Slashdot Mirror
Anti-Virus Companies: Tenacious Spammers
jaroslav writes "There is a great article over at Attrition about the problem of anti-virus related spam. I don't know if we should all start reporting this to the government, but telling the companies themselves that this should stop might get some results."
A lot of clients in my department regularly ask me if they have a virus when they receive these mail gateway auto-replies. I came up with a good analogy that helps even the most technophobic user understand what's going on:
If I send a letter to George Bush using Saddam Hussein for the return address, the president will not believe that the letter is really from Iraq! Why? (other than Saddam being captured?) The postmark on the envelope will say Pullman, Wa!
Similarly, if the mail server looked at the address that actually sent the virus, it would see something like aol.com or texas-telecom.net. Instead, these mail servers just blindly believe that the virus was really sent from Client-A@wsu.edu. (I insert the client's actual email address here... that helps grab their attention if their mind was already wandering...)
...that sends "back" (though I never sent it in the first place) the actual VIRUS!
.SCR .PIF or .EXE file, and since I run my PC behind a "linksys" box that blocks all incoming ports, I've never had Code Red or anything like that.
If I had spare time, I'd SUE the AV companies! They're commiting LIBEL and they KNOWINGLY SENT ME A VIRUS!
Anyway, I'd also like to add that I've run Microsoft Windows since the days of Windows 1.03 and I have NEVER had a virus. I don't take unusual precautions, either. I have a virus scanner that I keep updated and run MANUALLY every time I hear about a new one, and it never finds anything (except when I've purposely saved one off for analysis!). I've never been tempted to click on an
One of the companies I'm working for just locks down the network harder and harder each time there's a new virus. For example, they did some tweak so when you log into the domain, some thing runs that prevents you from making a share (though only from the UI--you can still do it from the NET command-line.) I hope someone realizes that they've NEVER actually stopped a virus, even though each time one happens they run around in circles and restrict the network and PCs even more. You just can't prevent against people receiving an EXE in email and running it!
Now I know the argument you get from Mac-crazies--that if the PC had better account management this wouldn't happen. NONSENSE! A user-level program with no special "root" access can easily scan through YOUR mailbox and pick of email addresses and send out email. ON ANY OPERATING SYSTEM, even a properly adminstered Un*x system.
Best Buy can have you arrested
It is with most newer versions of products (Trend, Sophos, Sybari, to name a few). Older versions had this on by default, but when they were released, viruses weren't forging FROM headers the way they are now. Additionally, when upgrading versions, the old settings tend to get preserved, thus perpetuating the problem.
I also wouldn't go so far as to call this a dangerous feature. It was designed to be a useful tool to help STOP the spread of viruses. I think a better compromise would be to enable notification back to the sender only if the detected virus is know NOT to be a FROM forger, with the option to disable it completely.
You could start by explaining to your boss that in some situations email is not THAT reliable. And if a billion follar contract rests on the successful delivery of an email, he'd better pick up the phone and call someone to make sure it was recieved.