Sign Your Users Up in the War on Spam and Viruses

By Dee-Ann LeBlanc | Jun 18, 2002 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/article.php/1367651/Sign-Your-Users-Up-in-the-War-on-Spam-and-Viruses.htm

As a mail administrator, it's your job to fight the evils of the Internet and try to keep spam and viruses away from your users. I'm sure you already know that. You probably spend a lot of time fending off complaints about unsolicited email, and cleaning up messes after viruses rampage through your systems. You probably don't even get thank yous from the folks who messed up in the first place.

Let's take a look at some things you can teach your users, or do on their machines, to make your own life easier. You'll still be short on thank yous, but you'll make up for that with a lot fewer complaints and panics.

Fighting Viruses
If at all possible, install antivirus software on every end user's machine. And don't just stop there. Set it up to automatically check for updates and then update itself at minimum on a daily basis. That's right, daily. Or, if you don't want that kind of external bandwidth hit every day at 05:00, set up a central machine to update itself over the Internet, and then have the user machines grab updates from your central update server. How you do it isn't as important as doing it.

And don't think that if your users aren't running a combination of Microsoft Windows and Microsoft Outlook, that they're perfectly safe. Viruses, worms, and their wriggly little cousins come in all shapes and sizes, and for more than just one program and one operating system. As people continue migrating to other solutions then virus writers will start targeting them as well. So get your act together now and make sure your systems are protected.

Yes, this could add up to a lot of work. But it's a lot less work than having to dig around on the Internet and find out every little change a virus makes so you can remove it from your users' systems while management wants to know how they got infected in the first place. If no one will open the purse strings, just show them a few statistics about our latest virus friend, Klez.

Antivirus programs to check out include Norton Antivirus (http://www.symantec.com/nav/nav_9xnt/), McAfee VirusScan and their online scanning service (http://www.mcafee.com/), and a wide range of other products for a variety of operating systems.

Fighting Spam
If spam is getting out of control in your workplace, you'll know about it. Everyone from the CEO to the mailroom will be coming to you, asking for protection from the growing mounds of drek pouring in. There's a few things you can do about this on the end user side of things. First off, you might be able to convince the bosses to invest in spam filtering software, at least for some of your personnel. Some popular Anti-spam programs include SpamKiller (http://www.mcafee.com/myapps/msk/default.asp) and SpamCop (http://spamcop.net/).

Also, watch the legal side of things. Spammers are finally being taken to court, and legislated out of particular areas. Depending on the laws in your part of the world/country/state/province/city/etc., you might actually be able to take legal action. If you can't, then let your legislators know that if spammers claim to run a legitimate business, then they shouldn't be spoofing addresses, using misleading subject headers, hijacking other people's equipment to send mail from to avoid being filtered out, and so on. Encourage your co-workers and bosses to speak up as well.

Education
Once you've set up the other solutions, do yourself a big favor and write up a set of policies that will help against spam, viruses, and improper use of email on business time and equipment. You might have to do two separate ones: one as a strictly business policy statement, and another as a "social engineering" method of trying to get people to actually abide by them.

Gather your ideas in the strict policy, and then expand on it in the friendlier version. In the nice happy version, try to avoid just laying out rules, and lots of "don't do this" and "don't do that." If you want people to follow your lead, you need to give them good reasons to do so, so include lots of examples and explanations. Make it peppy and maybe even entertaining. You might even want to bring your technical writing department in on this if you have one, or the PR/marketing folks, if you're uncomfortable with persuasive writing.

Great ways to sell good antispam and antivirus policies to your users includes pointing out that:

  • Knowing and using this information makes them sound more savvy when talking to Internet-literate friends.
  • Knowing this information lets them be the guru in teaching family, coworkers, and friends how to deal with spam and viruses.
  • This information will help them at home as much as it will help them at work.

Wrapping Up
Fighting viruses and spam requires a lot of cooperation between IT and end users. Make life easier on yourself and your user base by giving people a clear education on spam and viruses, how to deal with them, and taking the time to implement whatever antispam and antivirus solutions your budget allows. If you need some starting points for suggestions to your users, try the following:

  • Don't purchase services or products from a spammer. When one spammer manages to make money, it encourages the entire lot of them.
  • Watch out for emails from unfamiliar names that tell you to click and go to a web site. The site might actually be waiting to do harm to your machine.
  • Viruses and worms travel in many ways, and exist for just about every operating system. Don't open unsolicited attachments, even if it looks like it's from a friend of yours=97if you're not sure, then ask them before opening. The From field in your email might actually be a lie.
  • Your employer has the right to look at any email you send from work. Keep all of the really personal stuff for talking about from your private email account at home!
  • Please don't forward jokes around from work. Especially don't build joke newsletters at work. Keep that for your personal time. We have no sense of humor at work.
  • Beware heartwrenching stories, health warnings, "business offers," and so on. They might actually be hoaxes. Before you forward them to anyone, make sure they're legitimate: try the Urban Legends Combat Kit at http://netsquirrel.com/combatkit/ and HoaxBusters at http://hoaxbusters.ciac.org/.
  • Beware virus warnings that don't come from the antivirus companies. They might be hoaxes too! Check Vmyths (http://www.vmyths.com/) before forwarding these on to your friends.