Sponsor's Message

I say "remnants," because my email provider's virus scanning systems had kindly stripped out the malicious payload and simply delivered me notification that it had done so.

An increasing number of ISPs are now including spam and virus/worm filtering on their email systems and this has to be good for everyone because, as recent events have shown, we obviously can't rely on users to patch their systems.

Yesterday I suggested that perhaps Microsoft ought to write its own worms to patch up security holes before a more malicious one exploits them. There was some interesting feedback in the forums and I note that IDG this morning carries a story that casts doubt on the idea.

While it's true that dumping code onto someone's computer (even if it's to fix up a vulnerability) might be illegal in some countries this wouldn't apply to a worm written by Microsoft itself.

How come?

Well remember that under its EULA, Microsoft already seems to reserve the right to dick-around with the contents of your PC's hard drive without telling you. This is done in the name of "digital rights management" of course -- but I see no reason why this can't also apply to patching security holes.

And the idea of using this "right" to mess with your hard drive is already being given some thought by the boys at Redmond.

The Washington Post carries the news that Microsoft is considering shipping future versions of Windows which are configured to automatically download updates unless the user explicitly turns off the feature.

Now while this sounds like a great idea, it does raise one important question:

If Microsoft stuffs up a patch (as they have done in the past), will they cover the cost of fixing up all those broken PCs which might not even boot let alone allow a user to connect to the Net and download a patched patch?

I think not -- so odds are that the vast majority of retailers and OEMs will turn off that feature before shipping their systems to customers. After all, they don't want their entire customer base ringing up one morning because their computers have stopped working after automatically downloading a bad patch -- do they?

But back to spam (groan!)

Yesterday I linked to this story in which it was explained that the spam/virus filtering system about to be introduced by Paradise and ClearNet actually involves people reading your email to make sure it's not spam.

Well that's not strictly correct. Only "suspect" email will be read, the vast majority of it having already been identified as spam or not spam by automated systems.

However, even although we all know that plain-text email is not a secure medium, don't you find it just a little worrying that there are people being paid to read your email?

LATE UPDATE
I've been informed that the story at IDG has now been corrected because there was some mis-understanding on their part in respect to how the spam filtering worked. Assurances have been given that your email won't be read if you're using TelstraClear or Paradise.

"plink!"

I've just had a good idea as I type this...

If we all had a layer of encryption associated with our email, not only could we stop casual email browsing by "interested parties" but we might also deal a punishing blow to spam.

Now who's going to be the (about to be very rich) individual or company who writes a very functional new email client that contains this encryption/decryption layer while offering backwards compatibility with plaintext?

All your friends and associates, once known to you, will have their emails encrypted using your public key. Your email client will realise them and pass their messages into your inbox. Those unknown to you (especially the evil spammers) will have to send plaintext that will be placed into a "for review" folder. Obviously additional filtering could weed out much of the obvious spam and virus-laden messages too.

I really think it's time that encryption became a standard, by-default aspect of email. What do you think?

If any Aardvark readers want to share an opinion on today's column or add something, you're invited to chip in and have your say in The Aardvark Forums or, if you prefer, you can contact me directly.

Contacting Aardvark
I'm always happy to hear from readers, whether they're delivering brickbats, bouquets or news tip-offs. If you'd like to contact me directly, please this form. If you're happy for me to republish your comments then please be sure and select For Publication.

Other media organisations seeking more information or republication rights are also invited to contact me.

Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

Contact me if you decide to use either of these feeds and have any problems.

Linking Policy
Want to link to this site? Check out Aardvark's Linking Policy.

Did you tell someone else about Aardvark today? If not then do it now!