globeinvestor.com

News from The Globe and Mail

ANDREW ALLENTUCK

Wednesday, May 21, 2003

If you have an e-mail account, you probably have a torrent of spam. In an update of mob economics from the 1920s, the spammers who clog your e-mail with unwanted pitches are now selling anti-spam software.

It's the digital version of what Al Capone's goons did during the 1920s when they sold protection from their own gang's violence to small businesses that were readily thugged into co-operation.

The trouble is, much of the spammers' anti-spamware contains viruses that infect the computers on which these programs are installed, or worms that eat their way into computers, replicate themselves and mail themselves to folks with whom the luckless victim corresponds. So says William Plante, director of worldwide security and brand protection for San Jose, Calif.-based Symantec Corp., maker of the top-selling Norton anti-virus program.

In other words, spammed anti-spamware may open the door to still more -- and dangerous -- spam.

Low prices are the come-on for bogus anti-spamware that is built into popular anti-virus programs. In one recent ad spammed to the multitudes, a sender who calls himself Daniel offers spam-fighting Norton Anti-Virus Internet Security, for just $42, which is about half the usual $99.95 price.

There are many other promotional deals, but since most are pirated copies, they are unable to download fresh virus definitions from leading anti-virus product vendors like Symantec, which develops and maintains Norton's security products, Mr. Plante says.

Some of this spammed and bogus anti-spamware comes with its own self-destruct viruses, says Peter Beruk, director of anti-piracy compliance programs for Rockville, Md.-based Network Associates Inc., which sells the popular McAfee anti-virus products. Worse, he says, by buying pirated anti-virus programs from unknown on-line vendors, a person can be inviting more spam.

"The problem in getting anti-virus software that may not be supported by its developer is that you are releasing identifiable information to the spamming company," Mr. Beruk says. "You are telling them where you live, your name, your credit card data, and you are confirming that you are a person who may buy from this kind of organization. You are also opening up a back door to your computer so that folks can swipe things that they have an interest in. It's like leaving the front door of your house open."

According to Mr. Plante, Norton anti-virus and anti-spam products have become the most pirated software packages. And much of this pirated product is infected.

"Every month, we find an incident of a virus or a Trojan Horse (a virus hiding in another program) in pirated Norton product. Last year, we intercepted over 750,000 pirated or bogus disks," Mr. Plante says. "Currently, we deal with 1,500 to 1,700 complaints on a daily basis from consumers who have bought what they think is Norton software and realized that there is something wrong. Or they are sick and tired of spam offers for Norton products. For this reason, we have given up soliciting sales by e-mail."

A typical offer for Norton Systemworks 2003 Professional Editon comes from a person called Gerardo at fintan@web.co.jp. It offers $300 of Norton anti-virus/anti-spam software for $39.99 with free shipping. The more tempting the offer, the less likely it is to be for the genuine product from the company that develops and maintains it, Mr. Plante adds.

Tainted or dysfunctional anti-virus and anti-spam software promoted by spammers is a recent development, Mr. Plante says. "Symantec, Norton's publisher, did not have this problem two years ago. At that time, counterfeiters were promoting Microsoft Corp.'s operating systems. But MS came out with XP and tied configuration of each program copy to a single machine. So the pirates moved to the next most popular program, Norton Anti-Virus."

The battle to control the sale of anti-virus/anti-spam products is vital to the interests of the entire computing industry. If the spammers win, they will be able to sell their cheap versions, often with decompiled code that renders programs inoperable or even destructive to the computers on which they operate. If the developers of genuine anti-virus/anti-spam products prevail, they will protect their sales and the integrity of the e-mail and interactive Web sites they protect.

The power of the legitimate anti-virus industry is a slim defence against virus writers and worm developers. Virus writers have already created the Winevar worm that burrows into the hard drive of infected computers ready to send copies of itself to other machines, which then launch denial of service attacks against Symantec.

Maintaining the integrity of e-mail is vital. A Web site devoted to security issues, http://siliconvalley.internet.com, has estimated that there will be 76 billion spam e-mails sent in 2003, which Mr. Plante estimates will be half of all e-mails in the year. Many of the spams have an attachment that deletes Noton Anti-Virus. And then, defenseless, a computer is hostage to whatever mayhem a spammer has in mind.

The anti-virus industry will be bringing out its own big guns next year. In the 2004 edition of Norton anti-virus products, there will be an activation installation system that helps to protect against pirating, Mr. Plante says. Of course, given the history of program protection systems, viral pirates may overcome these new defences.

The problem of bogus anti-virus programs remains acute. Anti-virus software should be a shield against digital mayhem, but in pirated or bogus form, it can be a welcome mat for the mayhem it is supposed to block.

How to avoid trouble with bogus products

It's not really that difficult to ensure you buy genuine anti-virus products. Here's how to avoid trouble:

Buy shrink-wrapped Norton Network Security, McAfee VirusScan or other Web and e-mail security programs from stores you know.

Buy downloads on the Web only when the offer has an address that looks like the developer's. Buying from someone called Becky or Anti-Virus House with a Universal Resource Locator (URL) that looks like it's perhaps in a centre of program piracy in the Far East is not the way to get the real thing. Any Web address that looks wrong probably is wrong.

Don't swap anti-virus programs. Another person's program could be a pirated copy or pre-infected with viruses.

Don't open attachments on e-mails from unknown senders. The attachments may launch executable programs that compromise or delete perfectly good anti-virus programs you are already running.

When you get an offer of a cheap anti-virus program with an option to be deleted from the spam list, just delete the mail. It's counterintuitive to avoid being deleted, but the real purpose of these delete buttons is to report to a spammer that you are a live body. Play dead.

If you have the time, forward bogus e-offers of pirated anti-virus ware to developers such as norton.com and mcafee.com.

Avoid spammed offers completely with programs like Deersoft's SpamAssassin Pro that resides on top of MS Outlook and Outlook Express. Users can tweak filters to add or to delete words and other alerts to spam. Deersoft is a unit of Network Associates Inc., which is also the publisher/developer of McAfee security products. There are many other anti-spam products, including IHate Spam, but no guarantees that open-source programs from unknown sources will be free from trapdoors that allow in even more spam.

© The Globe and Mail