Community Newsletter: Q&A forum: 7/29/04 Help! I didn't send them that virus

I think the poster was refering to Sygate Personal Firewall here (SPF) and a good third party firewall like SPF that blocks unauthorized outgoing traffic from your computer can give you confidence that the emails, themselves, are not coming from your computer.

Many email worms and virii contain their own self-contained SMTP engines (the code that sends email) and do not rely on the code within Outlook Express or any other installed email client on your computer to send email in your name (assuming you are the one infected). The worm has all the program code it needs to connect and send an email to a faked or harvested email address from your system.

What SPF (and ZoneAlarm) does is validate that the program code trying to send an outgoing message has been authorized by you to do so. Obviously, if you have just been infected by a worm and the worm starts sending email out through your connection, a good firewall will detect the attempt, put it on hold and pop up a dialog box asking you if this new program code (the SMTP engine in the worm) has permission to connect. The answer, of course, is 'NO' and time to run a virus scan to get rid of the worm.

The worm, of course, could just use your existing (and approved) email client to connect and this is where I believe the the open-source Thuderbird email client really shines. I simply set Thunderbird to prompt me for my 'outgoing' SMTP password when I send email. Just about all email client can be set up this way. That way, if a dialog pops up asking me for my SMTP password . . . and I have not just sent and email . . . then I know something else (worm, virus, trojan, spyware . . . add your own flavor of malware here) is trying to do so. Thunderbird also has a great Bayesian SPAM-filtering feature that learns to detect those emails you deem SPAM.

The AAAAAAAA trick DOES NOT WORK and you are deluding yourself if you think so. EMAIL is STATELESS as previously mentioned. Each and every addressee is treated as a seperate email and one bouncing back will not in any way affect how the others are sent. You may (or may not) get a message in your inbox alerting you that AAAAAAAA could not be delievered which could clue you in that something was harvesting your address book, but all recent email worms have selected their email targets randomly and with some discretion to avoid 'alert' traps like AAAAAAAAA. It doesn't work!

On the flip side, much of these mailer-daemon administrative message about returned email and virus warnings are either fluff, bait, or needless use of bandwidth. I do not waste my time with responding, appoligizing or complaining about them . . . them simply go to the Trash Bin. I have sufficient faith in my anti-virus and firewall to know they are not coming from me. If my dearest and best friend calls me up and says I'm infected then I set him straight on the facts.

Solution: Ignore them (the email warnings), install antivirus and keep it up to date, use a third-party firewall that monitors and blocks, if necessary, outgoing connects.

AVAST Free AntiVirus: http://www.avast.com/i_idt_153.html
GrisSoft Free AntiVirus: http://www.grisoft.com/us/us_dwnl_free.php
ZoneAlarm free Personal Firewall: http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
Sysgate Personal Firewall (free): http://smb.sygate.com/products/spf_standard.htm
Thunderbird Email Client (free): http://www.mozilla.org/products/thunderbird/

Rick