While many of you do not realize it, Most malware and viruses come to you two ways and the largest by far is email.
The majority of you are most likely using a virus scanner and a malware scanner but that in no way gives you 50% protection against these tiny pieces of code that most of you are carrying and do not know it. Most of those tiny pieces of code exploit problems with software. And while some of those vulnerabilities are from the operating system, most/others are from add-on software like adobe reader and java and the like. It’s almost funny that the government uses adobe for all it’s legal documents. And for those that need to read them, a giant security whole for intruders to leap into your system.
Oh.. yes they tell you while no software can give you complete protection and some other BS to give you a feeling of confidence that you should not have.
While you use those scanners to protect you, and they do protect you to some good extent, the trick is to write to the operating systems registry to exempt flavors of old malware and send a new variant of that malware in to do the job. Your scanner looks past it and so it’s never caught.
Most of you do not have the skills necessary or the time to keep an eye on that exception list.
But back to the point of the story here, as it’s all about email.
Everyone has shrugged their heads about what to do with spam and I don’t see it as a big issue and it’s easy to fix if there is a actual want to fix the problem. And that is another topic we won’t talk about here (the political motives behind no action). To fix 1/2 of the security problems we need to have real security in our email system.
Real security involves enforceable rules.
1st – be it known that all email is traceable after the fact. This needs to be changed to traceable up front/ before that fact of opening it. All servers that handle email should be registered and certified.
Some of you might argue that privacy is an issue here and I would agree that is why I told you up front that all email is traceable after the fact so you really have no less privacy than if it is traceable in the front end.Think of the privacy you loose when the malware is sneaking around in your system capturing who knows what info from you.
Those folks who want to send a untraceable message (if there is really such a thing) know email is the worst way to attempt it because it has the stamp of where it originated (ip address) from, to what server received/handled it and when and when it was delivered and by who. How do you think they certify emails used in court cases.
2nd & most important – Users should be allowed to block a email address (not just auto purge it) so that it bounces to the sender and the sender does not know if it was undeliverable or blocked.
They call it “bounce”. I’m sure you have gotten a bounced email from entering incorrect address and it came back as undeliverable / bounced. The sender should not be able to determine it is blocked. At this point it is undeliverable either way.
A user should be able to bounce the same for a email that did not come from a certified server as per item #1.
3rd – It must be a prosecutable offense to do devious things in a email. Having a direct traceable route upfront should even allow me to sue the offending party internationally or take down the server where they originate from. Hard to get a international agreement on this ??? Not if you don’t allow email from countries that do not agree. You want to play ball… these are the rules !
EMAIL has become a way to go into the crowded theater anonymously and scream “FIRE”. We can not have internet security without email security. Fix spam and you are half the way to solving email security.
There are many things that could also be done but these should be fairly easy to implement if the will is there to do it.
If you were to just implement #2 spam would be reduced by at least 95%. Spam, believe it or not clogs up the internet, wasting a bunch of bandwidth that could otherwise be giving you better speeds to load web pages.