Sometimes smart network engineers can be too smart for their own good Back in 1999, when the Melissa virus hit the Net, I was working as a network engineer for the Controller’s office of a large western state. We got hit hard by Melissa. As you may remember, Melissa was a mass-mailing macro virus that crashed e-mail servers and sent out copies of infected Word documents — sometimes confidential ones. Now and then it even changed document/image files to something else, ruining data in the process. We had virus protection running on the servers and workstations, but it took a while before our anti-virus vendor issued an update to block Melissa and a utility to get it off the infected computers. But eventually we updated the protection software and cleaned up the Melissa-fied machines.We still had a problem, though. The office had a number of mobile laptops in the field, and many of our remote users had no idea how to update their virus protection software — or even why they should. No matter how carefully we swatted Melissa, every traveling machine was a potential threat.The woman in charge of remote operations asked me to come up with a surefire, idiotproof way for her field workers to disinfect their laptops themselves, before they got near the office network. Just as important, she asked me to develop a way to verify that the computers were, in fact, free of the virus before they jacked into that network. For starters, I wrote a script that fit on a floppy, along with all the software needed to update the anti-virus profile and remove the virus if the laptop was infected. Now I needed a way to make sure that the user had completed the process successfully.The simplest way to do that, I thought, would be to put an infected Word document on the disk in a file called I_AM_THE_VIRUS-DO_NOT_RUN_ME.doc. Then I wrote a batch file that would try to copy the infected file to the hard drive. When the correct anti-virus signature was in place, the anti-viral software would not allow you to copy the file, in which case my batch file would send you a message saying, “Congratulations, this computer is Melissa-free.” If the copy succeeded, no harm would be done because the user would not actually be opening the file — and the batch file would send a message saying, “DANGER! DANGER! YOU MUST DISINFECT THIS COMPUTER IMMEDIATELY.”I demonstrated the batch file for the head of the remote section and explained precisely how it worked. I mean precisely. She swore that she understood completely and agreed that my virus-copying routine would be a perfect test. The next morning she mailed out the disks. One week later I found myself in a meeting room being ripped apart for putting that virus file on the disk. Apparently, at least two-thirds of the remote users had somehow managed to copy and open the infected file, thereby infecting scores of other laptops and even a few servers. The head of remote operations no longer remembered having any conversation with me. My boss thought I was a total jerk. Maybe he was right.I learned several lessons from this debacle. One, don’t assume end-users will follow instructions unless you’re there to make sure they do. And two, Murphy is perfectly capable of making things go wrong without additional help from you. Or me. SecurityMalware