The Email Hoax and SPAM (self propelled advertising material) Page
My take on E-mail hoaxes
>The "Win a holiday" message is a hoax - it is one of
any number similar sounding hoaxes that are floating around the internet.
While it is true that Bill Gates is a very rich man, he isn't going to send you
to Disneyland, or Acapulco, or even to Redmond, Washington; simply if you read
or forward his E-mail. Likewise, the American Cancer Society isn't going to
donate $.03 to a little girl who is dying of concer if you forward this E-mail.
On the other hand, virtual petitions and other calls to political action
might be legitimate. Individual decision makers are individuals, and each one
measures the power of a list of thousands of E-mailers differently.
E-mails and viruses
It used to be that E_mail was text, and you read it. Then, somebody invented a way to encode binary files for transmission by E-mail (not Microsoft).
Then somebody else (again, not Microsoft) invented a method of
compressing data and combining several files into a single file. So far, no problem: you had to decode and decompress a file you received before you could do anything with it.
So computer experts, including myself, were comfortable making statements like:
"While it is possible to get a virus via E-mail (especially if you are running
Microsoft Outlook), it is not possible to get a virus simply by opening
the E-mail. You have to
execute something, you have to run something, in order
for a virus to infect your machine. Otherwise, you can actually inspect
a virus in complete safety, so long as you don't run it, and you don't
run E-mails, you read them."
Now, if somebody were to send you a binary file as an
attachment (either UUencoded, MIME encoded, or BinHex encoded), I would
delete the attachment. This is true for Word for Windows documents,
Excel spreadsheets, .EXE and .COM files and ACCESS databases. If
you feel you must send one of these structured
datatypes, send it as an ASCII file or an RTF file (If you don't know what
this means, send me an E-mail and I will explain).
In general, you shouldn't need to send binary files.
If you are really and truly concerned about viruses on
your computer, then to the extent that you can, replace Microsoft systems
with other systems: use Netscape instead of Internet explorer, use Eudora
(you can get Eudora light
for free)
instead of Outlook or Exchange. If you can, replace windows with
Linux or freeBSD - secure, reliable operating systems. The Microsoft
world view puts a premium on features without thinking about possible adverse
consequences.
I get about 3 or 4 E-mails a week on the subject of E-mail
hoaxes - it is a matter of some concern. Some are hoaxes, some are
legitimate. About the best advice I can give you in the future is,
when you receive a virus warning, find a computer expert you trust and
ask him or her for their opinion on what the virus is and what should be
done. Then, and only then, should you forward the mail
What do computer experts do about this problem?
If you are a computer expert, then here are some clues that a virus warning
is legitimate.
-
If you read about it in CERT's website
or at Microsoft's website, then
it is legitimate. It is possible but unlikely that either Microsoft
or CERT would let their sites get hacked, so these are reliable places
to go. The problem is that both of these sites have so many things
they are working on, it is hard to find what you want to know. The
CERT has a FAQ (Frequently Asked Question)
list, and a page on hoaxes.
-
If the virus warning ennumerates which platforms it works on, then it might be legimate;
but if it doesn't ennumerate which platforms it works on, then it probably
isn't legitimate. Remember that a Windows virus probably can't run
on Linux, and vice versa. A Windows virus can't run on a Macintosh
(unless you have a windows emulator). A Macro virus can only run
on the programs with that macro language.
-
If it explains the technical details about how the virus works, then it
might be legitimate. Warnings that are vuage on the details about
how the virus works are probably faked. The "Win a holiday" hoax
is vague and self-contradictory - first it says there is nothing you can
do, and then it says to take precautions. "Take precautions" in an
of itself is vague - specifically what should you do? Examples of
specific instructions include:
-
Disable Java
-
Delete this .DLL
-
Upload this patch kit from this vendor
-
Change this setting
-
scan your system for this byte string.
-
If the warning discusses the security flaws in the MS-Windows security setup - there
are so many flaws in the MS-Windows system that there is no point in discussing
them. If you are relying on your Microsoft operating system for security
- you need help. That's not to say you can't have secure data on
MS-Windows; just lock the doors at night.
Finally, remember that diversity in nature is one of the
defenses against viruses (other animals don't get AIDs, humans don't get
Feline leukemia - both diseases are caused by Viruses). Diversity
in computers is also a defense against viruses. Windows/95, Windows/98,
and Windows/NT are not diversity. But the computer world is remarkably
diverse: Linux on PC, Alpha, PowerPC,
MIPS, SPARC, Merced, M68xxx, PDP-11... is diversity. OS/360 and its
EBCDIC speaking descendents are diversity. MPE, RSTS, RSX-11, CP/M, openVMS,
MacOS, be, Mach, BSD, system V, QNX, IRIX, Idris, Apollo, pick are all diverse
operating ssytems. For secure,
highly reliable applications, where failure is not an option, don't
use Microsoft operating systems.
If you have any questions, please E-mail me at home: jeffs@mail.jeffsilverman.ddns.net
Other E-Mail Hoax websites.
The "Win a Holiday" email is a HOAX!!! SEE: http://www.stiller.com/holiday.htm
for more information.
The "Little Girl Dying of Cancer email is a HOAX!!! See http://www.cancer.org/letter.html
or http://www.cancer.org/chain.html
for more information
Bill Gates is not going to give you money for sending an E-mail.
Bill Gates won't even honor the guarantee that comes with Windows/98, and that's
a legal obligation!
Other good hoax sites include:
http://kumite.com/myths/
http://snopes.simplenet.com/spoons/faxlore/faxlore.htm#faxlore
http://www.consumer.net/
http://www.nonprofit.net/hoax/
http://www.urbanlegends.com/
Check them out! Don't be fooled again!!
SPAM (self propelled advertising material)
In Washington State, it is illegal to send SPAM, and it is illegal to send
SPAM to a Washington citizen. See the enabling
legislation.
What you can do about it
Legally and morally
You can E-mail them and ask them to stop sending you E-mail, but that's always
a dubious proposition because now they know that they have an E-mail address
that's actually used.
E-mail them to mail you more information using snail mail, er, I mean, the U.S. Mail.
Then, don't respond to their mailing. It costs a significant amount of money
(about $.20) to send a real mailing. If everybody did that, then the marketing
costs would kill them. Eventually.
Legally but of dubious morality
Call their 800 number. Not once, but many times....
Illegally but effectively
Wanna take out SPAMMER? Alright, you can do it because of an intrinsic
design flaw in TCP/IP: the security functions are near the top of the OSI
model. So we bypass the higher level functions and take out the lower
level stuff with things like mail bombs and bad TCP connections.
A "mail bomb" is a program that takes out a mail system - there are several
ways to do it. My favorite method is a special program that connects to the
victim's E_mail port and starts the process of sending a mail message, but
never finishes it. Repeat over and over again. This is especially effective
on Exchange server, because of a design flaw inside it. SPAMmers traditionally
use Microsoft operating systems because they are too stupid to master something
that takes a little thought (if they could think, they would get legitimate
jobs).
Technically, a mail bomb is illegal because it is a form of wire fraud. It might
also be construed as an act of vandalism. However, it is hard to prove in
court, before a jury of peers. And the defendant would be asked why he or
she might do such a thing, at which point the victims' actions would be
introduced. It's always hard to predict what a jury will do, but they have
been known to stand up and cheer the defendent.
see new web server .web server .web server .