Anyone else getting e-mails containing the Win32.Netsky.P@mm virus? I thought it was interesting that it stamps the e-mail as being virus free with the name of, and a link to, a valid anti-virus company. I guess that just goes to show how useless those annoying little tag-lines are.
Symantec has some good details about it. Down at the bottom of their page you can see the spoofed tag-lines.
If you use an unpatched Microsoft e-mail program then you will spread the virus just by reading it.
If anyone actually bothered to read all of this I will propose a solution. Instead of just appending a tag line claiming it is Virus free, they need to actually attach a digital signature to the e-mail. The anti-virus companies would be key authorities, and issue keys to everyone who has their software. Then when you send an e-mail it is automatically signed with this key. Then when that e-mail is received there is a chain of authority allowing the receiving virus scanner (or e-mail client) to verify it was actually scanned by a legitimate sender. If a key gets compromised then the authority (the av company that issued it) would reject the key.
To prevent spoofed digital signature attachments from compromised systems, the user would have to enter their pass phrase to access their digital signature, just like strong crypto products do today. That, in combination with the actual outgoing e-mail scan would be a good combination. Many of the good virus scanners today will actually warn you if your machine is acting suspect, like sending similar e-mails too close together.
An advantage to wide spread adoption mail of signatures is it could also stop the spread of SPAM. Simply mark any unsigned e-mail as questionable. ISP's could also be key authorities for everyone who is authorized to use their SMTP servers. Then the SMTP server would simply reject any e-mail that did not have a proper digital signature from one of their subscribers. If you received SPAM with a valid signature then you can simply report them for spamming (to their ISP and your ISP, maybe other blacklist maintainers), and blacklist their key. If an individual gets too many complaints against them, then it is their ISP's responsibility to reject their key. If an ISP gets too many complaints against them then the other ISP's can black list their key chain, thus rejecting all their subscriber's keys.
An advantage of this kind of solution is that it could be rolled out slowly. ISP's, mail clients, and AV software that supported the signatures could white list eachother. Any unsigned e-mails could be treated with caution. This would provide motivation to support this feature as it would move everyone onto white lists. Since end users could vote with their money by buying AV Software and e-mail clients that supported this feature early adoption would motivate ISP's to start supporting it as well as other software vendors.
No comments:
Post a Comment