Last week's commentary about the various avenues of infection open to the malicious hacking (i.e., Lovesan, and although I didn't mention it by name, the SoBig virus) going on in the real world generated quite a few heated responses from readers. As usual, some readers agreed and some disagreed with each side of the issue I presented. In retrospect, I might have painted the IT universe with too broad a brush, so I'd like to revisit the topic this week.
A large percentage of this column's readers are IT professionals or power users in small companies. From these readers, I received many messages describing their attempts to keep up with the latest patches from Microsoft, and their eventual decision to give their users greater access to their computers so that the users can run Windows Update themselves. The businesses for which these readers work employ only one or two full-time IT people, who are already overwhelmed by business-process-focused tasks and need the cooperation of users to keep computers updated with system patches and real-time antivirus tools. An equally large percentage of readers told me that they are hard-pressed to keep up with required system updating but that their corporate policy is to lock down user computers as tightly as possible, so individual users can't perform their own updating and must depend on IT staff to do the job.
The most interesting responses I received are from some users who are livid that they were attacked from inside their large corporate environment. In these companies, more than just one user sent the SoBig virus to the addresses in the corporate address book. Although IT staff in these companies had updated the email gateway scanning software, many readers reported receiving hundreds of SoBig-infected messages before their local antivirus software was updated. This situation makes me wonder how many environments are well secured from outside attacks but vulnerable to internal attacks.
Finally, many IT professionals contacted me to complain about the side effects of the various network attacks occurring. Their primary concern is that they have had to deal with spoofed email using their companies' domain names and a corresponding amount of automated email containing antivirus software rejection or infection notices. A few of these readers are seeing more than 20 percent of their total email capacity used to transmit various alert messages to noninfected addresses. Some readers lamented needing to explain to non-IT management that the email slowdown their companies have been experiencing isn't due to problems with the computing environment. Their systems have the necessary patches, firewalls, and antivirus software to protect all the corporate computers. Despite all that effort, they're victims of the possibly unintentional side effect of other networks' and users' infections: Their email systems need to deal with other email systems' robots.
That particular problem ties in well with a concern I've been calling for action on: Vendors of system-protection products (e.g., firewalls, antivirus software) need to look for ways to build additional intelligence into their products. After dealing with an almost overwhelming flood of both SoBig infected messages and antivirus software alerts informing me about infected messages I've been protected from, plus dozens, if not hundreds, of similar alert messages from outside email servers, I think there has to be a better way to handle antivirus software notifications. Do any vendors reading this newsletter care to shed some light on their plans to do so?