Y2K - predictions and experiences
Security Information Week 1, 2000
It seems appropriate to use the Security Information for the first week in the new year to look back on what happened during the change of the millennium. Was the predictions correct compared to what really happened?
In short: Fortunately, a lot of the predictions turned out to be incorrect, and much too pessimistic.
The potential problems about the change of the millennium may be divided into two different categories.
The two digits problem
The first - and the one which were prepared for several years in advance - had to do with the computer software and hardware. Was this Y2K compatible; i.e. would special problems arise as a result of the fact that the year turned from 1999 to 2000. The main reason why this was an issue has to do with programming in "older days", when storage capacity was a bigger issue than now. Some older programs used only two digits in the year, which might cause problems in some applications, e.g. banking and insurance. Billions of dollars (or any other currency) were used to solve this problem, and it turned out that only minor problems occurred when the new year arrived. It is an interesting fact though, that even in countries which did not use a huge amount of money to prepare for this, the problems were minor.
The launch of malicious programs
Another potential problem which did not get as much attention before that last half of 1999, was computer viruses and other malicious programs aimed at the change of the millennium.
Some predictions said that there were going to be an enormous launch of such programs, so many that the antivirus companies were going to be overwhelmed and unable to provide sufficient protection. One of the spokesmen from an antivirus vendor warned that it could be that 200.000 new viruses came around before and during the start of the new year. An amazing prediction, especially compared by the fact that the total amount of known viruses in December 1999 was around 40.000.
Some of the antivirus companies were more sober in this matter. Norman's Security Information for week 37/1999 said that at that point in time, there were no indications about any particular virus activity around the turn of the century. Sophos is an advocate for the same view in an excellent white paper from October 1999.
In an interview with the Norwegian Internet magazine Nettavisen 28 December (note: hyperlink in Norwegian) Normans' Senior Vice President, Jan Kristensen, warned against panic around the change of the millennium. He said that virus hoaxes might be as big a problem as the real viruses, and that private persons should be safe if they had updated virus detection files and used common sense.
The media, however, in general were part of those who predicted major problems with malicious programs aimed at the beginning of this year.
As you know, there were no particular problems in this area. In fact, the days before 1 January 2000 had less activity with respect to malicious problems than what is normal.
This of course does not mean that malicious programs are not a problem. It means that the fight against malicious programs are a continuous process The antivirus vendors who have to update the virus detection files on a continuous basis and the computer users have to be certain that the antivirus software is updated by the latest files all the time - throughout the year.
Per Olav Førland
