Not everyone thinks the big boys are on the right track by pursuing spammers in the courts.
Postini, ‘the industry’s leading provider of email security and management for the enterprise’, says spam “cannot be solved by lawsuits and legislation alone”.
America Online, Microsoft, Earthlink and Yahoo announced on Wednesday that they had filed numerous civil lawsuits against spammers, charging them with violating the provisions of the two-month-old CAN-SPAM Act. Steve Kahan, corporate vice president for Postini, says, “We believe these law suits will only succeed against small unsophisticated spammers, while doing little to stop the overwhelming amount of spam clogging corporate America’s email boxes. We hope these lawsuits do not give people running email systems a false sense of security.”
Postini says that since CAN-SPAM it “has seen no reduction in the amount of spam directed at its customers”: 75-80% of all messages are spam, viruses and other malicious email. On March 3, Postini recorded its highest spam day ever, blocking 103,193,573 spam messages.
Of course, Postini would say all this. “We make sure our 2600 enterprise customers and ISP’s don’t have a spam problem,” says Kahan. “There’s no need for them to spend money suing spammers because we keep them totally protected.” But what about the rest of us, who don’t have an ISP willing to pony up for this kind of service?
That said, Postini are probably right about the lawsuits. Spam is processed outside the U.S. and other territories getting tough on spam. The only way to close down spammers, in my view, is to go after the people using their services. Spammers don’t sell the goods, they just market them.
I like this idea from a Slashdot poster: Eliminate most viruses by zipping everything.
It works (I think) like this: Most viruses arrive as an attachment to an email. These are called executables in that if you click on them, something happens. (As opposed to a file attachment such as a Word document, or a web page, which just opens — although it may contain some malicious script.) Some email programs, like Microsoft Outlook, block these executables by default, but many other programs don’t, or else users change the default setting because they find they cannot access one or two attachments which are kosher. Result: virus mayhem like MyDoom.
The poster suggests that if all attachments are zipped. Zip files by definition have to be unzipped before they can be launched, opened or whatever. Most unzipping programs will open those files to a specific folder, during which time they’ll be checked for viruses. More importantly, this process gives the user a chance to view the contents of the file before clicking on it, and may perhaps give them pause for thought.
Of course a lot of people do this already, but they tend to be people who aren’t going to be send viruses around, and they’re also not the kind of people to open dodgy attachments. In short, the people who zip aren’t the people we’re worried about. Somehow, we’ve got to convince ordinary folk to zip up, preferably by making it an automatic part of the email program. Attach a file to an email? The thing is automatically zipped.
The poster then suggests that email systems are set to delete or quarantine any executable that’s not zipped. That should remove most virus threats (of course some viruses arrive as zipped files, and rely on some social engineering to persuade the unwitting user to open and execute them, but there’s not much you can do if someone is suicidal enough to do all that.) The last point he makes: Encourage zip program vendors to work closer with anti-virus companies “to provide better protection from viruses in zip archives”.
I can’t see much wrong with this. I think zip programs could be easier to use (ironically, Microsoft’s inbuilt zip viewer in Windows XP seems to work best), but if they can be persuaded to integrate seamlessly with email clients, we may go some way to stemming the virus flood.