Need someone to lead product management at your software company? I create software for people that create software and I'm looking for my next opportunity. Check out my resume and get in touch.

Symantec Spoofing

Freshness Warning
This blog post is over 20 years old. It's possible that the information you read below isn't current and the links no longer work.

Symantec obviously knows that the SoBig email worm uses spoofing to make it look like the virus was sent from someone other than the actual sender. So why does their server-based antivirus tool insist on replying to the sender that their system is sending SoBig emails?

I’m getting several messages a day from mail servers protected by Symantec and others notifying me that I’ve been sending SoBig attachments. I’m not the one that’s infected. It’s a minor irritation to me because I understand what’s going on. But what about people who don’t know? They’re getting alerts from anti-virus companies, but they probably don’t know that it’s a false alarm. I can imagine the average email user being panicked that their system is infected.

Chris
September 4, 2003 10:25 AM

Sad isn't it. - Most of the time this is admins setting up the software to reply (intending it for internal consumption) or the software not being bright enough to have a sence of direction. And thanks to SoBig Etc admin@my-domains goes to /dev/null and I no longer use M$ mail products.

Lummox JR
September 4, 2003 1:07 PM

Augh. I heartily agree that it's stupid of Symantec to do this. In fact, knowing that worms even *could* forge their sending address, it's beyond stupid that a notification feature was ever put in in the first place. Internal consumption doesn't cut it; you'll still be sending the same notification a zillion times, and the forged return address would still ensure that the message never got where it was meant to go. I've been doing battle with these bonehead admins, sending off letters (that sometimes make it and sometimes don't) to fix their virus filters. I also send letters to those who apparently aren't even using a filter, or at least are using one that doesn't stop Sobig. It was only recently that I learned Symantec was a major culprit in the notifications, though. http://www.pyrojection.com/archives/000511.php

Jeroen
September 5, 2003 9:09 AM

You could blame Symantec, but I think that they shipped their products configured like this long before viruses like Sobig found out how to spoof. Therefore, I think that the first blame is on the mail admins of these systems who did not care to change the default configuration of their scanner.

Lummox JR
September 8, 2003 2:35 PM

True, you could give Symantec a pass for that, if not for the fact that anyone designing an e-mail scanner *should* give a thought to these things. Sending out an e-mail with a spoofed header is rather trivial, and it's not as if spoofed spam didn't exist then. So I count this as extreme failure to think ahead to some obvious and inevitable future worm capabilities. I also, however, blame the admins who didn't turn off the notification. In a bizarre twist, Friday I got a notification spam from Virginia Tech of all places, which actually admitted that I might not be the sender. When I contacted their admin, I was told that they had no choice of turning the notification off (obviously not a Symantec filter then), which was an extremely bogus excuse. I was not kind; a technology-oriented university should know better.

Hadley
September 11, 2003 1:40 PM

On the other, perhaps those panicked recipients rush out and buy symantec antivirus?

This discussion has been closed.

Recently Written

Great prodct managers own the outcomes (May 14)
Being a product manager means never having to say, "that's not my job."
Too Big To Fail (Apr 9)
When a company piles resources on a new product idea, it doesn't have room to fail. That keeps it from succeeding.
Go small (Apr 4)
The strengths of a large organization are the opposite of what makes innovation work. Starting something new requires that you start with a small team.
Start with a Belief (Apr 1)
You can't use data to build products unless you start with a hypothesis.
Mastery doesn’t come from perfect planning (Dec 21)
In a ceramics class, one group focused on a single perfect dish, while another made many with no quality focus. The result? A lesson in the value of practice over perfection.
The Dark Side of Input Metrics (Nov 27)
Using input metrics in the wrong way can cause unexpected behaviors, stifled creativity, and micromanagement.
Reframe How You Think About Users of your Internal Platform (Nov 13)
Changing from "Customers" to "Partners" will give you a better perspective on internal product development.
Measuring Feature success (Oct 17)
You're building features to solve problems. If you don't know what success looks like, how did you decide on that feature at all?

Older...

What I'm Reading

Contact

Adam Kalsey

+1 916 600 2497

Resume

Public Key

© 1999-2024 Adam Kalsey.