The recent massive infestation of the Sobig.f Worm, with the promise of many more to come, renews the issue of how to deal with Spam/Viruses/Worms etc. Since I have a public web site and contribute to various listservs, I was getting over 200 Sobig messages a day. Im sure a few genuine messages were lost in my increasingly automatic use of the delete key. What is the best way to deal with what is at best an annoyance and at worst something that can destroy your PC? First, it is important to understand how this particular worm worked (and, because it was so massively successful, no doubt future ones will do the same). It had two characteristics that set it off from previous worms. First, it not only broadcast to your address book, but it also scrounged your hard drive for other email addresses (for example, in downloaded temp or Web pages). Second, it spoofed the from address, frequently using the address of someone else in your address book. Thus, if someone received a copy of virus ostensibly from me, heckman@ heckmanco.com, it could actually have come from someone else who had me in their address book or even in some temp Internet file that had never been cleaned out. While this magnified the spread of the worm, the bottom line is still that is spread because people have still not learned never to open attachments they are not expecting. Fortunately sobig.f had an expiration date (Sept. 10) and it stopped there. So how do you deal with spam and various viruses/worms? It is often said that you should never try to have yourself removed from a list, because that only tells the spammer that you have a valid email address. However, this advice needs some modification. Roughly speaking, spam can be broken down into three categories: actual porn; sex pills that offer to grow various body parts that you may or may not have; and commercial spam - mortgages, car loans, merchandise, etc. offered by more or less legitimate mer-chandizers. Since the legitimate merchandizers dont want to alienate potential customers, the chances are they will remove you from their lists. When I did this systematically, I found that my spam dropped by close to 50%. It does take a week or so of effort, and you have to keep at it because retailers routinely sell their lists to new spammers (Amazon.com does this all the time, for example). I also kept my ask whether to accept cookies turned onwhy would anyone that is deleting me from their list want to set a cookie? But it does have an effect. There is also a variety of anti-spam software on the market, which typically have some combination of four elements: white lists (accept any email from Jones); black lists (reject any email from Jones); rules (reject anything with Viagra in the subject line); and Bayseian filters. White lists are necessary (although in the case of Sobig.f, it does lead to getting virus mailings supposedly from people on the white list). Black lists and rules are a losing battle because spammers keep changing their addresses and subject lines, and vary spellings so that rules are ineffective (how many variations on Viagra have you seen?). Therefore the key to an effective anti-spam program is Bayesian filters. A Bayesian filter does a statistical analysis of allowed and rejected email and assigns it a percentage category (junk, 60% likelihood it is, not junk). It continues to learn as you have more and more email. This is by far the most effective and elegant way to combat spam. The best program I have found for Outlook is junk-out (See www.junk-out.com or www.wopr.com), although there are a number of others on the market. It moves suspected spam to a folder called Junk where you can inspect and delete it. This usually takes me only a few seconds every morning. Other approaches, such as challenge-response
(in which the first time you get an email from someone, a reply
is sent to them asking for confirmation. Only when you get the
response does your system let the email through), tend to have
serious drawbacks. Challenge-response systems, for example, wreak
havoc with listservs and a variety of email that you may actually
want. You have to decide where your tolerance level for spam falls. The extra time taken to review (even briefly) subject lines will eliminate false negatives (for example, I almost routinely deleted a message from my brother about Isabelle - the hurricane - because it seemed like it might be porn), but it does take you more time. Finally, the success of recent viruses and worms only reinforce basic anti-virus rules:
|
John Heckman is the principal of Heckman Consulting in Old Saybrook, which does software consulting and integration for law firms. |
|