Indeed, it appears that home users are mostly to blame for propagating this. Perhaps, but I think there are greater dangers at the enterprise level. One company I work with has a problem involving propagating emails. Within any given day, the typical user receives 10-20 emails all due to a virus (at present, Klez and Yaha variants seem to send the most email).

When the IT department — and specifically, the Mail Admin — was asked to do something about it, the reply was "that all users have anti-virus, shouldn't double-click on attachments and should set up filters using Outlook so they wouldn't have to see the e-mails come in".

This is a poor way of dealing with this issue. Users are not computer experts. Administrators and tech support staff are. Users have been trained to perform their jobs and to generally believe, for the most part, that whatever hails from the Internet is a valid form of communication and thusly must be true.

The expectation that users should inherently be able to protect themselves do this is an incorrect one and one that I believe will continue to result in the continued spread of viruses. Rather than being reactive, perhaps it might be worthwhile for administrators to be proactive.

One technique that isn't reviewed or discussed often is virus walls. There aren't many manufacturers of this type of product but it does exist. A virus wall is similar to a firewall in that it examines packets as they travel back and forth between networks. The difference is that a virus wall will put packets together and examine them for virus signatures. Clearswift's MIMEsweeper, Trendmicro's Interscan, or Mcafee's Web Shield appliances are all options available to deal with viruses on the fly rather than relying on users to deal with them.

There are, unfortunately, still things that get through. Swen introduced an element of social engineering that hadn't been seen in viruses before. By pretending to be a legitimate company, the virus writer gave users a reason to want to click on the attachment. Social engineering has subsequently seen an increase in its use for spam messages.

What is worse is that there are many messages that get users to respond by putting in personal information like credit card information, phone, address, SSN, SIN, etc. or, in a recent example, cause users to flood the victim company with complaint phone calls. While users aren't expected to be that technically inclined, it is still worthwhile to educate them on the dangers of the Internet and that not everything that resides there is safe.

Some tricks to help admins and users deal with spam and viruses:

  • Avoid using Outlook if possible. Many viruses are dependent on the integration that is offered by Outlook and Microsoft OS platforms
  • Turn off the ability to view emails in a preview pane. Although it takes a few extra seconds to double-click and open an email, it does avoid some problems that are often found with anti-virus checking and preview pane options
  • Turn off HTML email (receipt and sending of). HTML emails hide some of the social engineering techniques used spammers and virus authors (last time I checked, was headquartered in the US, not Russia).
  • Be vigilant. The Internet is home to many truths, but as 2003 has shown, it's a breeding ground for lies. Users should take everything that's deposited into their inboxes with a grain of salt.
Perhaps 2004 won't be as fraught with as many security woes as 2003 was. One can only hope.