Network associates ed

BUSINESS MANAGEMENT
PUTTING SPAM TO
THE SWORD
BMA TALKS WITH ALLAN BELL OF NETWORK ASSOCIATES ABOUT THE STEPS THAT CAN BE TAKEN TO ADDRESS THE SCOURGE OF SPAM E-MAILS.
Aleading supplier of network security and availability
estimates lost productivity for US corporations at US$1 billion.
solutions, Network Associates, Inc. is best known for its Ferris Research estimates the cost for European companies at McAfee Security anti-virus software, Sniffer Technologies US$2.5 billion. Regardless of which study is accurate the cost is network availability and troubleshooting software and Magic Solutions helpdesk software. A recent technology acquisition has And then of course there is the inappropriate content. This now seen them also aggressively enter the anti-spam market. Allan would be an e-mail that would be considered offensive, and one Bell, Asia Pacific Marketing Director of Network Associates, Inc.
that is most probably an HR violation. It could be pornographic, spoke about this recent development and the importance of dealing racist, sexist, etc. and would offend an individual or group of people. This is a legal liability. In 1996 there was a lawsuit filed by female employees of Chevron Corporation who were offended by e- BMA. Why is spam such a big deal?
mails including one titled “25 Reasons why Beer is Better than AB. Businesses today rely on e-mail and anything that impacts e-
Women.” Chevron later paid US$2.2 million to settle the case, mail is a big deal. According to a 2002 European commission although they denied any wrongdoing. A racial joke that offended study – “Reduce the effects of unwanted e-mail” – spam, or junk some employees caused Morgan Stanley Dean Witter & Co. to face e-mail, costs over US$8.7 billion to internet users annually.
a US$60 million lawsuit. Although the suit was ultimately dismissed Everyone also agrees that spam is growing – although they can’t because it involved only a single incident of harassment, the agree on how quickly it is happening. The Aberdeen Group employer still settled the case by paying an undisclosed amount to suggests that spam may grow to account for as much as 50 percent of corporate e-mail by 2003. Most corporates today are faced with the task of filtering the overwhelming number of BMA. Are these exceptional cases?
unwanted messages received by end-users.
AB. According to the e-Policy handbook by Nancy Flynn, some
27 percent of Fortune 500 organisations have defended BMA. What exactly is spam?
themselves against claims of sexual harassment stemming from AB. Spam is junk e-mail. Everyone is familiar with advertising spam
that is generally trying to sell you something. In addition there is malicious spam, which is e-mail with adult content, violence or is an BMA. Is preventing offensive e-mails an employer responsibility?
e-mail that contains security threats. There is also what is AB. Traditionally employers have been responsible and liable for the
sometimes called ‘friendly spam’ – the time wasting jokes, chain actions of their employees in the workplace. However, if an organisation can demonstrate a ‘duty of care’ to reduce unacceptable employee activity then it could minimise its potential BMA. So is it about network performance?
AB. Network performance is a problem but not the main one. Most
spam e-mail is small compared to the e-mail attachments that form BMA. Is Network Associates a newcomer to the spam market?
the bulk of corporate e-mail and so there is not a big impact on the AB. Yes and no. We’ve had support for three-level spam filtering in
network. Instead, there are two serious problems for business: lost our WebShield gateway antivirus products for businesses for over productivity and legal liability through inappropriate content. In two years. We also introduced a consumer-focused product called terms of lost productivity, no one knows for sure just how much of SpamKiller in 2002, which has been very successful for home and an impact spam has, but there have been some studies. Gartner SOHO customers. We have found that businesses need a more BUSINESS MANAGEMENT
scalable solution, implemented at different points on the network to then it is definitely considered to be spam. The white list is the opposite. This is the list of e-mail addresses that are known to be good. As part of the process of creating white lists, BMA. Is that why you acquired Deersoft?
SpamAssassin will automatically connect with your Outlook AB. Yes. Their SpamAssassin engine has gained its excellent
contacts folder to create a personal white list at your desktop. For reputation by having a high detection rate for spam, combined example, law firms cannot afford to lose any e-mail from their with a low false-positive rate. A false-positive is an e-mail that is clients. If a partner is working on a case concerning Viagra (a wrongly detected as spam. The SpamAssassin engine uses a common spam topic) then she has to be able to allow those e- rating system that accurately scores e-mail based on a series of mails to come through from that client. By creating her own white tests. It is very accurate and can catch more than 95 percent of all list she is able to let through e-mails from specific clients or spam e-mail ‘out of the box’ while keeping the false-positive rate BMA. And finally, what is self tuning?
BMA. Does this mean I could lose legitimate e-mail?
AB. The SpamAssassin engine can learn the characteristics of the
AB. No. E-mail is not deleted. It is tagged as junk mail, and then
e-mail you receive. If some of your e-mail has formatting similar filed into a system junk mail folder on the server, or a personal to spam then the engine can learn to adjust the message’s overall junk mail folder located in user’s inboxes. SpamKiller makes it spam rating downwards so it doesn’t get classified as spam.
easy to filter out the unwanted e-mail.
These five levels of protection all help to deliver a high level of spam detection and reduce false positives.
BMA. How does SpamKiller find unwanted e-mail?
AB. The SpamAssassin engine used by SpamKiller uses a scoring
BMA. The SpamAssassin engine is open-source code.
system, based on an extensive rule set, to determine whether a AB. Yes. That is one of its strengths. The code for the engine is
particular e-mail message is spam. More than 650 rules are run publicly available on the internet. Anyone who wants to is able to against every e-mail and each rule is associated with a score, use it. It is similar to Linux in that respect. The engine is the positive or negative. Rules with negative scores indicate combined effort of many programmers and as such, Network attributes of legitimate mail; rules with positive scores indicate Associates collects invaluable feedback from the field. Network attributes of unsolicited mail. When added together, these Associates will also contribute some of its improvements back to individual scores give each e-mail an ‘overall spam rating’.
Utilising this underlying rule-set process, McAfee SpamKiller checks each e-mail message that is received by using five BMA. What benefits to the customer does Network Associates
different methods of detection: integrity analysis, heuristic detection, content filtering, black and white lists and self tuning.
AB. The benefit we bring over and above the open-source engine
Each of these contributes to detecting spam.
is the functionality and performance provided by the SpamKiller products. Deersoft and Network Associates have made various BMA. How does integrity analysis work?
performance enhancements to the SpamAssassin engine, which AB. SpamKiller examines the header, layout and organisation of
are not available in the open source version, making the McAfee each e-mail message, to identify the common characteristics of solution more suited for corporate use. The open-source version spam. An advanced pattern-matching engine simultaneously of SpamAssassin only works only on the Unix platform, it does applies thousands of algorithms during a single pass and the not contain any code to integrate with Microsoft Exchange or results determine a probability rating and e-mail is then classified Outlook and it does not have the benefit of commercial technical The SpamKiller ‘powered by SpamAssassin’ product family BMA. What is heuristics?
will have the benefit of McAfee’s strict quality procedures, our AB. This is a series of internal tests used by the engine to reduce
maniacal focus on our customers, as well as our future false positives. It looks for tricks employed by spammers and technology improvements that will be available only in the reduces the number of rules that need to be created.
McAfee SpamKiller products. Network Associates will contribute some of its improvements to the SpamAssassin engine back to BMA. Content filtering looks for key words?
the open-source project, but most of the features will only be AB. That’s right. You can search on those favorite words of
available commercially when first developed.
spammers such as ‘free’ or ‘win’ as well as pornographic words, BMA. Is McAfee SpamKiller available now?
AB. McAfee SpamKiller for Microsoft Exchange Small Business was
BMA. What are black and white lists? Which do I want to be on?
released in April. During 2003 additional products will ship including AB. You want to be on the white list. The black list is the list of
SpamKiller for Lotus Domino and add-ons to McAfee WebShield known spammers. If the e-mail is from one of these locations,

Source: http://www.value.co.th/th/products/mcafee/arti_spam.pdf