Given that many spammers re-route their messages and forge the origin of e-mails, the effect sender authentication will have on spam volumes has been widely debated. Although it's still very early days, supporters of sender authentication believe it will play a significant role in reducing the seemingly never-ending tide of unwanted, unsolicited e-mail.
And yet, while the pros and cons of sender authentication in relation to spam are debated, something seems to have been overlooked. Sender authentication was never designed as a way of beating spam. Rather, it's a means of determining whether or not an e-mail has been spoofed. That necessarily means technologies offering sender authentication will (potentially, at any rate) have a far broader impact.
E-mail-borne viruses
Potentially, sender authentication will have a major effect on a variety of aspects concerning e-mail security, including e-mail-borne viruses. Spammers aren't the only ones who know how to re-route their e-mail and disguise its true origins. Virus writers are pretty adept at it as well. Any e-mail containing a virus that claims to have been sent from somewhere other than the domain it really came from could be rejected via sender authentication without the virus itself ever having to be identified.
And it doesn't stop with spam and viruses. Online phishing scams are another variety of security breach that could be hampered by sender authentication. Phishing scams involve the forging of e-mails to make it seem as though they have been sent from legitimate financial institutions and other well-known organisations. These messages would find it far more difficult to reach possible victims should sender authentication technology become widespread.
The chances are that adoption of sender authentication will increase significantly in the near future. While we shouldn't get carried away and assume that it will spell the end of all our e-mail worries, it's likely to play a hugely important role in the continuing fight against all e-mail security breaches (including spam, viruses and online phishing).
Indeed, this is particularly significant when you consider that the once definite lines between the different types of threat are becoming increasingly blurred. Viruses are being used to plant open proxies for the covert dissemination of spam, and only recently we saw spam being used to seed a distribution network for a new Trojan.
E-mail security threats are converging, which means that the technologies making the greatest impact will be those addressing e-mail security as a whole for end users instead of solely focusing on one small part of what's rapidly becoming an interlinked and ultimately inseparable area of IT security. In this respect, at least, sender authentication is heading along the right tracks.
E-mail security threats are converging, which means that the technologies making the greatest impact will be those addressing e-mail security as a whole for end users instead of solely focusing on one small part of what’s rapidly becoming an interlinked a
Can viruses ever be 'good'?
The squabble between the Bagle and Netsky virus authors has dominated the computer virus scene of late. Although many are now tired of the Bagle versus Netsky episode ('Virus Eye', SMT, May 2004, p88) and are waiting for the perpetrators to pack up and go home, the fact that Netsky attempted to remove Bagle from infected PCs has thrown up an interesting question. Can a virus ever be a positive thing?
One security company seems to think so, as only just prior to SMT going to press a spokesman suggested that the spat between Bagle and Netsky had turned into a 'good' versus 'evil' battle, and that the authors of Netsky were in fact working for the greater good of the computer-using community by removing Bagle. Sorry, but I'm not convinced.
Long before the debate around Netsky first surfaced, there had been claims that good viruses are possible. One theory involved a 'compression' virus designed to compress executable files in order to save disk space.
We've also seen the Noped worm, which searched an infected computer for what it believed to be illegal sexual images of children. These might sound good in theory, but all viruses carry undesirable side effects.
The concept is a problem
All viruses are guilty of unauthorised entry and modification upon infection. Plus, all viruses use system resources such as hard disk space, memory, network traffic and CPU time. Last year, the Nachi worm tried to remove the Blaster worm, and also attempted to download Windows security updates to close up the hole which allowed both Blaster and Nachi to spread in the first instance. However, Nachi generated more network traffic than Blaster, and therefore did more harm than good.
The self-replicating nature of a virus also causes problems, as once it has been released into the wild it cannot be controlled. This means that bugs and clashes with existing programs would be commonplace.
The concept of a good virus also presents problems for the anti-virus industry itself, as products and services would need to be able to tell the difference between 'good' and 'bad' viruses. Modifications that result from infection could also give rise to copyright, ownership and technical support issues. If a program had been altered by a virus the manufacturer would be within their rights not to offer assistance in the event of problems – leaving the user stuck.
Anything positive that a virus could do can (and should) be done by legitimate programs and tools as part of requested and controlled deployment. You don't need a virus to clean up your machine.
Source
SMT
Postscript
Alex Shipp is senior anti-virus technologist at MessageLabs (www.messagelabs.com)
No comments yet