Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lousy E-mail Filters Complicating Outlook Worms

Posted by CmdrTaco on from the cluttering-up-my-inbox dept.

Mar writes "FRISK Software founder Fridrik Skulason has issued an open letter in which he blames other anti-virus companies for much of the Sobig.F network load problems: 'If mail filters send out one message for every copy of Sobig.F received, they are in effect doubling the amount of traffic. This makes them a part of the problem, not a part of the solution.'"

4 of 461 comments (clear)

  1. Re:But still less... by nacturation · · Score: 5, Insightful

    ...traffic than you'd have if the worm got to its target and continued spreading.

    That's a lousy argument for obvious poor behavior on the part of anti-virus software. It's like saying every time the police catch a violent criminal, they should kick the ass of some random citizen. Hey, it may be annoying, but it's still less violence than you'd have if the criminal got to their target and acted violently.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  2. Re:Fuzzy Math by realdpk · · Score: 5, Insightful

    There's some flaws in the logic.

    First, there's a cost per message that you're not including. Every message I get I have to consider and read, or delete. I'm getting tons of virus bounces, even though I've never sent a virus - the virus uses forged headers. So, for me, someone who has no way to contract a virus, my "work"load has gone up noticably, and the price I pay went from $0 to $X where X is a positive number.

    Second, the autoresponder is not a necessary part of the virus removal. The savings is already there by blocking the virus from infecting the user's computer. The bounce is just an extra thing the anti-virus people put in to try to advertise their product.

    It's *pretty damn close* to being spam.

  3. Re:But still less... by American+AC+in+Paris · · Score: 5, Insightful
    ...traffic than you'd have if the worm got to its target and continued spreading.

    I'm still getting about 200-300 "You sent a message with SoBig.F! Patch your computer immediately!" every day.

    Trouble is, I'm on a Mac. I couldn't be infected with SoBig.F if I wanted to.*

    Further trouble is, SoBig.F spoofs the FROM: field, so these messages invariably go to everybody except the schmuck with the infected box.

    So no, these messages hurt far more than they help.

    [* Pedant filter: I suppose I could buy Virtual PC or somesuch and install a vulnerable version of Windows. That'd probably do the trick.]

    --

    Obliteracy: Words with explosions

  4. Message Headers should be Compulsory by gvc · · Score: 5, Insightful

    Last year, my wife received a spate of "you sent this virus" messages. Worse, a number of her associates received "this person tried to send you a virus" message, referring to her.

    I followed up with several of the administrators running the virus filters. In all cases, the administrators had quarantined the messages without headers so it was impossible to tell what machine really sent the message. I would have liked to know this information so as to have some hope of tracing the owner of the infected machine.

    I understand why users are unaware of headers. Microsoft's products go out of their way to hide them. In Outlook Express, to get headers you have to find the relevant show headers pull-down and even then the headers appear in a too-small non-resizable window. You have to clip the contents and paste into a real window before the headers can be read/forwarded.

    The "From:" field of email means no more than the snail-mail return address that you scribble on an envelope. The header, like the snail-mail postmark, tells the origin.

    What is the excuse for vendors of email software (filtering or end-user) perpetrating unawareness of this basic property of email?