[clug] [AUSCERT ALERT - Email worm W32.Beagle.A/Win32.Bagle.A]

Nemo -earth native- nemo at nut.house.cx
Mon Jan 19 10:25:19 GMT 2004 

On Mon, Jan 19, 2004 at 08:45:11PM +1100, Damien Elmes did utter:
> Nemo -earth native- <nemo at nut.house.cx> writes:
> 
> And instead annoy random people on the internet! I can appreciate the
> desire to please the customers over strangers, but this has to be
> balanced against the impact on the global community.

Fair call. Given that many from addresses don't exist at all, I still
feel the overall impact is best handled this way.

> My experience has been the reverse of yours - the majority of spam I
> get is caught by spam filtering software and is marked as so. "The

Oh, my general experience with spam is the same there. I've been quite
happy with spambayes since I switched to it a few months ago. 

> message you (didn't) send was blocked" messages tend to creep through
> since they don't look like spam, and they prove to be a big annoyance.

I had a flood of those once (before I started with spambayes I must
admit, so I suspect they'd get through at first at least), but it was a
short term thing, and are outnumbered by spam (and rejected executables)
by several orders of magnitude. 

> automated system. And your system prevents the recipient from ever
> being aware of the missed mail (to "not annoy them"), and this could
> prove to be a big problem if they're waiting for a particular message
> and time is of the essence.

Yes, this has happened. When we first put the system in we had a couple
of customers (from memory, literally just the two) ring to ask about why
their colleagues could not send through a .exe file to them. ie, the
original sender had phoned the intended recipient and thus prompted a
call to me. I explained the reasoning behind the block - as a blunt but
very very effective virus blocker - and it was accepted as reasonable.
(one was a tad grumpy about it as I recall, but accepted the reasoning)

By comparison, I've definately had several (more than two, but probably
less than a dozen from offhand memory) customers ring with praise
regarding our effective email worm block system. We've gained at least one
customer specifically because of this. 

Given that customers are much more likely to complain than to praise, I
think in general that the solution is liked.

> Your approach certainly saves the customer time, but whether this
> leads to a happier customer is not clear cut. Some customers would

I believe so, but admittedly, that is just the impression of one person
based solely on unsolicited feedback. I concede the opinion of the
unspoken masses may differ, but I personally doubt it in this instance.

> prefer a reminder that they are protected from the nasties of the
> internet, and would not want to move to a system where they could be
> unaware of emails which had been sent to them.

Well, we certainly don't hide the fact that we do this block - and it's a
fairly common question these days as to what email spam/virus protection
we offer. Increasingly I'm also finding that customers *want* unwanted
mails automatically deleted. (as opposed to merely marked as spam as
we do now (for the curious: spamassassin, userconfigurable threshold
and whitelists)

Having the control to do all this stuff on our own system and by our own
settings is definately a good measure of a 'power user', but IMHO, most
users don't care and want their ISP or equiv to handle all of this for
them. 

.../Nemo
-- 
  ------------------------------------------ --------------------------
                                                    earth native

More information about the linux mailing list