Tuesday 3 November 2015

Is anti-virus dead? Part 3

The answer to malware arriving by email, is email filtering.

There's already a number of services that claim to offer email filtering, filtering out spam and malware. They claim to stop 99% of spam, and I'm guessing that this is probably true. But what about emailed malware?

I don't know. I've looked at a few of these services, and they don't disclose enough of what they do, for me to form an opinion. The thing is, if you filter out spam, then just by doing that, you'll also filter out most phishes, scams and emailed malware. And in the case of phishes and scams, "most", usually meaning "99%", is good enough. If the occasional email offering you $10,000,000 gets through, that's not a big problem, nothing terrible happens (unless the user is gullible, which can happen, which which case that user gets an expensive lesson in the benefit of critical thinking). But if an email containing malware gets through, and the user clicks on that, then the installed malware is now on your internal network, and can be used for all sorts of nefarious purposes, none of which will be nice, and some of which will be quite nasty. For example, the malware could install a keystroke logger, and when it gets anything useful, like a username/password, it can send that to the malware owner.

Here's what I would want an email filter to do. Filter out spam, of course, but to guard against emailed malware, it isn't enough to use a scanner. You must do this:

If an email contains a js (javascript), exe or a scr attachment, delete (or sequester) that attachment, but allow the rest of the email through.

If an email contains a zip attachment, and the zip file contains a js, exe or a scr, delete or sequester, but allow the rest of the email through.

If an email contains a doc file (or docx, xls, pdf etc) then process the file to remove all macros. Likewise if that is inside a zip.

Where I say zip, read that as meaning any compression system (rar, 7z etc).

If anyone knows about an email filtering service that offers the above, do please let me know.

If there is no email filtering service that offers the above, then you now have an opportunity to get in on the ground floor of a problem that is only going to get worse.

No comments:

Post a Comment