I beleive that the impact of the latest virus as well as all those before this one would be minimized to a huge extent if all hosts and ISP's would do the responsible thing and setup email-side virus scanners. It is not overly complicated to setup MailScanner and sophos for Sendmail or the other antivirus products for the other mail transport programs.

I'm sure that most of you share my anger/frustration - the solution is so simple and even if it does cost a little bit of money if you can't afford to pay to protect your customers you shouldnt be in the business.

As ISP's and web hosts, we are what keeps the internet running, if everyone would take simple steps, the internet could be a much nicer place :-d

How true!

I just received an email from my home ISP saying "Don't open the following types of emails..."

It would have been much easier, safer and more efficient to simply filter the virus emails on their end. The viruses are coming attached to emails that say only three different things. Filter those phrases and the virus goes away.

I believe the responsibility should be on both end too. The users should also enable an antivirus too. There is no such thing as too much protection.

My home ISP does filter. Our servers does filter. However, while it is a good thing and value add to have, end of the day, education of users is more important as new and yet-unknown worms and trojans will always pop up and perhaps some that can escape detection.

You do make a good point, the initial break out will be bad until anti-virus companies update their dat files (for server-side) but after that, the spread can be stopped totally - so a few hours after a new email virus is found, it can be stopped totally.

It should be each users responsiblity to protect themselves with anti-viruses and firewalls, but ISPs and Webhosts who deliver emails to hundreds/thousands of users should also take responsibility because 15 minutes of work for installing an anti-virus on their mail servers can protect thousands of their customers - if every ISP/host installed a server-side email virus scanner, this email virus would have been stopped only hours after it started instead of showing no signs of slowing down (as it is now)

Yes it is the responsiblity of the end consumer to cook meat well to ensure that there are no bacteria lurking around, it is also the meat-producers responsibility to protect the end-user by making sure the meat is clean before it ever hits the stores.

Well I do totally agree with you. Just that sometimes, I really suspect the intelligence of some users. End of the day, it's the big ISPs that's probably at fault here and despite our efforts, it's not going to make a big dent in the spread of the worm.

Well - if everyone says "what i do will not have any effect" then we'd get nowhere. Every host/isp plays a part in the global internet and as such, we have a responsiblity to protect it and our customers.

The responsibility for filtering data is on the individual, not the host or ISP. Ultimately, that's how it has to be. Individuals pay to get data sent from one to the other.


Demanding hosts to be responsible is not going to get the problem solved in any way shape or form. What WILL solve the problem? Individuals using their brain and actually thinking about what they're doing. It only makes sense that an individual user would need to protect his (or her)self against that kind of stuff, not rely on their ISP and Host to do so.

Having a WINDOWS internet connection without having a firewall or an antivirus program is much like leaving home for a month or two, having a TV all that visible to all, yet leaving the front door wide open.

Personally, I think that internet usage should be licensed in some way, to encourage individuals to KNOW what they're dealing with and how to get around it. Most don't think about spam, virus, and the affects that these have on others, and it's always the host that gets blamed, but rarely (if ever) is it the host's fault.

Heyho,

there is a little bit more than just implementing the AV Engine into your MTA. Whats about the legal issues ?

In my part of the world there is a secrecy of telecommunications. A mailman is violating the law if he removes commercial mail (snail-mail) from your normal mail. Nothing else is done by ISP's or WH's if they filter email.

There is a german article which describes the problem in more depth : http://www.heise.de/ct/03/26/186/default.shtml

HTH
Oliver

You have been heard: http://asia.cnet.com/newstech/security/0,39001150,39166481,00.htm

I agree with wolfstream and oliver.

What's next? Virus scanning at the Internet router?

The ISPs are generally being paid as Internet connectivity. They shouldn't be arbitrarily modifyng the data stream.

I don't know about you, but when my ISP starts limiting my Internet connectivity with any types of filters, I get upset. I no longer have full Internet access.

Originally posted by bitserve
I don't know about you, but when my ISP starts limiting my Internet connectivity with any types of filters, I get upset. I no longer have full Internet access.

But what if others using your ISP are too dumb to install AV software/firewalls and start sending out millions of DDOS packets and viruses? If they bring down your ISP or get your IPs banned around the world you no longer have full internet access either, do you?

I believe ISPs have a responsibility to less technical users to have effective virus and spam filtering, to have it ON by default, and to have a way to turn it OFF for power users.

I will admit that if my ISP had filtered the MyDoom virus, it would have taken me up to 12 more hours to know about it and build filters for my hosting clients. I would be one of those with ISP filtering off, but I would hope all my neighbors have it ON.

You know what - its against the law (I believe) for the mail man to look through your mail, but if there is an anthrax tainted mail, should it be the senators job to decontaminate it?

When you buy meat at the store, is it your job to make sure that its free of bacteria and other unwanted contaminants?

Just as meat companies and the mail service protect us from health hazards, we should protect the internet from cyber-hazards.

I also do not intent to imply that the end-users should do nothing to protect themselves – on the contrary I believe that they should do all they can – however end-users pay us because they don’t have the time or (in most cases) don’t have the technical knowledge to do what we do for them. Simply put, ISP’s and web hosts are in the best position to stamp out these types of email viruses and instead most just sit with their tail between their legs and wait for it to die down. The virus email traffic is costing both ISPs and web hosting companies in degraded performance, overloaded lines, overloaded email servers and lost production time. Not to mention, the corporate damages in lost productivity and damages is estimated in the billions already.

Originally posted by sprintserve
You have been heard: http://asia.cnet.com/newstech/security/0,39001150,39166481,00.htm

That will bring only a temporary relief, nothing can stop those virus coders from coding it to randomly pick a subject line string, thus producing new generation of this virus.

Originally posted by phpdeveloper
That will bring only a temporary relief, nothing can stop those virus coders from coding it to randomly pick a subject line string, thus producing new generation of this virus.

However the virus attachement signature is still the same and can be eliminated by server-side virus scanners -- granted yahoo is just blocking subject lines (very stupid as it will definatley disrupt normal email traffic)

Yes, that's what they decided to do - block certain subject lines.

OK lets go back from cyber business to real business. Some of you have a company and receive letters from your customers.

What whould you do with the mailman if he opens every letter to check for anthrax ? Isn`t this a nice move of the mailman ? In my country this is forbidden !

So why do you think you are allowed to do theese things with electronic letters (called e-mail) ?

What if the specified recipient of the mail needs this virus because he has a personal virus archive. Perhaps he is researching the virus ? Perhaps the anthrax in your real life letter was just some packages of mail your mother send you because you are to stupid to buy the right one ?

The mailman is not allowed to check your mail and you are not allowed to screen the mails of your customers without prior permission of them.

But remember that really depends on your local law about the telecommunication secret. Go to your lawyer and ask him and he/she will give you the answer.

This is not a technical question its a question about breaking the law or not.

Good night
Oliver

There is a difference between a mail man sorting through your mail and a program checking specifically for the signature of a virus and nothing else...

but, I beleive in the US at some places the us mail is checked for anthrax contamination - or all letters are cleansed.

After the anthrax scare in the US, all the letters in the infected post offices were sent through machines that neutralized anthrax - just like a virus scanner should do

Originally posted by MaB
There is a difference between a mail man sorting through your mail and a program checking specifically for the signature of a virus and nothing else...

Correct, one can do physical harm, the other can do nothing physically to an individual. One can cause DEATH, the other is far from permament.

Yes, I agree, virus scanning should be in place, but it should NOT be required at the server level. That only encourages ignorance and incompetence on the user level.

Originally posted by wolfstream
Correct, one can do physical harm, the other can do nothing physically to an individual. One can cause DEATH, the other is far from permament.

The damages caused by these viruses is estimated in the billions for corporations - and it does have severe effects. People loose valuable files, have their personal identities compromised and these viruses not only infect end users, but infect power plants, sewage filtration facilities, nuclear power plants, shipping industry computers and more - doctors computers, medical records are compromised etc...

Originally posted by sightz
But what if others using your ISP are too dumb to install AV software/firewalls and start sending out millions of DDOS packets and viruses? If they bring down your ISP or get your IPs banned around the world you no longer have full internet access either, do you?

If a host is connected through that ISP legitimately, the ISP should be routing the traffic for it to and from the Internet.

I'm pretty sure that ISPs are already handling hosts that cause a disruption to their service without removing viruses from the datastream. I'm not sure how that is related.

There are legality issues, at least here ( Australia ) that my partner made me aware of. If we scan email for virii, and one slips through, we'd be responsible for the damage. No matter whats in our TOS. That doesn't make sense to me, nor should it and there is no way we are going to take that chance.