ITinfo: QinetiQ - Proactively Preventing Email Viruses

Site Directory
Membership
Train-the-Trainer
Trainer Certification
Certified Training Materials
ITinfo E-zine
Responsible Training
White Papers
Trainer Resources
What's New
Speaking Engagements
Onsite Training
ITrain Gear

Don't Send That Virus!

Infected users prevented from sending email viruses

ITinfo Sponsor

ERROR: Random File Unopenable

The random file, as specified in the $random_file perl variable was unopenable.

The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.

QinetiQ - Proactively Preventing Email Viruses

by Dave Murphy
ISSN 1535-3613

The current spate of VBS email viruses are usually propagated by an inadvertent granting of access to an infected user's email address book. The first 25, 50, or all addressees receive a message with the infection attached.

To protect ourselves, system administrators and IT trainers admonish us to remain vigilant and constantly update our antivirus software. This is one of the most reasonable protections against receiving an incoming infection.

But there's another alternative. If we think outside the box or, rather, look at the other side of the box, there's an opportunity to prevent transmitting infected messages once we've been attacked.

Current antivirus software attempts to protect our systems from attack, but once a virus gets in, there's nothing to stop it from promulgating itself to all addressees in our address book. Until now.

Most users send a message to one or two recipients at a time. Unless we're in the business of online marketing, it's rare for most of us to send "bulk" mail using our address books. Even those who do send large distributions, this e-zine, for example, are handled by large-scale email distribution systems, usually on Linux servers or larger-scale systems.

A virus that attempts to send a message to a large block of addresses should be detectable and the transmission prevented.

That's what the researchers at the United Kingdom's Defence Evaluation and Research Agency (DERA) unveiled at last month's InfoSec 2001 conference. Their software application, SyBard/Mail, alerts the infected user to suspicious outbound mail traffic.

A partnership between DERA and a for-profit company, QinetiQ, will develop a commercial version of SyBard/Mail for release later this year.

On July 2d, QinetiQ will be Britain's largest independent science and technology company. With an 8,000 strong workforce, the new company will continue to deliver science-based solutions to both the Ministry of Defence and private sector clients.

SyBard/Mail will ship in three versions, starting with a lightweight version that provides a basic check on outgoing mail. The midrange solution will be a Professional version that will hook into the advanced security features of Windows NT and Windows 2000 (and presumably Windows XP) and will also include content-monitoring capabilities. And for those who must have secure end-to-end communications, SyBard/Mail's Advanced Security Option provides a digitally signed control at the firewall.

I like the idea of an outbound mail monitor because it can be installed for users with large address books who aren't diligent updating their antivirus software.

Call for Comments

What do you think? Leave your comments on the message center.

References

DERA
QinetiQ
Message Center

Previous issues are on our website at http://itrain.org/itinfo/.

International Association of Information Technology Trainers
PMB 616
6030-M Marshalee Dr
Elkridge, MD 21075-5987

410.567.5366
1.888.290.6200
fax: 801.650.0423
Membership Director: member@itrain.org

Return to ITrain Homepage

http://itrain.org/itinfo/2001/it010509.html
updated May 9, 2001