Skip Navigation Links
By Dr. Philip Baczewski, Associate Director of Academic Computing
Like many others, I spent the last weeks of August and the beginning of September deleting returned E-mail messages that I was in no way responsible for generating. The returned messages usually came with a rather indignant notice that a virus was found in my E-mail or sometimes that the destination address was unknown. All this excitement in my life was caused by the Sobig.f virus. The Sobig.f virus randomly selects an address from a file on the infected machine to use as the "From:" address. Who knows how many friends, associates, correspondents, readers, and spammers have my address lying around somewhere on their computer? Apparently, quite a few.
I feel particularly victimized by this latest E-mail virus because I have absolutely no responsibility for spreading it and the bounced messages were particularly useless. I use Mac OS X -- the virus affects only Microsoft Windows systems. I use the Mulberry E-mail client -- the virus attacks primarily through the Microsoft Outlook program. And, the mindless handling of the virus by mail servers throughout the world just made it more annoying. I was particularly amused when sun.com bounced a message back to me that originated in Finland. I'm not sure which is more amusing -- that UNT might be located in Finland or that I'd be in Finland and corresponding with Sun Microsystems (but I think that happened in a dream once, or was it a nightmare?).
Of course, E-mail handling is designed to be mindless. This was a good idea when a few million computers were on the Internet. E-mail delivery is designed to be handled with as little operator intervention as possible. If there's a delivery problem, the sender is notified and sometimes also the postmaster from the sender's domain if the sender can't be reached. This works just fine when you assume that people and programs are sending E-mail in good faith and for legitimate purposes. With "billions and billions" of computers and less than scrupulous users out there, that assumption no longer holds. What used to be a useful methodology for finding, diagnosing, and fixing problems has become an overwhelming mess of constant computerized whining.
It may be time to abandon the notion that all E-mail needs to be accounted for. Rather, make it the sender's responsibility to request delivery confirmation if it's needed. This is already an option in the Internet E-mail specification and most clients support requesting a delivery receipt. If someone asks, then provide an acknowledgement of delivery or delivery failure. Otherwise if you can't deliver it, just throw the message in the "bit bucket" (in other words, just delete it from your server).
In the case of the Sobig.f virus, the mindlessness of E-mail servers was particularly evident. It made no sense at all for mail servers to bounce Sobig.f-infected message back to the "sender" when it was known that the sender was not the actual source of the message. The stupidity of mail servers was responsible for doubling the amount of E-mail traffic generated. A clever system administrator could probably write a rule to just throw away Sobig.f messages if they were returning from a virus scanner, but it appears that not many of them did in this case. The fact that Sobig.f was set to stop propagating after September 9, probably made such a task counterproductive, but somehow I don't think this was the last worm of this type we'll see.
If it's August ...
August was a particularly active month for Internet worms. The Sobig.f infections followed right on the heels of the Blaster worm(s), making it a miserable month for network security professionals everywhere. Both of these had the commonality that they infected and were spread by Microsoft Windows systems. I suppose you can argue at length about whether the rash of Windows viruses and worms are because there are more of those systems out there, or that those virus and worm-writing evil-doers just have it in for Microsoft because they just don't believe in Bill Gate's freedom to innovate. But you have to admit that one reason these things propagate is that Windows makes everything SO conVENient.
Who is smarter: you or your E-mail program?
As long as any program has access to the entire operating system (as in Windows) viruses and worms will easily spread. As long as programs like Outlook automatically display files and execute mail attachments for you, viruses and worms will easily spread. As long as intelligence is placed in programs rather than in users, viruses and worms will easily spread. In my E-mail program, I decide whether and when to display an attachment. I decide whether an attached program can be executed. Who is smarter: you or your E-mail program?