Forget year 2000 compliance. What you should be worrying about is year 2000 computer viruses - both real and hoax. Michael Cross reports

First, the good news: your expensive new millennium-compliant computers probably won't melt into scrap metal at midnight on new year's eve.

The bad news is that two years of frenetic activity to ensure that the NHS's information technology systems survive the millennium will not protect them from a new menace: the year 2000 computer virus.

The warning comes in a health service circular in which the NHS Information Authority warns all health service organisations to brace themselves for an 'unprecedented' series of electronic virus attacks - both real and hoax.

If the circular is to be believed, an underground global community of virus-writers is gearing up for the millennium.

The combination of millennial confusion and guaranteed media interest has inspired virus enthusiasts to try to make their name by spreading selfreplicating programs through the world's computers.

Although some viruses will be relatively benign, perhaps only flashing new year's greetings on the screen, others will be designed to crash systems or clog up e-mail networks.

Hoaxes can be just as damaging, by distracting attention and resources from real problems.

Even if your health authority or trust met the end of September deadline for full millennium compliance, there is no reason for complacency. Upgrades or systems installed over the next 90 days may cause readiness to slip, the circular warns.

And one variety of year 2000 virus may be designed to disable measures to ensure millennium compliance.

The solution, according to the NHS Information Authority, is 'clean management'.

This is nothing to do with turning down bribes from betting syndicates, and everything to do with ensuring that compliant IT systems are not compromised. As usual, the weak link is human stupidity.

'Do not allow staff to take diskettes home and bring them back to work without checking for viruses, ' the circular warns. Other measures include keeping virus-checking programs up to date - especially during December - and backing up all systems regularly.

Ironically, one reason for the new threat is the replacement of much of the NHS's 'legacy' IT with new 'industry-standard' programs running on Microsoft operating systems, largely in response to the millennium bug.

NHS computer screens can now look as sexy as anyone else's, and are more likely to be able to communicate with each other.

But while no one would have bothered to create a virus for an old homegrown NHS system, the new systems are targets for anyone in the world bent on damaging the IT industry - or more specifically, Microsoft.

This adds up to a terrifying population of anarchists, terrorists, sociopaths and plain idiots.

Microsoft itself is constantly under attack, receiving 'probes' on its US data centres at the rate of up to 22,000 an hour, its security chief revealed earlier this year. About 10 of these turned out to be serious hacking attempts needing further investigation.

Most attacks come from 'ankle-biting hackers trying to make a name for themselves', Howard Schmidt, Microsoft's director of information security, says. Some of these 'anklebiters' succeeded in August, when they broke into Microsoft's Internet e-mail service.

'Traditional' computer viruses infect program files and are spread either through floppy disks or as attachments to e-mails labelled '. exe'. These are easy to detect with commercial anti-virus software.

Recently, though, virus-makers have unleashed a new menace, the so called 'macro' virus. The NHS Information Authority warns that these are likely to flourish over the millennium.

One macro virus called Melissa has already caused worldwide chaos. It spread rapidly around the world by posting itself to every e-mail address in the infected machine's address book.

The NHS information strategy says that although any program that allows the use of macros is in theory susceptible, in practice viruses are most likely to attack Microsoft's integrated suite of programs, MS Office.

The good news is that many of these attacks will be hoaxes. The NHS Information Authority expects the millennium to give rise to 'an unprecedented number of virus hoaxes'.

Microsoft has already spotted one.

Last month it warned users not to open an infected attachment to emails supposedly from its own support site ( The company said the file, called Y2Kcount. exe, had been distributed to some customers.

Don Jones, director of year 2000 readiness at Microsoft, said: 'The Y2K-related e-mail message that claims to come from Microsoft is a hoax. Consumers should not open the attachment but rather delete it immediately.'

Microsoft says it never sends 'patches' or 'updates' as attachments to e-mails. But according to the NHS Information Authority, other reputable organisations are peddling millennium virus myths.

One rumour circulating on the Internet concerns a virus which 'if left running for a sufficient amount of time, will overheat the central processing unit, causing it to melt down and effectively reducing the computer to scrap metal'.

This is rather a long way from reality, the NHS Information Authority says reassuringly.

Millennium viruses: real and imaginary Imitation year 2000 Viruses masquerading as millennium bugs. They might cause a computer to display the year 1900 rather than 2000, or a message such 'year 2000 non-compliance detected - shut down system immediately'.

Genuine year 2000 Causes a real year 2000 failure - for example, by disabling remedial software.

Joke year 2000 Displays a happy new year message (or obscene variants) on every screen.

Norma l A 'traditional' . exe or macro virus causing more trouble than usual because of millennium pressures.

Hoax A warning of a mythical virus, usually spread by e-mail, causing panic and extra work.