Failures of Information Security: Observing the World and Asking Why

By Adam Shostack and Andrew Stewart, Addison-Wesley Professional |  Security, data breach, information security

Spam, and Other Problems with Email

The flood of unsolicited email flowing into our mailboxes seems to get worse each year, despite more antispam software, more laws, and more email lost to spam filters. In 1994, a law firm decided that the internet would be an ideal way to advertise its legal services. The firm sent a message to thousands of discussion groups, advertising its services. This was widely seen as having opened the floodgates to today’s deluge of spam.

Sending an email message is so inexpensive that it makes sense to send one to every email address that can be found, rather than trying to pick specific recipients. Imagine if companies didn’t have to pay anything to deliver paper catalogs. Everyone’s mailbox would be stuffed full of catalogs from every company in the world! After all, they can’t make money unless people know about their revolutionary product. The United States today doesn’t have a general-purpose privacy law that forbids the secret harvesting or sale of most types of personal information, so email addresses are not protected. Privacy laws in other countries vary, but strong privacy laws don’t seem to inhibit spam.

There are two types of spammers. The first are companies you did business with once, which then send you emails forever. Even if you ask them to stop, the mail keeps coming. Consumers see this as spam. However, these companies have real products to sell. They’re not outright fraudsters. The second type are criminal spammers who send spam about things such as sex pills, stocks, or quick fixes to your credit. These criminals often break into computers and use them, along with their network connections, to send spam.

As spam was rising, so was a new problem—adware. Adware companies called themselves “affiliate marketers.” They claimed that people chose to install software that displays pop-up ads to the user. Sometimes this was and even still is true, but often the adware is embedded in other software and installs itself without the meaningful consent of the PC’s owner. (By meaningful consent, we mean that the person installing the software understands what he is getting into.) Adware can also piggyback on a program that a user wants. Sometimes this is done with the cooperation of the author of the desirable program, who takes part of the revenue and earns a living by giving away his software. Other times, this is done as an unauthorized repackaging of innocent software. The adware industry has been creative in devising new ways for its software to surreptitiously install on people’s computers. Adware uses innovative means to ooze into the obscure corners of a computer so that it can’t easily be removed. Today, some experts say it can be more cost-effective to reinstall a computer than to remove a bad adware infection.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness