It's not a technical problem,
it's a problem with preview
software doesn't kill email,
it's the people that do.
07/08/03
Let's see if you can pass this test.
Question: If you use the internet, you are getting viruses.
True or False?
The answer is True.
Cause and Effect
You take your average small / big biz user sitting in front of a powerful machine with massive amounts of bandwidth... factor in a lack of experience about anything beyond using Word or Outlook let alone viruses, worms and whatever else.
What do you end up with? A nasty pandemic.
This is the era of the Internet worms -- which are viruses that spread through a network -- and we are seeing hundreds of thousands of PCs worldwide, at the minimum, infected. Many have crashed and networks have slowed to a crawl.
There is some confusion about the details though...various indicators that there is misinformation being reported by the media (like why this is happening, who is to blame, and how serious the threat is).
So far -- the worm known as Sobig is the most potent threat ever..
The SoBig virus spread when unsuspecting computer users opened file attachments in e-mails that contain such familiar headings as "Thank you," "Re: Details" or "Re: approved."
Once the file opens, SoBig, scours the computer for e-mail addresses, checking in Word documents, Internet logs and e-mail inboxes.
Designed like mass-mailing spam programs, it then sends scores of messages to the addresses it has collected. As of the last week of August, one in 17 e-mails sent around the world was infected with SoBig. This increased global e-mail traffic by as much as 60 percent, slowing the Internet to a crawl.
This (at the time) was unprecedented, even taking into account the list of internet worms that have broken previous records, including worms such as Klez and Nimda.
Sobig has a purpose. In fact, technical support technicians have been scrambling for a long time to fend off the most concentrated digital onslaught ever seen.
The most recent outbreak (Aug. 2003) began with the so-called "Blaster" or "LovSan" worm which, by some estimates, infected more than 500,000 computers running the latest version of Microsoft Windows, the world's dominant operating system.
A week later, the "Welchia" or "Nachi" worm surfaced. It masqueraded as a benign program that was supposedly intended to fortify computers against infection from Blaster. But it packed a punch. It clogged computer networks, slowing Internet connections and even knocking systems offline. Nachia's victims included the European engineering firm ABB, Air Canada and the U.S. Navy and Marine Corps.
NOTE: *The sixth version of SoBig, was programmed to expire on September 10, and is no longer a threat.
So WHO can be blamed for the problems?
Well, the fact is -- there's no shortage of blame here. And trust me, so-called "script kiddies" who dabble with the available tools and methods that are highly publicized on websites, can't be blamed for the extent of the problem either. Virus writers, as such, only take advantage of the situation, they are not creating the problem itself.
ITEM: Microsoft Windows operating systems and email programs are NOT SECURE.
I am as sick and tired of the windows-security-holes litany as I am of the security holes themselves. I have written articles about this (2 years ago), and Microsoft launched its "Trustworthy Computing" initiative in January 2002 in an effort to reduce the number of security problems that affected its software.
Weeks ago, Microsoft launched its "Protect Your PC" campaign to encourage people to install security software, such as anti-virus programs, and to regularly update the fixes and patches for their other software.
But there are complications to this process, including how difficult it is for home users with only narrowband connections to download all the patches Microsoft advises it is necessary to apply.
A fairly typical home user with Windows on their PC, may not have been able to apply all the critical Microsoft patches. Without a broadband connection, people could have a stumbling block due to the total volume of updates --which now comes to many megabytes-- incurring the risk of staying online for the several hours it would take to download all these at slow connection speeds. I suspect that this may have led to the vast number of unpatched, hence insecure, home PCs still on the net. So Microsoft is, yet again, partly to blame for this situation.
ITEM: Using Outlook and Outlook Express and email in general IS NOT SAFE.
Remember it's no longer about users clicking attachments - many worms have exploited the auto-preview feature in Outlook (Express) to spread. Yes, Microsoft has fixed this and yes, many people have still not applied this fix. But this is more about behaviour.
Now we've confirmed that Anti-Virus Scanners don't work any more --that was true about three to four years ago, it's only now becoming obvious-- AV vendors are producing tools that are incapable of responding to fast-spreading worms, the implications are that you need to rely on constant upgrades. However, it's just not a good practice to install software on your computer that's had less than a couple of days of testing from the programmer's hands to your system. Believe me, I know what happens when vendors release AV software that isn't sufficiently tested. My 3 years as a Microsoft Technical Support Professional, showed me how badly that can turn out, if everything goes wrong.
Anything less frequent than a weekly update for AV software won't work well enough.
Heuristics (another way of determining virus presence) can only detect code written by really poor virus authors. The more sophisticated ones merely use trial and error until they've evaded the heuristic.
We could also blame ISPs (for not filtering viruses - even though this has to be a ready market many users would be happy to subscribe to), but indeed, the crisis remains. As recently as August and September, experts were again urging computer users to shore up their machines with anti-virus software and to delete suspicious-looking e-mails, hoping that preventive medicine would stop this wave before the next round.
Give us the best AV technology you can think of. Give us email clients that will never ever start a program unless the user makes it. The next worm will still spread based upon the fact that users like to click their attachments.
So when we blame people for not updating their AV software, we should also blame them for clicking every [expletive deleted] attachment they receive. As long as the typical computer users can get on the internet, worms and spammers will have something to feed upon.
In fact, the concept of AV software that really does work and a windows version without security holes scares the hell out of me. If we consider that a few years without worms, without security alerts from MS, and without a post on BugTraq (about exploitable vulnerabilities), would make everyone too confident and complacent, then we are underestimating the risk that someday, somebody will be clever enough to figure out how to make that whole scenario blow up. Then what happens? At that point, people will rely even more heavily on their AV software and their blessed OS than they do now. They will no longer know that you are not supposed to click anything that looks even remotely clickable. And I guarantee this, THEY WILL CLICK.
Open Source alternatives.
As has been repeatedly noted Linux, Mac OS, OS/2 and Unix users are immune to the virus itself but are still getting carpet bombed by the message storm it generates.
I'm also sick of people complaining about this sort of thing...so the usual car analogy will suffice:
Bill: My car has 60,000 faults which render it susceptible to someone else taking control of it while I'm driving.
John: Really? Mine has less than 100 and I can go where I want to.
Bill: Give me the name of your dealer - I'm going to buy one of yours.
And for computers:
Bill: My operating environment has 60,000 faults which render it susceptible to someone else taking control of it.
And I spend all of my time applying security patches (30 so far this year).
John: Really? My operating system has less than 100, far fewer security patches and I spend my time doing what I want.
Bill: Yes, but no one uses your system.
Hello? Excuse me? Did I hear you correctly?
So it's "The Management"...not the helpless end user that's to blame.
I'd also like to add that any approach that is based on users doing the right thing seems bound to run into trouble sooner rather than later. In the long range point of view, the prevalence of these MS-centric viruses will become a stronger and more compelling reason for users to consider open source alternatives. Microsoft is well aware of this, which is why they have the Trusted Computing initiative. Redmond is taking steps to produce more secure code, in its own self interest, but this will take additional time to reach the market. In fairness to Microsoft, its security experts (at least in private) are happy to acknowledge this point.
VIRUS UPDATE:
There are now variations of the last few viruses that can open a door into networks, allowing hackers to download files, steal system information and spread malicious programs. Like Trojan Horses, they can use the backdoor to gain access in the network and gain control of work stations.
Are you interested in additional details?
Do you want an ACTION PLAN to implement the BEST PRACTICE PROCEDURES?
Send an email to get the technical stuff, in the form of a "How-to" tutorial from Ask Your Az-Tek How?
::Click to Contact->Ask Your Az Tek How::
