But these are just analogies. You really can’t take them to far without looking the fool.
A great example is this article claiming that since computer viruses are a disease, the government should treat them that way with something like the CDC. The CDC, the “Centers for Disease Control”, is the government agency that decides what’s in the yearly flu vaccine, or prevents the next ebola oubreak.
But viruses are not really diseases. Extending the simple analogy doesn’t work.
Cyber viruses likewise are just code that hijacks the computer to produce more copies of itself, which it sends to other computers.
Or at least, they did in the past. The most dangerous modern “viruses” (aka. “malware”) no longer replicate themselves. Modern networks have gotten good at detecting something that is replicating and stopping it.
Instead, modern computer viruses are targeted. A hacker picks a victim, scopes the defenses (such as which anti-virus product they use), then designs a virus to evade those defenses. The hacker then sends a “phishing” e-mail to everyone in the company, such as pretending to be from the IT department telling people to download and run that software. The hacker gets in, steals the information he wants, and gets out, sometimes removing the computer virus as he leaves.
According to Verizon’s latest data breach analysis, 97% of serious virus infections are of this targeted type. This is what happened in the “Aurora” attacks. Chinese hackers (or so Google claims) broke into Google’s network using a custom, targeted virus, and stole a lot of Google’s secrets.
The failure of the “free market” anti-virus companies is not a failure of the “free market” (as the left-leaning author of the above article suggests), but a failure of the analogy. When viruses mindlessly replicate, it’s easy for the CDC (or anti-virus companies) to get a sample and create a vaccine. When they don’t, when they are targeted, the CDC (or anti-virus companies) will never get a sample, and won’t be able to create a defense or “wipe it out”.
There are ways of solving the virus problem, but it means treating the technical problem, not the metaphor.
A good example is what Apple does with the iPhone and what it’s trying to do with their latest operating system, Mac OS X (Lion). You can’t download any arbitrary software on your iPhone. Instead, you can only install those applications that Apple allows you to. Apple’s competitor, Android phones, behaves differently, allowing users to install any software they want. The consequence is that Apple’s iPhones are largely free of hostile “viruses”, but “viruses” plague Android phones.
Apple hopes to do the same with their desktop computers. Their “Lion” release of Mac OS X has an app store feature similar to the phone. You can still download arbitrary software from other sources, but you can be more assured that software downloaded from their app store isn’t a virus.
But there are some people who don’t like Apple’s 1984 Orwellian future, where Apple controls everything you do. One cyber activist claims that he won’t make the switch to Lion, and will instead switch to Linux.
It’s not just fools outside the computer industry that take analogies too far, but also people who should know better.
cyber weapons arms control treaty. Again, a “cyber weapon” is just an analogy, one worse than a “cyber virus”. The true threat in a “cyber war” isn’t from nation-states like China, but from their people. China promotes an intense nationalism among their people, who see the United States as their primary adversary (although not necessarily enemy). This causes millions of Chinese teenagers to try hacking into American computers. They do so without any particular weapon, but by typing things like SQL injection into the browser.
Hacking isn’t about the “weapons” or tools that hackers use. It’s what goes on in their heads. It’s like how a single unarmed Navy SEAL is more dangerous than 10 armed soldiers of most of the world’s armies.
The answer is “no”, the analogy doesn’t work. The safety threat to cars are those things that happen by accident. The security threat for computers are those things that happen on purpose, caused by sentient beings.
The better analogy is the government telling manufacturers to recall cars because people can slash tires, cut brake lines, or smash windows by throwing rocks from the overpass onto the freeway.
You phrase it better than me "use analogies to make points not policy".
Calling them "computer STDs" is a more apt analogy than "computer viruses". It better reflects what's really happening. In much the same way men won't wear a condom "just this once" because "she looks clean" is the same decision making when running software from a phishing e-mail.