June 15, 2004

Email viruses are more annoying than spam

Author: Robin 'Roblimo' Miller

I've had my primary email address for many years, and I also get email through a number of work-related aliases, including editors at newsforge.com, roblimo at slashdot.org, and rmiller at osdn.com. So I get spam. Tons of spam. And I filter it all. I filter viruses, too, not because they can affect my Linux computer, but because they suck up bandwidth. And my virus email traffic now exceeds my spam traffic by a factor of at least two to one.Like many people with widely-published email addresses, the amount of spam I get is staggering, often 1,000 pieces or more per day. Even if they were all from "legitimate" companies that followed the CAN-SPAM Act and included an "opt-out" mechanism, at this volume level opting out of all the spam databases would take several hours every day. And since the most common "opt-out" method involves a reply email containing "unsubscribe" or a similar command, it is usually not possible to opt out of spam coming through an email alias instead of directly to my roblimo.com account.

Another cost of spam that affects people who work with high-profile Web sites is the faked return header problem. We've had a number of incidents where spammers used false "@newsforge.com" and "@linux.com" return addresses, which meant we got slammed with hundreds of screaming emails from spam victims demanding that we stop spamming them immediately or they'd sue or commit bodily harm or call the cops or do something else nasty. Since we weren't the spammers, we couldn't stop the spam for them. All we could do was send a polite reply explaining what was going on, along with instructions on how to read email headers and a suggestion that they contact their ISPs or network admins for help.

The CAN-SPAM Act outlaws the use of fake return addresses on unsolicited bulk email. As far as I can tell, this provision is being followed so rarely that it might as well not be followed at all. So far, I don't see that the CAN-SPAM Act has had any effect on the volume or type of spam I receive. But spam is not the worst email problem I face.

Why virus email is worse than spam email

To me viruses are a spam-like annoyance, not a threat to my computers' integrity. AQHost, the service that hosts roblimo.com, provides server-level SpamAssassin and virus filtering. I can easily filter spam and viruses on my local machines, too, but to do that I need to download them first. Having the hosting service do it saves a huge amount of bandwidth. This is especially valuable if I'm traveling and get stuck in a hotel room where I have only a dialup connection available.

A Bagle-infected PC with a fast cable connection can pump out thousands of annoying emails per hour. I've had several of them send more than 1,000 per hour to me alone, and since the worst offenders seem to be on Comcast and RoadRunner, two notably unresponsive ISPs, it can take several days to get them shut off. My record so far, from a single RoadRunner subscriber, was just over 30,000 virus emails in a single 24 hour period, a volume of "junk" email in one day roughly equivalent to an average month's worth of spam.

But received virus email isn't the only virus problem. The antivirus companies add another layer of annoyance on top of the viruses themselves with their automatic replies that essentially say, "We're bouncing this message back to you because it contains a virus."

Hey, antivirus company people! Smarten up! The virus put fake headers into the email. I didn't send that virus email. You're just wasting bandwidth -- and since most of your "bounce" routines return the virus payload along with the email, your notices get filtered by AQHost's virus filters and I don't see them anyway -- unless I'm looking through my "Junk" folders to research an article like this one.

Who do we blame for viruses?

Obviously, virus writers are bad people, worse than spammers. Virus writers who create zombies and open relaysfor spammers combine the evil of both. These are seriously bad people.

But I must point out that, as far as I know, I have never received a virus email from a computer running Mac, Unix, or Linux. Or DOS, NetBSD, Netware, Amiga, BeOS, QNX, ReactOS, or any other operating system except one.

For ten points, can you name that operating system?

Congratulations! You win!

In the past, I've asked people using that operating system and the email program that comes with it to keep my email address(es) out of their address books. I'm getting more virus email than I did when I wrote that article last summer, so obviously a whole lot of them didn't listen to me.

Aren't there patches out for this Bagle thing? Can't broadband ISPs detect and thwart it on the SMTP server end? Wouldn't they be doing a great service not only for their subscribers but for the rest of the world if they clamped down on users who are spewing excessive amounts of email?

Microsoft people always tell me there are service packs or patches out there for every virus, worm, or other Windows exploit that's ever made our lives miserable, and that it's those silly users that fail to keep their machines safe.

Grr, those pesky users! Wouldn't life be just so much better without them? But they keep not going away, so we must deal with them one way or another. And I know Linux is not inherently immune to exploits; some of the worst spam open relays in the world are improperly secured Linux Apache boxes with broadband Net connections.

But still, in terms of both absolute volume and annoyance value, the worm and virus carriers -- all of whom run Windows -- score orders of magnitude higher on the Internet Irritation Scale (IIS) than all the compromised boxes running all other operating systems put together.

What do you think? When we run into someone who's been victimized by a Windows-borne email virus, should we offer them a discount on a replacement operating system?

How about we offer them a free operating system to replace the one that's giving them trouble?

If you learn of such an operating system, please let all your Windows-using friends know about it. If you get just one of them to switch, and this helps prevents just one email virus outbreak, your efforts will not have been in vain.

Click Here!