Filed Under (Editorial) by dw on 22-10-2010

This is not a warning about a virus on Facebook or Twitter, but a disturbing tendency in South Africa of a legal nature:

You would assume that your Twitter or Facebook profile is your own personal business and that you can share your feelings openly here with your friends. However, you should be very careful what you say on your social network profiles, as it could have unexpected consequences.

Recently there have been a number of disciplinary cases against employees [but not within the university…yet!] who made negative comments about their employers on Facebook and Twitter, because they assumed that the use of social media was a private affair.

Hanno Bucksteg, litigant of Solidarity Legal Services, says employees have a fiduciary duty towards their employers, which means that an employee must protect the interests of their employer. “If an employee writes insulting pieces about the employer or publishes information that is the employer’s own, including trade secrets, the employee could face dismissal and/or the employer could obtain an interdict to stop such action.” He adds that this duty also means that an employee may not make false or derogatory claims about colleagues.

[This of course has a wider implication for students at the Health Sciences Faculty, with the minefield of medical ethics, patient-doctor confidentiality etc]

The publication of insulting or negative opinions on social media platforms ties in with slander and defamation. Facebook and Twitter users should be very careful with what they publish. An employee/student can deliver fair comment by reason of his right to freedom of speech, but this right should not be abused by divulging confidential information or making false claims which could be detrimental to the employer.

However, there is no need to close your social network profiles for fear of being dismissed. Making negative comments about your employer over the telephone can also land you in trouble. It is advisable to limit the use of social media at work, however. You do not necessarily want all your colleagues to know what goes on in your private life. You might publish information or photographs on you social network profiles that are not suitable for all your colleagues to see. Instead of befriending your colleagues on Facebook, create a professional presence on LinkedIn and invite your colleagues to join your professional network.

Social media could hold certain benefits for you in the labour market. Make sure that your professional viewpoints and principles come across clearly on your social network profiles and look professional. Many employers have a look at potential employees’ social network profiles or other information that is available on them on the Internet before inviting them for an interview.

Therefore, apart from not making negative comments and false claims about your employer, you should maintain a limited, secure and professional presence on the Internet.

Filed Under (Editorial, Reviews & Opinions) by dw on 14-10-2010

There’s One Born Every Minute – Or is There?

So why do people fall for these hoaxes? A lot of it goes back to the noble desire to help others. Who wouldn’t want to warn others about a disaster? And it’s so easy to send the warning to hundreds of people at one time: with just a click, you’ve saved your friends from a virus!

Another consideration is the uncertainty that people feel in dealing with computers. Look at the jdbgmgr.exe hoax, which is actually quite ingenious in its fashion. By asking users to confirm that the file is on their computer, it makes people feel like they are participating in their own computer security. Most computer users typically can’t “see” a virus, just the aftermath. This, coupled with the anxiety many people feel about their computers — these large, complicated machines that they really don’t understand — leads to a feeling of certainty when the jdbgmgr.exe file is found on their machines. “Aha!” they think, “Caught one! And there’s the proof — right in front of my eyes!”

It’s funny, but most people would never fall for such a trick in real life. Let’s say I walked up to the same people that fell for the jdbgmgr.exe trick and said, “There are terrorists in this neighborhood. If you see a man in a black hat, call the police, because he’s a terrorist!” Minutes later, a man in a black hat walks by. Would these people call the police? Probably not. They would use their common-sense, their experience of the normal everyday rhythms of life, to judge whether or not someone is a threat.

Computers, however, are the equivalent of a foreign country for many people. When someone is in a country with which they are not familiar, perhaps feeling anxiety because they don’t understand the language (“nth-complexity infinite binary loop”, anyone?), they are more likely to grab onto signposts that will help them. In such a situation, they might be far more likely to fall for my false warning about terrorists.

And if the warning came not from a stranger, but from a friend or acquaintance, as happened when jdbgmgr.exe warnings arrived in email inboxes, then the likelihood of falling victim to a hoax skyrockets. After all, in a foreign country, isn’t the sight of a fellow countryperson always welcome?

Another reason people fall for hoaxes is because they know that anti-virus programs, unfortunately, do not always work. Many viruses spread so quickly that they overwhelm users before anti-virus vendors can update their software. The “Melissa” and “I love you” viruses are good examples of this phenomena. So when users “see” — or think they see, a la jdbgmgr.exe — evidence of the “virus” on their computers, but their anti-virus software says there is no virus, many users are going to believe their eyes and not their software.

Even worse, many users pay no attention to the neccessity of updating their anti-virus software. I have seen office computers with anti-virus databases that are years out of date. When I ask these users why they haven’t updated their software, they typically respond with a blank stare and a plaintive but accurate excuse: “I didn’t know I needed to do that.”

Not Just Harmless Fun – The Real Dangers of Hoaxes

Virus hoaxes are not real viruses, by definition, but that doesn’t mean they don’t have negative effects. In fact, virus hoaxes can be quite damaging in a number of different ways.

First, it is quite possible that a hoax may end up damaging your computer. The email itself won’t have caused the damage. Instead, the email will have convinced you to damage your own computer, as my story about the the jdbgmgr.exe email demonstrates. The folks  responding to the hoax were ready to remove files from their computer that they in fact did not need to remove. They were fortunate that they really didn’t need the file in question, but what about next time? What if the hoax author had more malicious intentions and had instructed gullible recipients to remove a key system file or directory?

Second, a virus hoax results in a waste of resources. The victim wastes valuable time dealing with garbage, and time, after all, is money. People sending the message to friends, family, and colleagues waste bandwidth on the Internet and mail servers. Since these emails usually arrive chock-full of email addresses in the “To” and “CC” fields, spammers treat such warnings as a free gift full of new, valid email addresses they can exploit, further compounding the problem of wasted resources. So remember: if you forward that virus warning, you’ve just multiplied all of the losses above to include everyone else in your address book.

A virus hoax can damage your reputation, or at least make you the butt of jokes. When I receive an email from an acquaintance warning me about jdbgmgr.exe and its dangers, I just shake my head and think “Newbie!” … before I help them. If you forward that email along to 100 folks thinking you’ve done your duty, you’re going to feel pretty sheepish having to send another email letting them know you just made a foolish mistake — and a mistake that could have been prevented with just a little bit of checking on your part first.

Finally, virus hoaxes can have a corrosive effect on security. How? Consider the story of the boy who cried wolf. Similarly, virus hoaxes can undermine the attention that end users pay to rigorous security measures. As a result, users may fall into lax security habits, underestimating the dangers of real viruses because of the frequency of false alarms represented by hoaxes.

By Scott Granneman of Symantec