I've had these basic ideas on the back burner for some time now. Perhaps
writing about them will help clear things up -- for me anyway. The spreading
of virus hoaxes is like the spreading of computer viruses in some ways, with
differences of course. Virus hoaxes take advantage of the psychological
pre-conditions created by the existence of computer viruses -- many people
know of the dangers of CVs, may have had first-hand experience with the
damage they can do, and many people know that having a virus on your computer
is not a good thing. Virus hoaxes also take advantage of social ties, weak
through strong, between people, mediated by computer networks -- while
getting what i feel is robust data is not easy, we can look at the headers of
Judy's email to see WHO she has passed the hoax onto, and WHO was implicated
in sending it to her.
Beside people at Rutgers are us xmca'ers, and others who may be personal or
work relations. While this is rather anecdotal, I do have other email hoaxes
that have been sent to me, that, like many urban legends, include a long list
of forwarded addresses to trace back. The distinction with virus hoaxes,
however, is their nature of relational aggression. They are designed to
cause damage through social networks, in this case through the deletion of a
file. That is not to say that people passing them on are guilty of
relational aggression, but rather unknowing accomplices. The aggression
spreads from known person to known person, most often muliticast by the
sender, making the aggression grow in a manifold way. Strictly speaking the
aggression is not likely relational in origin, as the email may be "spoofed"
onto some mailing list, with participants that the VH designer does not know.
VHs prey upon social capital, and "trust" is a core and problematic concept.
First, most of us do not trust our computers. The complexity of the desktop
machine is far beyond most people's training. From the physics of the solid
state, through digital electronics, Boolean functions, machine code,
compilers, system and application software, and on top of all this, network
topologies and protocols, there is just too much to know. The damn things
crash, act funky, lose our information, refuse to do things we want them to,
become afflicted with gremlins and viruses, and worst of all, embarrass us.
I've worked in educational technology for more than a decade and NO ONE I
know tries to do a powerpoint presentation for a critical meeting. In part,
we have been conditioned to be distrustful of computer technology.
And we should be. Login passwords and information in email are most often
sent "in the clear", unencrypted. Next time you login to ebay, yahoo, or
order something over the web, check to see if the little padlock on your
browser is "locked". If not, your login or credit card data is being sent to
the remote computer in a form that is considered insecure. Secure logins use
SSL technology with 128 bit encryption, and the existence of secure logins is
testimony to the fact that they are needed. Modern network topology
broadcasts your information everywhere on your LAN (Local Area Network).
Anyone with listening software (packet sniffers) can recover your
information. For example, take a look at the following:
http://www.colasoft.com/products/capsa/
But then, we honor the relationships to people we know, and Judy's email is a
good example of that. Chances are that Judy's email was sent to her from
someone she "trusts" -- from Betty Deane. Deane quite possibly trusting
Carolyn Minor, the latter having been placed in a position of trust regarding
computer technology, hailing from an OIT. Judy's message to us is not in
relational aggression -- quite the opposite, meaning well, meaning to warn us
of another threat with these infernal general purpose computers that we do
NOT trust. THAT is what makes the design of the original aggression so
devious.
The dilemma we face is a contradiction in communications technology. The
very medium we are using to maintain our relations is being used to damage
those relations. It's an age old problem leading to the sciences,
mathematics, and technologies of cryptology and cryptography. The problem is
one of how you can trust the message you have received from someone. It's
compounded because, if the trust is broken several times, it leads to a
breakdown in relations. If Judy were to send more hoaxes, even in good
faith, we would begin to lose our confidence in the content of those
messages. Our social ties would be weakened (especially with Judy), our
social network would begin breaking down, and we would begin losing the
social capital we have been building.
The solution is also an age-old solution. One has to begin building a new
social capital, a new trusted social network. For us, it is one that knows
about viruses and their hoaxes, and has trusted resources at hand for
determining which is which. Part of that trusted social network is the habit
of checking resouces for the authenticity of CV and VH threats. I would like
to trust that threat warnings i receive here, on xmca, have been validated.
Here is my contribution:
http://www.lesley.edu/faculty/wbarowy/c7100/Security.html
Don't hesitate to check it -- evertime i teach the course, I update the
references.
bb
This archive was generated by hypermail 2b29 : Thu Jun 27 2002 - 08:02:50 PDT