What do computer viruses and science fiction have in common?

Answer: my recent columns on these two topics both generated lively Forum discussions on InfoWorld Electric. So here’s Round 2 on these subjects, based on the Forum discussions.
My column asking whether the risk of computer viruses was overstated created something of a stir in the Forums. Most participants fell into two camps: those who had dealt with viral infections (I’m wrong) and those who hadn’t (I’m right).

Among the anecdotes, two insights stood out:

Insight #1: Distributed object technologies will create a mess. Traditional computing platforms separate data and executable code, so viruses can only hide in a few, easy-to-detect locations. For the most part you’re safe if you never boot off floppies and avoid downloading executables.

Now we have objects and Objects. (The former are object-like but don’t satisfy the purist’s definition.) The MS Word macro viruses are a pernicious form of object virus, and you ain’t seen nuthin’ yet. From a security perspective the startup macro is an awful feature to build into a word processor or spreadsheet. Every reader of this column should send a letter to Microsoft asking for an installation option on Microsoft Office that disables startup macros for Word and Excel.

True Objects – downloadable Java applets, ActiveX controls, CORBA-compliant code – are worse. It’s as if we had invented metabolism but not antibodies. This is a messy subject. It’s going to take a lot of exploration to fully understand. Right now, all I know for sure is that the situation has the potential to become big-time ugly.

Insight #2: Viruses aren’t that serious a threat because we view them as a serious threat. Translation: virus hype is a self-preventing prophesy.

The whole idea of self-preventing prophesies is an important one. How often have we scoffed at a prophet of doom when doom didn’t come? In the case of viruses, one reason they don’t cause all that much data loss may be because most of us, listening to the hype, have implemented prudent precautions.

Good point. I stand corrected (I think).

David Brin, who writes really good science fiction, wrote an essay describing the idea of self-preventing prophesies. Nuclear war may be one of them. In the ’50s and ’60s, plenty of authors depicted nuclear devastation and post-apocalyptic societies. Their stories strongly influenced society’s perception of nuclear war, which in turn curbed the worst tendencies of those in a position to start one.

Which brings us to reader reaction to my column on science fiction as a better, cheaper alternative to hiring an expensive futurist.

The Forum discussion on the subject was simply huge. A disproportionate number of you, like me, read a lot of science fiction, and it had a powerful influence on our later career decisions.

InfoWorld’s readers are the greatest. D. W. Miller (I infer from the e-mail address), remembered the story describing wearable computers – “Delay in Transit,” by F. L. Wallace, originally published in Galaxy back in ’54, and reprinted in an anthology called Bodyguard in 1960. The computer was implanted, not worn. Not bad for 42 years ago. Miller points out that the computer’s name, “DiManche”, accurately predicted another future technology trend – the capitalization of internal letters in product names.

Michael Croft was the first of several readers to remind me that the series introducing the “replicator” concept was collected in an anthology called The Complete Venus Equilateral, by George O. Smith, published in the 1940s. Think about this: 50 years ago, a science fiction writer discussed the creation of a service economy out of the ruins of one based on manufacturing.

Charles Van Doren has pointed out that post-renaissance society is the first in the history to embrace the concept of progress – that the world can improve. Many of us, having grown up on science fiction, embrace that idea (which, of course, is why we always buy the next software release).

Every silver lining has a cloud inside it.

Journalists and professional marketers know that if all the statistics in the universe were piled in a stack, the whole awesome mass of them would lack the persuasive punch of a single anecdote. Why? Because most people, for most issues, make decisions emotionally and use logic to justify their emotional decision.

Anecdotes appeal to the emotions. Statistics appeal to reason. It’s not a fair fight.

Think about your organizational rival in the next cubicle. He picked the help desk problem tracking system your organization uses, and it’s a disaster. And the clod chose it because the sales rep happened to be pretty, and he’s having marital problems. If he’d looked at the performance statistics, industry ratings, and other objective facts instead, he wouldn’t have made such a bad choice.

We all know of stories like this, and they prove my point, don’t they?

Actually, they don’t. I just used an anecdote to “prove” my point. I haven’t proven anything. If I’d said, “The Farfinkel Institute just released a study showing that 74% of all product decisions do not include a fact-gathering phase,” I’d have proved my point (or the Farfinkel Institute would have proven it). Of course, you’d have fallen asleep in the middle of my explanation.

Next time you listen to a political debate, keep your anecdote-detectors on full scan. No matter what the issue, you’re more likely to hear illustrative stories than statistical facts in our marketing-driven policy dialogs.

Yes, I know what Mark Twain said about lies, damned lies and statistics. Yes, people can contrive misleading statistics. That’s nothing compared to their ability to script tailored anecdotes. Think of it this way: an anecdote is just a statistic with a sample size of one. You can “prove” anything at all that way.

We fall for this stuff all the time. Want an example? How much time, energy, and budget have you expended on disaster recovery planning and virus protection? Compare that to the time, energy and budget you’ve spent researching hardware design problems and software bugs, in implementing preventive maintenance problems, and in instituting administrative quality assurance programs.

Pause to reflect on this question before continuing. Then consider the following two items:

Item #1: Ontrack Data Recovery (the gods of pulling data off of trashed hard drives) recently published a study attributing 44% of all problems to hardware problems, 32% to system administration mistakes, 14% to software bugs, and 7% to computer viruses, and 3% to natural disasters. (Reported by Investors Business Daily, 9/18/96, summarized in Edupage.)

Item #2: In a recent editorial, BugNet (www.bugnet.com), made a similar point, demonstrating that problems from software bugs are 100 times more prevalent than problems from viruses.

(Why the discrepancy between the two reports? Ontrack only counted episodes leading to data loss, while BugNet tallied all problems.)

Do these two items lead you to think your efforts may be misplaced? Good. Without a doubt, computer viruses have been overhyped as a threat. They’re characterized as digital AIDS or Ebola, when in fact, as with biological viruses, most cause minor, annoying symptoms – computer colds and flu.

(These statistics, of course, don’t reveal the overall seriousness of the different threats. Natural disasters, for example, may only contribute to 3% of all episodes of data loss, but I’d bet they contribute to more business failures than all of the others put together. That makes business recovery planning worthwhile regardless of its statistical rank. Statistics devised by other people often won’t serve your purposes, which was Mark Twain’s point.)

Don’t fall for manipulative opinion-shapers who use story-telling as a substitute for facts. On the other hand, when you’re trying to persuade, make sure you do illustrate your points with examples that add some punch to your dry statistics. You need to engage both halves of your audience’s brain. That’s a matter of clarity, not distortion.