First, a little background for anyone who's not familiar with the story, then I'll get to my point:
In case you haven't heard of it, there's a pretty interesting virus hoax being propagated via email across the United States right now, and it seems to have reached epic proportions. The hoax is a "warning" about a virus which is supposedly being transmitted via email and is a program called "SULFNBK.exe." Those who receive the warning are urged to search their systems for the file and delete it if found, lest they suffer untold consequences. I first heard about this on Tuesday, when someone forwarded the warning to me, and (being the suspicious bastard that I am when it comes to things people say in forwarded emails) I did a little investigating, and found out pretty easily that it was a hoax. The best source of information I found was a write-up on Symantec's website containing the original text of the email, info on the hoax, and instructions in case you deleted the file (it's a Windows utility, not a virus, so most people who deleted it probably want it back). I didn't think much of it until I noticed that the hoax had achieved such notoriety that it made CNET's front page (the article is here on CNET but the page has bugs), and that's when I started thinking.
OK, background info done, now for the real issue brought up by the SULFNBK.exe hoax: how exactly do you protect against this sort of thing?
Think about it - this isn't really a "virus" in the traditional sense of the term, yet it does what viruses traditionally do - it causes damage to your computer (relatively light damage in this case, but I have no doubt it could have been worse if the originator had picked a different filename), and then passes itself on to others. It just doesn't use any code to do it - it's almost like an old joke called the Honor System Virus, which asked the user to forward it and then wipe his hard drive.
As such, how can you fight something like this? Anti-virus software is powerless against the gullible user who voluntarily damages his system at the bidding of an email message. There's speculation that the SULFNBK.exe message may have originated by accident (there actually is a virus which uses that filename, as Symantec's page helpfully points out), but someone with malicious intent could easily write a similar message instructing users to delete a critical file, and such a message could easily damage a lot of computers and cause a lot of frustration.
The best remedy I can think of is education, but even that is tough to implement - within five minutes of receiving the SULFNBK.exe warning, I'd found the Symantec page and fired off an email to most of my friends pre-emptively warning them about the hoax, but too many people don't know enough about computers or the Internet to recognize such a hoax, or don't think to go check out the information for themselves, and as a result they fall victim to it. The best solution is an informed, intelligent population, but any experience with democratic government will show the likelihood of that happening.
More drastic solutions, like setting up a home PC so that the user can't delete critical files, seem to be the next obvious answer, but I'm not sure I like that - I'd rather have the freedom to accidentally destroy my entire system than not be able to modify and customize to my liking.
Those are just a couple examples of solutions to hoaxes like SULFNBK.exe, but one probably can't be implemented, and the other isn't really a pleasant idea. So what (if anything) could be done if virus writers realized the enormous potential of this sort of thing? Could anything effectively prevent thousands of users who just simply don't know better from voluntarily wrecking their computers?
Of course, after a few times around, people would learn and start to distrust the hoaxes, but how many times would it take? And is it acceptable to simply let users shoot themselves in the foot a couple of times to learn the lesson?
And I'm sure that somewhere in the first couple of comments someone will post links to stories about all sorts of similar hoaxes (I've seen lists of them alrady on Symantec's site and others, while looking into the SULFNBK.exe hoax) and ask why I think there's a problem all of a sudden. So I'll answer that now: this hoax has really managed to "make it big," and it thankfully wasn't very malicious, so perhaps it's time to start thinking now about solutions to hoax viruses like SULFNBK.exe, because I've seen a lot of hoaxes, but no good, lasting solution to keep them from doing damage.