This post was originally posted on my blog, Talking Salmons.
Link to Mashable story.
So, looks like Koobface is back. They've added some twists to the virus that made headlines last month. Viruses are the most frequent reason policy makers cite when moving to ban social media in the military workplace. However, I wanted to take a few minutes to discuss viruses, social media,human nature (i.e. the predictability of stupidity) and why I believe blaming social media is ridiculous.
First, for the newer technology cats out there, computer viruses aren't natural. They don't "just happen." They aren't God-breathed. They are the willful, malicious invention of individuals.
A lot of times, viruses are just someone's attempt at attention. A virus will exist to propagate itself and little else. Annoying, rude, inappropriate, but with little actual harm. Of the thousands of computer viruses created each month, however, two or three can do serious harm. These are the ones that stop people in their tracks. They shut down systems, erase data--all that fun stuff.
Viruses, regardless of what they do, pose a threat to network security. It is in techies' 10 commandments to ferret out computer viruses wherever they exist and to establish network stability in all corners of the virtual workspace.
However, as any IT guy will tell you, the idea that viruses enter computer networks via ninja super hackers (or any incarnation of cyberpunk fantasy) is untrue. By and by, we infect ourselves. Viruses mainly spread by people clicking links.
You see, computer makers aren't total morons. Machines are created to maintain basic information sovereignty. We aren't in the age of the government having control over our machines just yet (though that's coming). So, for an outsider to access your machine, you either have to leave it unprotected, or you have to choose to run a program on your machine that unlocks your protection.
Koobface operates like most computer viruses. Messages are sent out (in this case, tweets, Facebook or MySpace messages) to random people, asking them to click on a link. If you choose to click on that link, and then choose to run an "upgrade" to your video player, you infect yourself. Once infected, Koobface sends itself out now through your account.
It's very much like an actual house. Leave the door unlocked, or open a ground floor window and put out a sign that you've done so, and you might get robbed. It's also very much like catching a cold. Don't wash your hands, or make out with sick people, and you might catch the cold.
What steams my trousers is when viruses are used as the reason to keep us out of the social-mediasphere. For leaders and IT managers, banning social media is "safer" (i.e. easier). And I agree, it is "safer" for networks to limit traffic, just like establishing curfews in war-torn regions is "safer." Searching every vehicle that pulls up to an airport is "safer."
But at what cost?
Social media is how I communicate. It is how the president wants me to communicate. It is how the secretary of defense wants me to communicate. It is how the chairman of the joint chiefs, the secretaries of the branches, the chiefs of staff and large swaths of commanders want me to communicate. It is the evolution of communication. Faster, fitter, more productive, free, easy and beneficial.
Policy makers who ban social media because of the threat of viruses make no sense to me. Are we still in the era of burning towns to stop the plague? Do we ban cars when a teenager drives drunk? Do we ban computers when someone writes a computer virus?
No. We continue the eternal better mousetrap/better mouse game. We improve hygiene; we pass laws and enact training; we improve our firewalls.
The reason we all get six dozen daily emails saying we've won tens of millions of dollars in Kenyan lotteries is because people keep answering the emails. The reason we keep getting mountains of junk mail is because people still respond. The reason chain letters from the 60s keep showing up as FWD: YOU MUST READ THIS!!!11!!" emails is because people keep forwarding them. The reason computer viruses are written to spread via user-initiated clicks is because people still voluntarily infect themselves.
But instead of chopping off my arm, how about we heal the wound, doc? Don't cut me off from the social-mediasphere because jerks blindly click links from untrusted sources. Figure it out, policy makers. That's why policy makers make mountains more money than I do. Hell, any of us could have come up with the "shut down everything" solution and saved a lot of money.
It reminds me of my time at college. I went to a bible college that had a lot of social rules--no drinking, no dancing, no secular music, no cursing, no public displays of affection, curfews, mandatory chapel service. You see, it's far easier to shut something down because of the "threat" of something (don't know where dancing might lead...better ban it outright; don't know where hand-holding or kissing might lead, better ban it). But that's no way to live. Sure it's harder to teach someone to use something correctly--teach him or her to fish rather than just throwing one to them, but that's not a permanent solution.
Social media is the new communication paradigm. We should stop running away from it at the first clap of thunder. Threats and risk shouldn't lead us to catatonic inaction.
If the president left his travel agenda scheduling up to the Secret Service, he'd never leave the White House bunker ("Safer" is easier.). If an aircraft's flight status was left up to the mechanic, it would never leave the hanger (Why risk the wear and tear? More work). Likewise, IT shouldn't just say why we can't do something, but should do more working with leadership to figure out how to balance risk and operation.