One Asia vendor’s Southeast Asia spokesperson purported that the total damage for global businesses due to malware (the term describing damaging software worms, Trojan horses, viruses, and the like) reached US$55 billion in the year 2003. But there isn’t any independent research to back up the claim.
It brings to mind the U.S. Air Force’s reference to the “false authority syndrome,” where sometimes an office holder can present himself as an authority simply by his senior appointment, rather than based on his prerequisite experience or credentials. In this case, the exaggeration seems to have risen purely from a desire to promote the need for a vendor product, rather than from fact. Such misrepresentation of knowledge without training or learning can backfire not only on the individual himself, but his organization, and many other stakeholders (including journalists who did not do appropriate research and fact checking).
But even if the damage is not nearly as much as this vendor’s claim, the threats of malware are still real and ongoing. The problem seems to lie in the current state of virus defense, which relies too much on the matching of historical “patterns” of known malware with the virus pattern file, rather than a more proactive or aggressive approach. In many of the available antivirus solutions today, even if there is a slight variance to the pattern of the malware, the pattern file will not recognize the variant. This is a rather passive and conservative approach, and increasingly, seemingly ineffective against the ongoing micro-variance of the malware populating the field.
So if there isn’t a “smarter” way to eradicate such malware, surely there must be a “dumber but more aggressive” way? There is, fortunately, and I will briefly sketch the solution. For those not interested in the technical details, you might want to hand this to your tech support!
Before you fix malware, you need to fix your own mail relay. For example, harden the OS on your mail server, and ensure that it is left as an open relay, whereby spammers (including those who spread zombie SMTP malware to enable computers as spam hosts) cannot use your server to relay millions of emails to others.
Next, ensure that the access files (especially for UNIX mail servers such as Sendmail) can be manually tweaked to shut out persistent spammer and zombie SMTP domains, IP numbers, or email addresses. Some of the banned domains or email addresses from a year back are still spamming my server on a regular basis.
Thereafter, if you like, subscribe to several DNS blacklists. The reason you need several is that DNS blacklists tend to go down due to spammers bombarding the blacklists’ servers with Denial of Service (DoS) attacks. If you need a more automated method of tagging or reducing spam, try the open source SpamAssassin (www.spamassassin.org), which can detect esoteric tricks spammers use, including misspellings and the use of numerals in place of letters.
There is another thing users can do to protect themselves from virus attacks, through the use of MIME filtering scripts on mail servers. Why would any business want files of the type .PIF, .SCR, or some other commonly banned type? Using open source MIME filters such as MIME Defang (www.roaringpenguin.com) or even simpler ones such as batemail (batemail.sourceforge.net) as a precursor to your mail relay will strip out the blacklisted attachment types, no matter what variant they may be.
If there is a need for greater policing, using the free WWFilter (www.worldwidecreations.com) will make use of a whitelist method instead, where only listed attachments will be allowed in, increasing the security of attachments flowing in and out of the organization.
So the next time you hear a war cry of doom from a biased vendor, perhaps you may want to look for a simpler way. There is no perfect solution to malware, but the battle against malware cannot be left in the hands of the few, the antivirus vendors. We users have to empower ourselves to slow down the onslaught of such computing troubles with low-cost solutions.
By Seamus Phan
Based in Singapore, Seamus Phan is
one of Asia’s leading thinkers and practitioners
in business leadership, Internet security, and marketing.