April 6, 1999 Web posted at: 5:26 p.m. EDT (2126 GMT) by Paul McNamara

From...

(IDG) -- Now that last week's e-mail virus epidemic has subsided, a question vexes network executives: What can be done to prevent the children of Melissa from causing even greater harm in the future?

There is no single answer, experts agree. Network World posed the question to more than a dozen network professionals who attended last week's Electronic Messaging Association conference in Dallas as their colleagues struggled with Melissa back home. Among the consensus views:

Software vendors in general, and Microsoft in particular, must work harder to stay ahead of the problem, especially regarding "information-gathering" viruses like Melissa.

Network administrators need tighter and more granular controls over macros that enter their networks via e-mailed Word attachments.

End users must be educated and convinced of the need to practice safe e-mail, al-though a few dissenters at the conference consider this approach ultimately futile.

Virus authors must be faced with stiffer penalties - as in jail time - to deter them from plying their wares.

The vast majority of end users who were faced with the Melissa virus have never used a macro in a document and don't know what to do with a macro, says Edmund Lee, vice president of information services at E.W. Blanch Holdings in Minneapolis. "I'd like to see administrators have more control over [those macros]."

When Melissa was first detected, Lee's IS team remotely reset the macro warning mechanism on the desktops of end users who had deactivated it. "Of course, you can't force users to then disable macros," he says.

"Vendors have got to deal with the issue [of macros], and it seems to me that Microsoft has an important role to play here," says Blane Woodward, IS manager at Northwestern Mutual Life in Milwaukee.

First discovered on the alt.sex newsgroup on March 26, the Melissa virus spread rapidly as recipients of the infected Word attachment unwittingly launched the malicious macro it contained.

The macro in turn helped itself to the first 50 names in users' contact lists and sent copies to those people. The e-mail always appeared to be from a known party, which helped it spread within a day to thousands of companies.

MORE COMPUTING INTELLIGENCE
	IDG.net home page
Network World Fusion home page
Free Network World Fusion newsletters
Reviews & in-depth info at IDG.net
Questions about computers? Let IDG.net's editors help you
Search IDG.net in 12 languages
News Radio
	Fusion audio primers
	Computerworld Minute

Macro viruses are easy to write, and the interoperability of e-mail software gives viruses ample opportunity to spread. So guarding against Melissa-like viruses in the future may involve trade-offs, observers say.

"We have to find a way to not only have better control over who we receive e-mail from, but also to authenticate or trace the e-mail," says an executive for a major brokerage firm, who asked not to be named. "[End users] will have to give up some of their privacy in exchange for better security."

Limiting the number of points at which Internet e-mail can enter your network will help reduce the damage done by viruses when they occur, according to an administrator at a major defense contractor.

"We've contained the routes through which incoming e-mail can pass, and that's how we were able to stop the proliferation of Melissa while we cleaned up all of the internal servers," he says. "At the same time, we're looking at routing incoming messages through a dedicated machine that will do virus scanning."

The approach will be costly, he says, "but there's also a cost associated with not bothering."

While everyone agrees that end users need to know more about viruses and exercise care when opening attachments, there is disagreement regarding the proportion of responsibility they should bear in the future.

"Users have to be better educated about the risks of opening Office-style documents with macros in them without virus-scanning on their desktop," says Neil Farish, a consultant with The Devon Group in Ottawa.

The suspected creator of Melissa was arrested late last week in New Jersey by federal and state officials. Punishing the Melissa perpetrator is considered by most to be an important element of reducing future virus threats.

"The penalties should be incredibly severe," Farish says. Not only should the virus author be punished, but so should any irresponsible ISP or other company that might be at fault, he says.

Overall, conference attendees were pessimistic about the future of virus control.

"As soon as [vendors] do more, the hackers will find another way around it," says the defense contractor administrator. "There's no perfect security system, unless you shut everything down."