Marsha Walton: A cyber-can of worms

(CNN) -- A e-mail worm called "Code Red" launched a denial of service attack on the White House Web site this week, and CNN's Marsha Walton discusses the severity of this computer bug and how users can protect themselves.

Q: Why is there no cause for panic, as the story says?

Walton: First, a patch, or a fix for this problem is readily available from Microsoft, from a number of commercial anti-virus companies, or from CERT, which is a global clearinghouse for information about computer intrusions based at Carnegie Mellon University in Pittsburgh.

Second, this particular virus only affects Web servers running a particular configuration of Windows. So it is for the most part larger businesses and government agencies whose computer security folks are, or should be, aware of worm and virus launches. It is not something that average consumer or smaller businesses would be dealing with.

MORE STORIES Two computer viruses making rounds

Q: Why is this news, if the "Code Red" worm is nowhere near legendary predecessors like the "Melissa" virus and the "ILOVEYOU" worm?

Walton: Many virus writers know how to hype things, know how to "socially engineer" their projects to get the media's attention. Why did everyone jump on this? Because it targeted the White House Web site! Was it secure? Did ugly and obscene pictures replace the staid presidential Web site? No! But they made us look!

While Code Red does have a destructive capability, it is not actively wiping out databases or corrupting files. The problems most of those infected have reported are slowdowns or instability in their systems.

Q: How common are worms and viruses?

Walton: There are literally thousands of worms and viruses. The vast majority are completely harmless. Most never make it "into the wild," meaning they are moving through computer networks and the Internet. Many are simply sent to anti-virus companies as a sort of proof of performance, "look what I have created" by the virus writers.

There are also hundreds of "virus hoaxes" out there, some with shelf lives of years. If you get an e-mail from a friend of a friend's brother in law, warning that your hard drive could be wiped out if you do x, y, or z, do a little investigating. Some people have way too much free time on their computers and these hoaxes appear again and again, wasting everyone's time.

Q: Why is this worm called "Code Red"?

Walton: There are two theories. A company that did an early analysis of the virus, eEYE Digital Security, reports its security experts were drinking a kind of Mountain Dew soda called Code Red while they were investigating the virus, into the wee hours of the morning.

The other possibility is that some Chinese hackers are claiming credit for the intrusion.

One of the ways some Web pages have been defaced by displaying the message:

"Welcome to http://www.worm.com! Hacked by Chinese!"

Q: We periodically hear dramatic stories about hacking etc. Are authorities and computer companies making strides to developing ways to stop hacking? Or, will these hacking coughs always be with us?

Walton: Things will get worse before they get better. Systems administrators, the people who are responsible for security, are inundated with the need to "plug the holes" in software. Vulnerabilities are found every day, and the only thing they can do is react to the next threat, and the next, and the next.

There is now a growing rumbling among computer security experts that something dramatic will have to change all that. Some company, somewhere, will lose so much money because a piece of crucial software was shoddy, that liability lawsuits will force software makers to be responsible for their products. In a few years, they say, "network security insurance" will be as important to a company as fire or theft or health insurance.

Till then, expect a constant drip, drip, drip of worms and viruses and trojan horses that are expensive, and irritating, and time consuming to the people who run business computers.

Q: How can consumers be on guard and be prepared to thwart this kind of problem?

Walton: Assume nothing, and trust no one. Don't be tempted to open an unknown e-mail just because the title line has something tantalizing like "naked pictures" or "Anna Kournikova" or "ILOVEYOU." Do you know who it's from? No? Then DELETE IT! Don't open unknown attachments! That's one of the easiest ways viruses spread. And just because your computer came with an anti-virus protection, doesn't mean you are clear. Update anti-virus protection often on your home computer, even once a week is not out of the question.