB to taxpayers: you get what you pay for.

Comments

  1. #1 caia
    April 23, 2008

    Psst… humorous typo in the title of this post.

  2. #2 revere
    April 23, 2008

    caia: LOL. I knew I’d do that one of these days. Thanks.

  3. #3 Mark
    April 24, 2008

    Missing from most of these stories is the fact that these infections all take place on Microsoft Windows computers which by poor design are vulnerable to viruses, trojans and other malware.
    Switching to Linux or Unix based computers would prevent these problems (along with many other savings).

  4. #4 indigo
    April 24, 2008

    Don’t want to get into a which computer is best argument but fewer viruses target macs.

  5. #5 Jim Gwyn
    April 24, 2008

    Both the comments by Mark and Indigo are partially correct.

    The problem is largely due to the fact that the vast majority of computers on the web run the same Operating System (OS) Right now, malware makers target Windows XP because that’s where they get the biggest result for their efforts.

    In effect, we have not just a mono-culture in computer operating systems but effectively a vast population of clones. Any “pathogen” that can infect one can infect pretty much all of them. You might further stretch the analogy by comparing security software with immunizations. Unfortunately, the infectious agents are out-evolving the protections. I don’t see this arms race ending any time soon.

    A system that runs a non-Windows OS will dodge most malware. This goes for all the *-nix systems including Macintosh, BSD, Solaris and Linux. There is nothing magical about it, they are just usually aren’t worth the extra effort when there’s so much low-hanging fruit.

  6. #6 pauls lane
    April 24, 2008

    excellent response Jim Gwyn, if the majority of businesses, governments, and home users switched to Mac, or unix based systems, the bad guys would simply target those. But that isn’t what Mark means, Mark means Microsoft is bad, evil, and horrible. It amazes me that a software company that markets such shoddy products can stay in business and just about corner the market. Mark also probably hates WalMart. If Mark is old enough he probably used to hate IBM. I’m pretty darn sure he hates Exxon now.

  7. #7 MoM
    April 24, 2008

    Couple of points: (first I typed pints, and that is OK, too…)
    I’m a geek. In my spare time, I run a service that fixes computers, and most of what I do is remove malware. For the most part, people are stupid. Even after they are told (and shown, and given an easy way to do so), they don’t bother to protect their computers from infections. And I say what the hell, I get $50 for cleaning them up.

    On a larger scale, I say WHAT THE HELL ARE YOU DOING??? to the IT departments that should be maintaining corporate (or, for instance, Health Canada’s) computers. It shouldn’t come as a shock that malware is out there. 99+% of it is prevented by most of the anti-malware products available. (I have my favorites and my villains, but that is for another time).

    If you get your machine infected, bad on you. If your machine infects your network, your IT guy should be fired. And I say this with little respect for (most of) my personal agency’s IT people, and in the full knowledge that their anti-malware system is actually pretty good. It is the rest of their policies that chafe my butt.
    (But then, I’m a geek…)

  8. #8 cleaning machines
    April 29, 2008

    If you get your machine infected, bad on you.

Current ye@r *