The Internet did not end on Wednesday

I sat in my office on Wednesday waiting for the end of the Internet. It was April Fools Day, and the Conficker virus a.k.a. DownAdUp, was supposed to go live. So I sat here waiting. What was supposed to happen was that the virus would send out a message that it was ready go, and the evil geniuses behind this sinister plot would flick the switch, the virus would transform itself into a botnet, and chaos would ensue. Instead, I talked to contacts, called security companies, and monitored the web, which seemed to be doing just fine. The virus sent its message, but Dr Evil wasn't listening. In the end, nothing happened.

It was like someone had cancelled Christmas.

That's the problem with Internet villainy; it never happens when planned. Remember Y2K? How about the massive cyber attacks that where supposed to happen during the Beijing Olympics? Or the DNS cache-poisoning problem? Security companies had predicted that these none-events were supposed to cause anything from global Armageddon to a massive cyber war targeting our bank accounts.

Not everyone was completely irrational this time around. A couple of security experts said that conficker wouldn't cause an Internet meltdown. The most likely results would just be more spam - which can be dangerous to those of you who think that a Nigerian is trying to help you collect your surprise inheritance/lottery winnings/suspiciously unwarranted monetary windfall - but for those of us with anti-spam filters, this doesn't even rise to the level of nuisance.

The problem here is all this "crying wolf" just ends up tarring journalists and the security industry with the same brush. When - or if - the Conficker botnet does begin to operate, it's going to be harder to convince people of the danger.

I've even had some very intelligent people seriously question whether these "scares" were part of a giant conspiracy to sell more anti-virus software.

It's easy to believe, but it's dangerous too. Buying security software is a lot like buying insurance: you buy it hoping you never need it. But there is a distinct lack of direct evidence that really works to convince people that online security is increasingly important.

Making this problem worse is the tendency of companies, including banks, to hide the specifics behind cyber crimes. Just last year, banks around Dubai had their systems hacked. Customers had money siphoned from their accounts, and banks where forced to limit access to ATM machines. I was stranded in Budapest with no access to money because HSBC barred me from using my card at anything but an HSBC ATM.

At some point, companies and individuals are going to need to come forward and admit how much money they are losing. Otherwise, people are going to keep complaining that the security companies are using scare tactics, while the cyber criminals silently pick our pockets when we're not expecting it.