Only a few months to go now. Dark clouds are brewing, Armageddon is approaching, and the four horsemen of the apocalypse are stocking up on carrots for Dobbin. You must have noticed. The warnings on television, in the newspapers, on the radio. The doom-mongers predicting riots in the streets. Y2K is almost here!
Is Y2K an anti-virus issue?
Well, yes and no. The Y2K problem is not a virus, it is a bug. Any system that contains date-related functions may be susceptible to problems as we enter the year 2000. The problem is caused if software stores the date as two digits (‘00’) rather than four (‘2000’).
One of the problems is that computers are no longer solely used by nerdy academics wearing sandals – it is possible to use computers with very little technical knowledge today. Trying to explain the Y2K problem to your Auntie Ethel on AOL can be quite a challenge.
So what does Y2K mean as far as viruses and anti-virus software are concerned? Firstly, Y2K is a great opportunity for corporate organizations to check how well they have rolled out their anti-virus software. Many companies have been visiting the desktops in their corporation checking for Millennium compliance. This opportunity can also be used to see whether the computers are running any anti-virus software and, of course, whether it is properly installed and, more importantly, up to date.
You should also determine whether your anti-virus software is Y2K-compliant. Your anti-virus vendor may not have placed information on their Web site, or you may need to ask them for a written statement. Remember that it may not just be the main scanner which has Y2K-related issues, but also the administration and scheduling tools.
Will viruses trigger on 1/1/2000?
Of course, there are viruses whose payloads trigger every day of the year. The first day of January is no different. There will almost certainly be viruses written to deliberately trigger on New Year’s Day, but their threat is no greater than any of the other 45,000 viruses in existence. In fact, perhaps it is lower because of the small number of people who will be at work on that day.
It is unlikely that there will be a flood of brand new viruses on 1 January 2000. Remember that viruses typically take some time to spread. Even the fastest spreading viruses like Melissa require a human element to help them on their way (users opening email, double-clicking on the attached document). Since most users will not be at work on that day, even an email-aware virus is unlikely to spread far.
How can viruses exploit Y2K?
Viruses may try to exploit the turn of the century as a means of spreading themselves. For example, remember there were viruses which joined in the 1999 New Year celebrations (Win32/Ska, also known as Happy99)? It is inevitable that some viruses will attempt to disguise themselves in programs, presenting themselves as New Year 2000 celebrations (in the form of screensavers, electronic greetings cards, etc).
It is all too easy to imagine. Your users receive an email telling them they have a chance to win a holiday in New Zealand to see in the next Millennium – just double-click on the attached document…
Viruses may also try to exploit the confusion surrounding the whole issue of Y2K. You can be certain that come the new year all computer problems will be blamed on the year 2000 bug – even if they have no connection with it at all. So, a virus might create confusion by displaying a Y2Korientated ‘error message’. For instance, a virus may display a dialog box saying ‘Program found not to be Y2K compliant. Process halted.’. This has the potential to create a considerable amount of confusion (especially in the more paranoid organizations).
Will AV companies protect you over the Y2K period?
Certainly, the company I work for is planning to have a support team available as usual, 24 hours a day, with the ability to add protection against new viruses if the need should arise. I imagine other anti-virus companies are taking similar steps to reassure their customer base.
It is important to remember that the Y2K issue is just a bug present in some software systems. Unfortunately, the difficulty in determining which systems the bug may be present in has made the problem a considerable one for industry to handle effectively.
Ironically, some viruses may themselves be affected by Y2K problems. As we know, many virus authors are less than concerned with code quality, and there are still many viruses which remain in the wild from the early 1990s (before Y2K became a pressing issue). It seems inevitable that some viruses will stop working as originally planned come the next Millennium.
This article first appeared in the October 1999 edition of “Virus Bulletin”