Here at Network World, we practice what we preach when it comes to security - so I wasn't too concerned last week about the newest Sobig variant.
What proved to be really annoying, however, were the 47 gazillion automated messages I got from virus scanners at other companies saying I'm a low-life scum who had attempted to send a virus-infected message to one of their employees.
This sort of thing might have been almost useful a few years ago, back before virus writers realised how much fun they could have with the Microsoft Outlook address book. But these days, the messages clog in-boxes and confuse end users, because there typically is no relationship between the sender of an infected message and the person whose address is in the "from" field. So anti-virus vendors: Instead of sending out press releases every 15 minutes about how your product is faster than a speeding virus, could you maybe turn this "feature" off?
One cool thing that's come out of all this is that peer-to-peer anti-spam systems work. I subscribe to Cloudmark's SpamNet, which works in part by a feedback mechanism through which other subscribers report spam. By Tuesday afternoon, I noticed my spam folder was filling up with Sobig-generated messages, because SpamNet was marking them as spam.
Meanwhile, Kevin Werbach reported similar success with SpamAssassin and some hand-coded rules, but added that 1470 Sobig-related messages (as of last Tuesday) is just too much:
"We have to confront the reality: Either email is broken, Microsoft's email software is broken, or those two statements are the same. . . . "
As we here in Fusionland watched our in-boxes fill up last week, we got to thinking, "Hmm, there's a contest in here." Yeah, we need to cut down on the caffeine consumption. In any case, welcome to the official Network World Fusion 2003 Stupid Sobig competition.
The rules are simple: Send us, by 12.01am (EDT) August 28 (4.01pm today New Zealand time), the number of Sobig-related messages that have come into your mail account. We know that faithful Network World readers just love tallying up stuff like that. Send us, by the same deadline, your best or worst Sobig-related story, anecdote or comment.
The winner in each category will get a Fusion mousepad. Not available in any stores, these increasingly valuable collector's items will make you the envy of the cube farm. Entries can be sent to firstname.lastname@example.org.
Monitoring employees in the name of science
"The Cost of Email Interruption" is an interesting paper that attempts to gauge the impact of answering email on worker productivity. As interesting as the conclusions (that people stop what they're doing to read email, basically) is the detailed description of how the researchers collected their data:
"It was important that the Danwood Group employees did not know they were being monitored as this could have affected the results of this interrupt study," the authors write. So the researchers used WinVNC - after modifying the client to remove its telltale system-tray icon - and then had to convince management that it shouldn't get copies of all the recorded information.
"This concept is a hard one to accept for many managers,"the authors say. They reason that they could use the data to do some aspects of their work more effectively, such as targeting promotion, or even firing. Their company has paid to have the data collected, so why shouldn't it be made available to them? However, if the individual confidentiality had been compromised, the data used against even one individual would have brought the entire data collection scheme to an abrupt halt."