OK, here at Network World, we practice what we preach when it comes to security - so I wasn't too concerned about the the newest Sobig virus.
What is annoying, however, is the roughly 47 million (OK, maybe I'm exagerating, but not by much, I think) automated messages I'm getting from virus scanners at other companies informing me I was a lowlife scum for attempting to send a virus-infected message.
This sort of thing might have been almost useful a few years ago, back before the virus writers realized how much fun they could have with the Outlook address book. But these days, the messages only serve to clog up inboxes everywhere, since there is typically no relationship between the actual sender of an infected message and the person whose address is in the "from" field. So dear antivirus vendors: Instead of sending out press releases every 15 minutes about the latest virus, could you maybe update your software to turn this "feature" off?
One sorta cool thing that's come out of all this: peer-to-peer anti-spam systems work. I subscribe to Cloudmark's SpamNet, which works in part by a feedback mechanism through which other subscribers report spam. By yesterday afternoon, I noticed my "spam" folder was filling up with Sobig-generated messages, because SpamNet was marking them as "spam."
Meanwhile, Kevin Werbach reports similar success with SpamAssassin and some hand-coded rules, but adds that 1,470 Sobig related messages is just too much:
"We have to confront the reality: either email is broken, Microsoft's email software is broken, or those two statements are the same. If it's the middle statement, Microsoft and other vendors can close holes and improve filtering in their products. Email itself isn't going to change. It's too widely deployed. I still think a combination of steps will tame the spam epidemic, but we're not there yet. "
Post a comment
