SECURITY RUN AMOK
Everyone is tired of electronic junk mail. We are at the point where most of us get more spam than legitimate emails, where viruses come into our mailboxes on a weekly (or daily) basis, and every website seems to generate a pop-up or two. It can be hard to wade through your desktop to fine the web-pages that you actually want to view.
This encroachment of unwanted data has spawned an entire industry of software makers who specialize in blocking all of this unwanted stuff — and we have to wonder, are they doing all they can? After all, if someone found a way to quickly and accurately traces spammers and legally charge them for their actions, it would immediately destroy the profit margins of the manufacturers of anti-spam software. We have to face it, spam is lining the pockets of far more people that those who are listed in the ads, and no one more so than those who create programs to stop it. The same could be said for viruses. After all, where would Norton and McAfee be if Windows were virus proof?
It’s a sad testament to the state of the internet that most of us now have at least one, if not several, pieces of software devoted solely to stopping unwanted advertising or viruses. I personally have a firewall, a virus checker (actually it’s an integrated package), Ad Aware (to remove spy and ad ware that comes bundled with many programs), and an email a spam killer. It’s about $120 worth of software, but I’ve shopped carefully. You can spend a lot more to maintain the sanctity of your desktop.
Unfortunately, in the act of blocking all of this unwanted information, we’re also depriving ourselves of all kinds of stuff that we want. For example, JavaScript is a great little scripting language, often used to pop open browser windows when you select a link. It’s far more powerful than html, since the programmer can control the size, location, style, and settings for the window very easily. Pop-up ads use JavaScript (JS) to open windows, but so do many other programs. The last version of the AUSU chat system did, and our current chat uses little JS windows to allow you to send private messages, or to view a persons’ profile. One of our council members quickly found this out, because her pop-up blocker was stopping these windows from opening.
The tendency may be to blame the chat programmer for using these windows, but JS windows were not invented for creating annoying ads — the pop-up makers simply use this technology to ply their annoying trade. Some companies, like Amazon book stores, use pop ups to alert shoppers of special deals. For our chat profiles, a tiny JS window is far better than a full screen html window, which would block the whole chat.
It’s come to the point that I’m very leery of using any JS windows when I make a website, but it’s very limiting to not be able to use this feature! Likewise, AUSU has an email list which we use to inform our members of AUSU news and events. We have about 800 subscribers who want to be informed via email, but I fear that many of our emails are being lost to spam killers, which delete anything that comes to undisclosed recipients. (If you have a spam killer, check your deleted items once in a while, and set your spam killer to allow email from ausu.org!)
The culmination of this problem is in the use of internet blacklists – a current topic of discussion on our new forums, and a pet peeve of mine.
These international listing services collect data on internet addresses (IPs) of people who send spam. Any company that subscribes to that blacklist will filter their email though the list, and emails coming from the block IPs will never arrive at their destination.
It sounds good, but the problem is, not everyone on a spammers IP or email server is a spammer! Recently, my home email address was blocked by AU and I was not able to contact my tutor with a very important question. I also was not able to send in my assignment. I was stumped.
I tried emailing Tutor Services for help, but that email bounced back. So did the one that I sent to Ask AU. I finally realized that I’d been blacklisted, as were thousands of people who had email accounts through the German GMX service. I had to call AU and have my email manually unblocked. My gmx account was blocked in so many places, I had to seek a new email service for my permanent address.
Only a month later, I was having trouble again. This time, it was my internet connection, through Shaw cable in Calgary, that was blacklisted. In this case, Shaw — one of the largest high speed internet providers in Calgary — took steps to rectify the problem and had their email server removed from the blacklist within a few days. This is fortunate, since my Voice and AUSU email at that time had to go out through my home account, and I had no other way to email the university.
People are being affected by blacklisting all over the world, at different companies. I do respect the right of any company to control incoming viruses and spam. In the case of AU, however, maybe this is not the best way to go. AU is a public institution, and its members — distance education students, who have paid a great deal for their courses and access to tutors — need to be able to contact the university and faculty without this hindrance.
I wonder how many people are on a blacklist, but unaware. Maybe they think they can’t contact their tutor because of a bad address, or a problem on their own system. Heck, even AU staff aren’t clear on how the system works. I recently contacted the Computing Services Help Desk to have my email unblocked for the second time. They were friendly and helpful, as always. While I was on the phone with a helpdesk representative, I thought I’d let her know that the use of blacklists by a public institution is probably not a good idea, because they are blocking access between students and the university. She replied that AU has nothing to do with it, and that if I’m on a blacklist, I would not be able to email anywhere and AU had no control over this. I tried very hard to explain to this person that the blacklist would only affect my ability to AU, if AU actually subscribes to this service, but she could not seem to understand this. She was under the impression that blacklists automatically block emails by some Big Brother type system that oversees the net.
It was disheartening, to say the least. I gave up trying to explain AU’s voluntary compliance with the blacklist. Certainly AU could decide not to use a blacklist and to allow emails from the IPs of known spammers (most of which would be legitimate.)
What has not been considered is that the use of blacklists does almost nothing to slow down spam. I have a similar feature in my own personal spam killer – I can block the email accounts and IPs of people who spam me. It reduces spam by at most, ten percent. The reason is that spammers constantly change their email providers, and never use the same email address for long. Block them at one address, they spam you again the next day from another, all the while getting their old IP blacklisted. By the time the blacklist takes effect, the spammer has moved to a new email service while a bunch of innocent users are blocked. Blacklists always block more legitimate users than spammers. AU says that using a blacklist is absolutely necessary to stop spam. I say baloney – and you can quote me on that 🙂
Don’t get me wrong. I am all for reducing spam, and possibly reinstating the archaic practice of keelhauling for those who send it (Calgary has a navy — what else have they to do in our landlocked metropolis?). With my three publicly listed email accounts, I get about 100 spam a day or more. But we have to balance our security measures so that we are not blocking access to services, and not shortchanging ourselves on what the internet has to offer.
This was also a factor in our recent change of server. Our old web hosts were very security conscious, which is laudable, but their very high security measures were causing repeated problems where our own members — and council members — could not send email through our system. In many cases, there was nothing I could do about it.
AUSU gets hammered regularly with spam and viruses, and we all hate it. But AUSU and The Voice are representing tens of thousands of members, and we have decided not to use any system that would block access to our services. Instead, AUSU decided last year to provide up-to-date professional virus checking software to all of its council members and staff. It costs a bit more, but it’s well worth the cost when compared to the price of blocking member access.
I only wish the university felt the same way. I’ve heard so many stories of tutors who won’t open attachments because they are afraid of viruses – a problem that is easily solved with a little virus education and a good virus checker/scanner.
For those who use our chat, but can’t access the little chat profiles due to a spam blocker. Sorry, but it’s a valid technology, using a valid window opening script. You’ll have to disable your pop-up blocker while you are online.
The current state of internet security is much like locking yourself in your own home to ensure that no one else can get in. How far will we go?
Remember, the very best thing you can do to stop spam, is to make it unprofitable. Never click on a link in an unsolicited ad, never buy a product from a spammer, and never reply — even to unsubscribe. You may also consider a spam blocker that has the option to bounce the email back as though your address is not valid.
Tamra Ross Low
Editor in Chief