Don't Send That Virus!

Infected users prevented from sending email viruses

QinetiQ - Proactively Preventing Email Viruses

The current spate of VBS email viruses are usually propagated by an inadvertent granting of access to an infected user's email address book. The first 25, 50, or all addressees receive a message with the infection attached.

To protect ourselves, system administrators and IT trainers admonish us to remain vigilant and constantly update our antivirus software. This is one of the most reasonable protections against receiving an incoming infection.

But there's another alternative. If we think outside the box or, rather, look at the other side of the box, there's an opportunity to prevent transmitting infected messages once we've been attacked.

Current antivirus software attempts to protect our systems from attack, but once a virus gets in, there's nothing to stop it from promulgating itself to all addressees in our address book. Until now.

Most users send a message to one or two recipients at a time. Unless we're in the business of online marketing, it's rare for most of us to send "bulk" mail using our address books. Even those who do send large distributions, this e-zine, for example, are handled by large-scale email distribution systems, usually on Linux servers or larger-scale systems.

A virus that attempts to send a message to a large block of addresses should be detectable and the transmission prevented.

That's what the researchers at the United Kingdom's Defence Evaluation and Research Agency (DERA) unveiled at last month's InfoSec 2001 conference. Their software application, SyBard/Mail, alerts the infected user to suspicious outbound mail traffic.

A partnership between DERA and a for-profit company, QinetiQ, will develop a commercial version of SyBard/Mail for release later this year.

On July 2d, QinetiQ will be Britain's largest independent science and technology company. With an 8,000 strong workforce, the new company will continue to deliver science-based solutions to both the Ministry of Defence and private sector clients.

SyBard/Mail will ship in three versions, starting with a lightweight version that provides a basic check on outgoing mail. The midrange solution will be a Professional version that will hook into the advanced security features of Windows NT and Windows 2000 (and presumably Windows XP) and will also include content-monitoring capabilities. And for those who must have secure end-to-end communications, SyBard/Mail's Advanced Security Option provides a digitally signed control at the firewall.

I like the idea of an outbound mail monitor because it can be installed for users with large address books who aren't diligent updating their antivirus software.

Call for Comments

References

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated May 9, 2001
http://dgl.com/itinfo/2001/it010509.html

Return to DGL homepage
Copyright © 2001, Damar Group, Ltd., All Rights Reserved