Store
|
Contact Norman
|
About Norman
|
Select location
Corporate
Norge
France
Deutschland
Sverige
Danmark
Suomi
Nederland
Schweiz
España
United States
United Kingdom
Italia
Proactive IT security
Home / Home office Small / Medium business Enterprise Our technology Security center Norman as a business partner Support   Partner web
Home
>
Security center
>
Security articles - archive
>
2009
>
The death of a killer application?
Norman SandBox center
Submit file for SandBox analysis
Search malware analysis database
View latest SandBox analyses
Malware statistics
Virus descriptions
Security articles - archive
Malware types
Threat level
Current virus threats
Security blog
Email statistics
Books, general white papers etc.

The death of a killer application?

2009-05-29 [Spam, Trends & predictions]

The introduction

The first Internet killer application is by many considered to be email. Standard communication protocols for sending and receiving emails over the Internet (SMTP and POP3 / IMAP) co-exist and can interchange messages with proprietary communication systems like for example Lotus Domino and Microsoft Exchange.

Decades after its introduction email may arguably still be viewed as the most important Internet application for organizations and individuals. Even short breakdowns in the email system in an organization cause major problems, and it is difficult to see how most entities could function smoothly over time without a functioning email system in place.

Of course email has been supplemented by other communication systems in recent years, like instant messaging and different groupware systems. These are however, supplementary rather than substitutes for the email system.

The problems

Unfortunately email as a secure and reliable communication method has recently been threatened by ... email!

Unsolicited email - commonly known as spam - has been an increasing problem. It is estimated that the amount of spam these days represents far beyond 50% of the total amount of emails sent over the Internet.

The main motivation for sending out spam is economic gain. Either directly as a common marketing device, or indirectly by tricking the recipients to click on malicious links and thereby infecting the computer with malicious software, and then use the computer for criminal activity. This article will not focus on the techniques used for spreading spam and/or other malware.

This article's main theme is spam as a phenomenon and the fact that this represents several problems, which will be discussed below.

1. A break-down of the Internet

As mentioned, the amount of spam emails is huge, and some have predicted that it may even result in a break-down of the Internet itself as a communication device. Either the Internet itself as the electronic highway, or the mail servers which are serving the emails sent through the Internet.

So far this prediction has not come through. The most straining messages sent as emails are probably the pandemic mass-mailing worms from early in this century, like Sobig.F and worm in the MyDoom family, neither of which caused any real danger over time to the Internet as infrastructure.

Presumably the increased amount of spam as any other increase in traffic-generating systems will be met with increased band-width and server capacity, and as such will not represent any severe danger to the Internet as the communication system modern society depend on.

2. Too much noise

A more serious problem - at least as seen from an individual's point of view - is the fact that a major amount of the emails that are waiting in the inbox each morning to be processed, consists of spam messages. It does not take long before one stops opening messages that is suspected to be spam and deletes such very quickly - often in bulk. The single legitimate email that is "hidden" in a long list of spam may thus easily be deleted by error.

Each of us has probably noticed just a second too late that the latest email deleted should not have been deleted at all. Often it may be retrieved from the trash folder, and this saved. But how may email do we not became aware of being deleted by error?

The sheer amount of spam represents a severe problem as legitimate messages may not reach the intended recipient.

3. Filtering spam

Quite soon after spam became recognized as a serious problem, applications that were able to stop spam messages became available. Norman offers a range of such applications like Norman Email Protection and Norman Online Protection.

You can find at least three main types of antispam products:

  • stopping spam on the client, for example as an integrated module in the email client,
  • stopping spam on the email server, either as an integrated module in the email server or a separate application,
  • stopping spam on the Internet Service Provider, usually as part of its service to its customers.

Common for all these are that current, modern systems have sophisticated algorithms for detecting spam. However, as we discussed in a previous security article - there is an inherent problem with such technology: legitimate emails may be detected as spam.

Fortunately many antispam systems have the option to go through messages detected as spam to verify that no legitimate emails are among them. Unfortunately many people do not bother for various reasons (one may be that they rely on the antispam system). And those who do go through the spam reports are inclined to have the noise problem described in 2 above.

Since some antispam applications present the users with reports at regular intervals, email messages that are erroneously intercepted in the spam filter will be delayed. This in itself may represent a problem, which is not solved even for those users who are able to ignore the noise problem.

The effect

The consequence of this is severe!

We cannot fully depend on email as a (quite) secure communication device. Even without any malicious program that intercepts our email, or even if there are no errors in the address, or even if the email reaches the destination (technically), the email may not reach the recipient's attention.

The sender is not notified that his message did not get to the designated person. The recipient has no idea that someone has sent her the email.

Some senders try to remedy this by confirming that the recipient actually did get the message, but that is not common unless the message is extremely important, and most people are not very happy to receive a "did you see the email I just sent you" phone call...

The solution

Sadly no good solution to this problem exists.

Several systems are available to mitigate the problem. One example is to set up the sender's email client to notify when the recipient opens the email, but this is not supported by all email systems. Similar problems exist with other types of "solutions" using current wide-spread technology.

New emailing systems, which have taken the spam problem seriously and have built-in verification systems, are designed, but neither of these have been commercially successful for different reasons. One such reason is the fact that we as users want simple, smooth and easy systems, even if this to some degree compromises security. [This in itself will most certainly be a topic for a future security article.]

The prediction

If someone comes up with a system that solves the issues discussed above, he/she has given birth to a new killer application.

Relevant products
Norman Email Protection (SMB)
Norman Email Protection Appliance (SMB)
Relevant solutions
Email Solutions

Related security articles

The Internet Crime Complaint Center's report for 2009
Summing up 2009 - predictions for the year to come
Holidays - preferred season for children and ...criminals
Social networks - a criminal's best friend or her enemy?
Plug-ins to applications - a ripened target for malware
RSS FEEDS
Latest Security articles
Latest Blog items
Latest News
Latest Support issues
Current Virus treats
RSS feed
Privacy policy
|
License agreement
|
Trademarks
|
Sitemap