Risks, Threats, and Vaccines

One of the most common tasks you’ll perform in life is a risk analysis. You may not realize you’re doing this, but it’s happening nonetheless. Do I drink the odd smelling milk I found in the fridge, or do I throw it out? Do I leave my coat at home today and hope that it doesn’t get too cold? Do I exceed the speed limit because I’m late for work, or do I risk my boss being upset with me? All day, every day, risk analysis is a constant.

If you’re reading this in the now time, you’re likely aware of the ongoing SARS-CoV-2 global pandemic. If you’re in the tomorrow time, I trust things have worked out and we’ve finally been able to handle the situation. Regardless, risk analysis is being performed on the world stage by leaders, medical professionals, and average folk, as it pertains to the virus that has affected our lives. Should I go out today? Should I wear a mask? Should I get vaccinated?

Risk analysis is part of a wider field known as Risk Management. According to Wikipedia, “Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.” Or, to put it more simply, identifying the risks and dealing with them accordingly.

When it comes to something like the current pandemic, risk management can literally mean a choice between life and death. If you choose to spend time with someone infected by the virus, you are significantly increasing your risk of catching the virus. And it follows that catching the virus significantly increases your risk of your body developing the disease caused by the virus which can then lead, potentially, to death. Not everyone, but often enough that everyone should be thinking seriously about what it means to contract this disease.

Analyzing the potential outcomes at the extreme end of the chain allows us to work backwards and potentially change behaviors that can lead to undesired outcomes. For instance, if you’re interested in prolonging your life, avoiding situations that can lead to being exposed to the virus is desired. You can simply lock yourself in a basement and wait patiently until the virus has either died out or a perfect cure has been developed.

When making decisions based on risk analysis, those decisions often lead to other potential risks. Hiding in your basement may keep you safe from the virus, but now you have a risk of running out of food. You can reduce the starvation risk by obtaining food, but that increases the risk of being exposed to the virus. And on and on it goes. Decisions made as a result of risk analysis are often a balancing act. Sometimes you have to make a decision to increase a risk to reduce another.

Wearing masks, washing your hands, social distancing, and getting a vaccine are all things that reduce the risk of contracting the virus. None of these is a perfect solution and none are guaranteed to prevent you from being infected, but together they can provide an extremely high level of safety.

Vaccines, in particular, are often misunderstood. There are a wide variety of reasons that people don’t want to get vaccinated. Some people believe that vaccines aren’t safe and can cause more problems than they solve. Some believe that vaccines don’t work. Some have religious or political opposition to them.

The fact is, however, that vaccines do work and the evidence is out there. Vaccines are why diseases such as smallpox and polio aren’t around anymore. As with most things, there are also incidents where vaccines cause side effects. Some side effects are fairly mild such as soreness, mild fever, and fatigue. More severe side effects such as shortness of breath, rash, and elevated heartbeat are possible, but extremely rare, occurring for approximately 1 in a million patients. Vaccines were also thought to be linked to Autism, but this has been thoroughly debunked and the doctor responsible for the paper has had his license revoked by England’s General Medical Council, the organization responsible for licensing doctors in the UK.

Much of the confusion about vaccines, though, seem to be in how they work. For instance, an excuse for not getting a flu vaccine that I’ve often heard is that despite getting the vaccine, the recipient contracted the flu anyway. This is definitely possible, but likely not what happened.

Vaccines work by providing the immune system with a template of what to protect against. In the case of the flu vaccine, an inactivated virus is injected into the patient and the immune system builds the necessary defense to the virus. This process often includes an inflammatory response which can manifest as common symptoms of the virus you’ve been inoculated against. This can be unpleasant, but is generally much milder than being infected with the virus itself.

Another possibility for our flu vaccine recipient is that they did, in fact, contract the flu, but a different strain of the flu than the vaccine was designed to protect against. The flu virus mutates from year to year and vaccines are developed to protect against the strains that are expected to be prevalent during flu season. Because the vaccine takes 5-6 months to manufacture, vaccine manufacturers have to guess which strains they’ll need to protect against. It is, of course, an educated guess based on history and sampling done throughout the year. Historically, the flu vaccine has been quite effective.

And finally, it’s also possible the recipient was infected by one of the strains that the vaccine was supposed to protect against. It is a common misconception that receiving a vaccine is a guarantee against contracting the virus it was created for. Flu vaccines generally have an efficacy of 40-60%. That is, if you receive the vaccine, you have a 40-60% chance of not contracting the virus. So you may ask, if the vaccine isn’t guaranteed to protect you, why get one? Well, to put it simply, if you are exposed to an infectious dose of the virus and you have received the vaccine, you only have a 40-60% change of being infected. If you haven’t received the vaccine, you have a nearly 100% chance of being infected.

Further, if a vaccinated person does contract the virus, the severity of the illness is significantly reduced. So yes, you can still get the flu, but it won’t be as severe as it would have been if you didn’t get it. And, it often reduces the chance you will pass the disease onto someone else.

So, back to our risk analysis. If a vaccine is available for a given virus, should you get it? Given the reasonably low risk of severe side effects, the answer is almost always yes. If you suffer from conditions, such as being immunocompromised, that may increase the risk of receiving a vaccine, you need to add that risk into the equation as well. For the current SARS-CoV-2 pandemic, the new mRNA vaccines are considered to be safe for immunocompromised people because there is no live virus in the vaccine. Instead, it uses smaller RNA strands which are used to build immunity against the virus. Similarly, it appears, based on current evidence, that these vaccines are safe for people with autoimmune diseases.

To conclude, social distancing, washing your hands, wearing masks, and getting vaccinated are all ways to reduce the risk of being infected by the pandemic virus as well as reducing the risk of passing it on to someone else. For myself and my family, we practice these on a daily basis and will be vaccinated at the earliest possible convenience. We do this not only for us, but for those around us. Please, join us, analyze the risk to yourself and others and make an informed, responsible decision.

Digital Armageddon

April 1, 2009. The major media outlets are all over this one. Digital Armageddon. The end of computing as we know it. Again. But is it? Should we all just “Chill Out?”

So what happens April 1, 2009? Well, Conficker activates. Well, sort of. It activates the latest revision of its auto-update algorithm, switching the number of domains it can find updates on from 250 per day to 50,000 per day. Conficker, in its current form, isn’t really malicious beyond techniques to prevent detection. In order to become malicious, it will need to download an update to the base code.

There are two methods by which Conficker will update its base code. The first method is to download the code via a connection to one of the 50,000 domains it generates. However, it does not scan all 50,000 domains at once. Instead, it creates a random list of 500 of the 50,000 generated domains and scans them for an update. If no update is found, Conficker sleeps for 24 hours and starts over by generating a new list of 50,000 domains, randomly picking 500, and contacting them for an update. The overall result of this is that it becomes nearly impossible to block all of the generated domains, increasing the likelyhood that an update will get through. On the flip side, this process appears that it would result in a very slow spread of updates. It can easily take days, weeks, or months for a single machine to finally stumble upon a live domain.

The second method is to download the code via a peer-to-peer connection between infected hosts. As I understand it, the peer-to-peer mechanism has been active since revision C of Conficker has been in the wild. This mechanism allows an update to spread from system to system in a very rapid manner. Additionally, based on how the peer-to-peer mechanism works, it appears that blocking it is difficult, at best.

So what is the risk here? Seriously, is my computer destined to become a molten heap of slag, a spam factory, or possibly a zombie soldier in a botnet attack against foreign governments? Is all hope lost? Oh my , are we all going to die!

For the love of all things digital, pull it together! It’s not as bad as it looks! First off all, if you consistently update your machines and keep your anti-virus up to date, chances of you being infected are very low. If you don’t keep up to date, then perhaps you should start. At any rate, fire up a web browser and search for a Conficker scanner. Most of the major anti-virus vendors have one. Make sure you’re familiar with the company you’re downloading the scanner from, though, a large number of scam sites have popped up since Conficker hit the mainstream media.

If you’re a network admin, you have a bigger job. First, I’d recommend any windows machines you are responsible for are patched. Yes, that includes those machines on that private network that is oh-so impossible to get to. Conficker can spread via samba shares and USB keys as well. Next, try scanning your network for infections. There are a number of Conficker scanners out there now thanks to the Honeynet Project and Dan Kaminsky. I have personally used both the proof-of-concept python scanner, as well as the latest version of nmap.

If you’re using nmap, the following command line works quite well and is incredibly fast :

nmap -sC –script=smb-check-vulns –script-args=safe=1 -p139,445 \
-d -PN -n -T4 –min-hostgroup 256 –min-parallelism 64 \
-oA conficker_scan

Finally, as a network admin, you should probably have some sort of Intrusion Detection System (IDS) in place. Snort is an open source IDS that works quite well and has a large community following. IDS signatures exist to detect all known variants of Conficker.

So calm down, take a deep breath, and don’t worry. I find it extremely unlikely that April 1 will result in anything more than a blip in network activity. Instead, concentrate on detection and patching. Conficker isn’t Skynet…. Yet.