Here comes “Conficker”

I just read the following article…

Computer Virus ‘Time Bomb’ Could Go Off April 1
(http://www.foxnews.com/story/0,2933,510296,00.html)

My thoughts…

The Internet is a dangerous place. It seems highly likely that “Conficker” is going to do something, and it should be of great concern to everyone, but particularly IT people, that we know about this worm, but still have no idea what it is designed to do. Talk about a weakness of the “filtering” mentality. Don’t forget… It is nearly impossible to filter for something that is not yet known.

With history as our guide, it is highly likely this worm will include an e-mail based component. The bad news for people who are protected by current anti-spam filtering technologies is that they will be left virtually naked until the worm actually starts working. Only then will the developers of the filters be able to design rule sets to deal with the worm. This is the definition of being reactive. In addition, once the rule sets are defined, they do no good until they are pushed out (deployed).

It would not surprise me if we saw an exponential increase in threat-laden email when this worm comes to life. However, I do not think the people that design these sorts of worms are targeting the email infrastructure. I believe email is used as a virtual “smoke screen” these days. This virtual “smoke screen” is used to mask the real targets of the worm or virus.

In Search of… A definition for e-mail spam

According to Wikipedia, e-mail spam is defined as follows:

“E-mail spam, also known as unsolicited bulk Email (UBE) or unsolicited commercial email (UCE), is the practice of sending unwanted e-mail messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients. (http://en.wikipedia.org/wiki/Spam_(electronic)#E-mail_spam)”

This definition is okay, but is overly broad. I would like to propose the “Triangle of Spam” in an effort to more accurately define the problem.

Simply put, for any piece of e-mail to be considered “spam” it must be unsolicited, anonymous, and high volume. If any one (or more) of these characteristics is not met, the e-mail can be considered unwanted, but is not “spam.”

It is important to distinguish between “spam” and simply unwanted e-mail. For example, are “Lowest Fare” updates from United Airlines spam or, in my case, simply unwanted (I never fly United)? While I’m sure I did fly United at some point in the distant past, I certainly do not plan on flying United anytime soon. Technically speaking, United has the right, by virtue of our “previous business relationship,” to send me these updates. However, in my particular case, these are absolutely unwanted e-mails, but they cannot (or should not) be considered spam.

I am very interested to hear what other people think of the “Triangle of Spam.”

E-mail… By the people. For the people.

For e-mail to continue as the Internet’s “killer app” there is no question the issue of security, or with e-mail, the lack of security, needs to be addressed. The key to solving the security problem lies in the recognition that human interaction is a key component of the email process. I realize this seems obvious, but for some reason we have “missed the forest because of the trees” when it comes to e-mail security.

In the final analysis, no one is better to determine what email you want to receive than you. In addition, the concepts of privacy and security, though completely missing from email, have been incorporated into all modern communications tools. The best examples are Instant Messaging (IM) and social networks (Facebook, MySpace, LinkedIn, etc.). Simply put, if I want to add someone to my Facebook network, I need to ask for their specific permission. If I want to send someone an instant message using Gtalk, I need to ask for their specific permission before I am permitted to send even a single message; the exact same process applies to Yahoo, MSN, AOL, etc. Not to over simplify, but it would not be wrong to summarize that Sendio has succeeded at bringing email up to a level of security commensurate with other modern communications tools. Our “radical” improvement comes from our realization that human interaction is the lost key to safer, more secure and efficient email.

Does this “radical” thinking represent a paradigm shift?

The Sendio approach to email security is more a paradigm extension than a shift. We have all become very comfortable with caller-id on our cell phones and have embraced the verification steps required to participate in social networks. As demonstrated by the rapid adoption of Instant Messaging and SMS “texting,” it is clear that people have no problem with the concept of sender’s authenticating themselves; no one complains or worries about sender authentication for chat rooms or on-line forums. Therefore, we see little or no pushback when this level of security is added to email. I believe the challenge before us today is not shifting people’s paradigms, but helping them connect the dots. Because of email’s importance within the fabric of business it is no wonder that people are very “touchy” about the process. What we need to do is help people see that we have done nothing more, or less, than bringing email “up-to-speed” with current technologies.