Viruses
topped computer industry concerns in 2004
by Alan Zisman (c) 2004 First published in
Business in Vancouver December
21-27, 2004; issue 791; High Tech Office column
Despite everything, including nags from this columnist, computer
security remains a concern at the end of 2004. Some apparent steps
forward, but also some steps sideways or even back. This week's column
looks at e-mail-related issues.
You'd think we would be done with computer viruses by now; the basic
concept is such a clichÈ, and users have all heard about the
problem. But anti-virus software companies claimed a 500- per-cent
increase in the number of viruses being released "into the wild" in
2004 compared with the previous year.
On the other hand, no single infestation infected the mass numbers of
computers that we've seen several times in the past.
I suspect end-users continue to be sloppy about installing anti-virus
software and keeping it up to date, but corporate networks and
commercial Internet service providers are taking their responsibilities
more seriously and doing a better job of keeping infection-bearing
e-mails from their users.
A twist on virus infections emerged this year, a sort of for-profit
alliance between virus writers and spammers.
Some of this year's crop of viruses turn infected computers into spam
"zombies," using the infected PCs not just to spread the virus further,
but also to relay junk mail to other users.
Many users continue to get hosts of e-mails claiming that their
computer may be sending out virus-laden messages. While these are sent
out with the best of intentions, network administrators and ISPs are
messing up here; in most cases, the viruses "spoof" real e-mail
addresses. If you get such a message, check over your system but don't
panic: you're probably not actually infected.
"ree home-user anti-virus software such as Avast (www.avast.com) is
worth checking if you're not currently running up-to-date anti-virus
software.
Spam:
Late in 2003, the U.S. Congress passed CAN-SPAM legislation. There have
been a few instances of charges being laid against alleged mass
e-mailers, but if you've seen a decrease in the junk coming into your
inbox, it's more likely due to wider use of spam filtering. This
filtering is built into new versions of popular e-mail software such as
Microsoft's Outlook, Apple's Mail, Qualcomm Eudora (paid version only),
and the open source Mozilla Thunderbird. (Microsoft's Outlook Express,
however, doesn't do any spam filtering).
Even more effective is filtering at the network level, carried out both
by enterprise network administrators and by increasing the numbers of
Internet service providers.
Spammers are trying to outwit the filters, sending out messages with
randomly generated text (to foil anti-spam pattern recognition
software), with the real message embedded in an image. Despite this,
only a fraction of the junk aimed my way reaches my in-box.
Perhaps the fastest-growing danger in 2004 was in so-called phishing
e-mails - messages that appear to be from a legitimate source such as a
retailer or financial institution and attempt to get the reader to
visit a website (also appearing to belong to the same legitimate
organization) and enter account numbers, passwords and Personal
Information Numbers.
In January 2004, 176 different phishing attacks were reported to the
Anti-Phishing Working Group. By June, that number had jumped to 1,422
unique attacks.
While home and enterprise-class spam filters are learning to identify
such fraudulent messages, end-users need to hear the message to ignore
such messages. Legitimate businesses and financial institutions are not
going to e-mail you asking you to verify account numbers or passwords.
If you get such a request, ignore it; if you're not sure, confirm it by
contacting the business directly (not through the website listed in the
suspicious e-mail).
In 2004, computer viruses only attacked Microsoft Windows users.
Spam and phishing messages made no such distinctions. All these hazards
and irritations come into your e-mail inbox. Other sorts of security
hazards
next week.