Security threats Toolkit

Symantec throttles automatic virus-notification 'spam'

Tags:
Antivirus,
Auto Responser,
Virus Notification,
Email Notification

Will Sturgeon silicon.com

Published: 17 May 2004 12:20 BST

Symantec has shown the way for other antivirus firms to finally end the proliferation of false virus notifications, which wrongly identify the source of an email-borne virus and add to the general deluge swamping users' inboxes.

Users who remain uninfected by computer viruses still often see a huge increase in email traffic as they are inundated with notifications resulting from spoofed email addresses in the 'from:' field. These wrongly tell them they've sent a virus when, generally, it is in fact somebody whose address book in which they appear that has been infected.

Some users have been getting so frustrated at the high numbers of such emails that they have been dubbed "as annoying as spam", according to Greg Day, solutions architect at rival antivirus firm McAfee.

Symantec said concerns about system resources and storage as well as employee productivity played a major part in the planning of the product.

During peaks of malware activity, users can receive hundreds of such emails per day but now the latest iteration of the Symantec's SMTP email security solution not only claims to remove the malware but also does away with the bandwidth-sapping, inbox-cluttering email notifications.

McAfee's Day is confident that all major antivirus companies will follow suit -- including his own. However, he added that many corporate customers, "as an interim measure, have already turned off user alerts".

"It's something we will do with each relevant product as soon as possible," Day said, adding that he expects every major antivirus vendor to do likewise, citing vocal end-user frustration at the messages.

Jay Heiser, chief analyst at IT risk management company TruSecure, said he welcomes Symantec's move because users tend to receive more bounce-back emails than they do actual viruses.

"It is impossible to be active on the Internet without having your email address used by one of the mass-mailing worms," Heiser said.

According to Heiser, a TruSecure survey conducted after the MyDoom worm showed that 14 percent of companies had their email perimeter filters configured to send notification emails.

"They should only send error messages back to those email addresses that are believed to be legitimate," said Heiser.

ZDNet UK's Munir Kotadia contributed to this report.