Problem solve Get help with specific problems with your technologies, process and projects.

With friends like these, you don't need enemies

Antivirus advertising adds to the workload of network administrators.

There aren't many things that people agree on, especially when it comes to the Internet, but spam and viruses are two things that are almost universally despised. When the two are combined, a groundswell of Internet anger arises, and the ubiquitous discussion vehicles that the Internet offers fill with posts of indignation and outrage.

The collective angst rose to new heights recently when a new virus named, depending on which antivirus vendor is your favorite -- Mydoom, Novarg or Mimail -- broke out. As viruses go, Mydoom was special. It took advantage of curiosity to begin its launch, and in a burst of creativity furthered its spread by sending messages to non-existent e-mail addresses to create bounces. Within a few days it was one of the most prolific viruses in the history of the Internet.

Network administrators, who from long experience know exactly what to do when a virus outbreak occurs, sprang into action, threw up quick filters to catch the virus, contacted their antivirus vendors for updates and watched their networks for signs of trouble. Help desks and support personnel braced themselves for the inevitable calls about occasional infections that slipped past the filters and successfully enticed users to help it spread.

Support calls increased as well with questions and comments from worried users. "Is this e-mail from the virus?" "Am I infected?" "Why am I getting all these bounce messages?" "Are you sure I'm protected?" "I'm sure you're probably aware of this, but I thought I'd let you know there's a new virus out." "Have you heard about this new virus?" The questions and helpful suggestions go on and on and on.

So why is the antivirus industry deliberately adding to the workload? Some antivirus vendors decided a while ago that detecting a virus was the perfect opportunity to advertise their products. So, whenever their software catches a virus, off goes an advertisement for their product, to both the "sender" and the "recipient," encouraging people to buy their software. If the e-mail went to the person whose computer was actually infected, it might be worth doing. But many of them go to innocent bystanders who may never have a virus infection in their life. Modern viruses forge the sender address and the industry knows that.

At least there is some sanity in the industry. When Sobig-F was released last Sept., Fridrik Skulason posted an open letter blaming the industry for the deluge of unnecessary mail. Recently he updated his letter to address the Mydoom outbreak and to respond to Brian Martin's article "Anti-Virus Companies: Tenacious Spammers."

Will antivirus vendors get the message? Only time will tell. One thing is for certain. Spamming the Internet with ads in the middle of a virus outbreak is no way to win friends and influence people.

About the author
Paul Schmehl is an adjunct information security officer at the University of Texas at Dallas, and a founding member and board member of AVIEN, the Anti Virus Information Exchange Network. His responsibilities include protecting the university from the many viruses and worms that circulate on the Internet.

Please send us comments on this article.

This was last published in February 2004

Dig Deeper on Network Security Monitoring and Analysis

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.