Windows & .NET Magazine UPDATE - Special Edition--September 26, 2003

This Issue Sponsored By

Argent Software



Mark Minasi, senior contributing editor for Windows & .NET Magazine, provides insights into and analysis of today's hot Windows 2000 and .NET trends. In this special issue, Mark Minasi offers up an idea for an Internet user certification to help combat the spread of email viruses.


Sponsor: Argent Software

Network Testing Labs, one of the world's leading independent research companies, put together a comprehensive Comparison Paper on two leading enterprise monitoring solutions. Their conclusion: "The Argent Guardian easily beats out MOM in all our tests... The Argent Guardian will cost far less than MOM and yet provide significantly more functionality." Find out for yourself why organizations like Major League Baseball, GE Capital, AT&T, Harley Davidson, and Nokia all rely on The Argent Guardian for their enterprise monitoring and alerting needs. Download this Comparison Paper now:


==== Commentary: Is it Time for a Driver's License for the Information Superhighway? ====
by Mark Minasi, Senior Contributing Editor, Windows & .NET Magazine, [email protected]

I don't know about you, but I'm tired of the SoBig.F worm and its variants. Several zillion mail servers have been sending me messages telling me that I sent them a virus--when of course I didn't. (And why haven't administrators shut off these now-pointless, Internet bandwidth-wasting messages?) Other mail servers keep telling me that they couldn't deliver some virus-carrying email message that, again, I didn't send.

The email overload isn't merely a matter of annoyance. In the past few months, SoBig variants have generated so much email traffic that they've affected the Internet's ability to move data around. And who's at fault?

This virus isn't like the MSBlaster worm; it doesn't exploit a hole in Microsoft Outlook or Outlook Express. Instead, it exploits the fact that some people--many people, sadly--are still opening email attachments without a care. That thought is absolutely stunning.

In the past few years, we've seen dozens of email-attachment viruses, from Melissa to Klez to Sircam. It's hard to believe that so many people are still completely clueless about attachments. So I'm proposing an "Internet user certification."

Email viruses would essentially go away if I could teach everyone with an email account a few simple things: I'd explain that sometimes bad people write special email attachments that can do bad things if opened, even without a single "Are you sure?" dialog box. I'd caution these users that opening the wrong attachment can start a chain reaction that can bring down a company's network or even the Internet. Therefore, everyone must examine attachments before opening them--and the best way to do that is by using antivirus software. But I'd caution them that antivirus software needs to know the characteristics of all current viruses, so everyone must periodically go to the antivirus vendor's Web site and download the latest virus information, called "pattern files." If these users received an attachment that they weren't expecting, I'd instruct them to contact the sender, if possible, and ask whether he or she meant to send that attachment. I'd add one final thought to instill that a responsible email user will have downloaded the latest pattern files and can scan the attachment for a virus before opening it.

I wrote that last paragraph to demonstrate that teaching users how not to spread email viruses is simple and would take less than 15 minutes. Then, to obtain a certificate, users would pay $10 and take a simple test that reviews their knowledge of safe attachment handling. After you pass the test, you'd receive an email public/private key pair. (The $10 would help pay for running the certificate authority--CA).

After a sizeable population of people had their email training and were using their certificates in their email messages, we could start combating email viruses. We could set up our software to delete or reject messages that don't have a valid certificate from one of the recognized Internet certificate-issuing authorities. Less-picky folks could configure their servers to place the uncertified items in another folder, to be looked at later. I think most of the email-using world would have a certificate in fairly short order.

Then, when someone opens a virus-laden attachment and the virus sends out tons of virus-laden email containing his or her certificate, everyone would know who launched the virus. Perhaps that person would lose his or her certificate for a time or face tort lawsuits? Maybe we could even use these certificates to throttle spammers.

Let me close here by freely admitting that I haven't worked out all the details. In fact, when I first started talking to people about the concept of Internet user certification, I had my tongue just a bit in my cheek. However, I think the idea is worth considering, and I herewith offer it as a kind of open-source project. And yes, I know that in reality a worm wouldn't send out email with a certificate. But perhaps once certificates were widespread, we could think about email server software that works only with certified mail. Shoot the idea down or sketch it out; I look forward to your thoughts.


==== Sponsor: MR&D ====
Become an Active Directory black belt with Mark's "Running a 2003/2000-based Active Directory" seminar, or develop XP support eXPertise at "XP Professional for Support Professionals." Or just get his FREE networking techie newsletter at


==== Announcements ====
(brought to you by Windows & .NET Magazine and its partners)

Get Problem-Solving Scripts That Will Simplify Your Life
OK, so you're not a programmer. But if you read Windows Scripting Solutions every month, you don't need to be. Tackle common problems and automate everyday, time-consuming tasks with our simple tools, tricks, and scripts. Try a no-charge sample issue today!

Active Directory eBook Chapter 4 Published!
The fourth chapter of Windows & .NET Magazine's popular eBook "Windows 2003: Active Directory Administration Essentials" is now available at no charge! Chapter 4 looks at what's inside Windows Server 2003 forests and DNS. Download it now!

==== Hot Release: Tackling the FCC's New FAX Regulations (Technical Whitepaper) ====
Ready or not, the FCC's regulations regarding FAX are here. Think they don't affect you -- think again. If you are sending anything via FAX these regulations impact your organization. Register for a whitepaper:
Designed to be a guide for companies needing to adapt their fax communications to ensure FCC compliance, the whitepaper provides an overview to the July 2003 FCC rules and discusses tools to help companies fax responsibly.

==== Event ====
(brought to you by Windows & .NET Magazine)

New Web Seminars on Exchange, Active Directory, and More!
Check out the latest lineup of Web seminars from Windows & .NET Magazine. Prepare your enterprise for Exchange Server 2003, discover the legal ramifications of deterring email abuse, and find out how Active Directory can help you create and maintain a rock-solid infrastructure. There is no charge for these events, but space is limited, so register today!

==== Sponsored Links ====

Aelita Software
Free message-level Exchange recovery web seminar October 9th;6098474;8214395;v?

Free Download - NEW NetOp 7.6 - faster, more secure, remote support;5930423;8214395;j?

Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.;6080289;8214395;q?

==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]

This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

Copyright 2003, Penton Media, Inc.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.