Closed Bug 9416 Opened 26 years ago Closed 15 years ago

Handle internet/virus hoaxes.

Categories

(SeaMonkey :: MailNews: Message Display, enhancement)

Product:
SeaMonkey
Component:
MailNews: Message Display
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: CodeMachine, Unassigned)

References

Details

I have seen the mail/news task list which includes spam blocking, but I think this is a different animal. Virus and other types of hoaxes are a scourge on the internet. They rapidly spread from one email box to another by making use of users' ignorance. If Mozilla included facilities for dealing with them a would be a big blow to stopping the old ones at least. Now, what's the difference between spam blocking and handling virus hoaxes? Well, you can't tell hoaxes from headers like to, etc. All you can do is look at the subject line/body for fragments of well known text. So what can't be handled from mail filters for instance? Well, I think the best way to handle hoaxes is to not delete them, but pop up a dialog or prepend some text to the msg saying something like this: This message appears to contain the "Good Times" virus hoax. Please see "http://ciac.llnl.gov/ciac/CIACHoaxes.html#goodtimes" for more information. -- or --- This message contains text that makes it look like it contains an internet/virus hoax. If this message contains a warning, please see "http://ciac.llnl.gov/ciac/CIACHoaxes.html" to determine its status. Because these would essentially be heuristic, you wouldn't want to display the second unless you were pretty sure. But there are a number of phrases that commonly occur in virus hoaxes. And you definitely wouldn't want the message to be deleted (or the user won't learn its a hoax). Another great feature would be a way for the user to choose to reply with an automatically generated msg debunking the hoax to the author, for example: This message has been generated on request of the sender of this message by Mozilla version 5. A message you sent me appears to have contained the "Good Times" virus hoax. Please see "http://ciac.llnl.gov/ciac/CIACHoaxes.html#goodtimes" for more information on this hoax, and "http://www.av.ibm.com/InsideTheLab/Bookshelf/WhitePapers/Wells/HOWTOSPOT/howtos pot.html" for more information on spotting virus and internet hoaxes in general.
This is the kind of thing that might be done by a mozilla contributer or a 3rd-party. We don't have the resources to do it internally.
This is the kind of thing we really don't want to do. Once we program in some heuristic, the creators of these hoaxes will just modify their wordings so as to avoid our heuristics. It's a spy-versus-spy game and we can never win. Same thing goes for programming in some heuristic to catch spam.
Wrong, we can get close to defeating virus hoaxes. We can't stop new hoaxes, but the same is true with virii themselves. We still have anti-virus software, because we can get rid of the existing hoaxes and reduce the problem. Most importantly, the mail software can EDUCATE users about virus hoaxes when they receive them. This is the fundamental part, since if they realise the first one is a hoax, and so is the second one, they might start realising that you don't get real virus hoaxes from your friends, and that would cut off the replication engine of NEW hoaxes. Pointing users to virus hoax sites, especially "http://www.av.ibm.com/InsideTheLab/Bookshelf/WhitePapers/Wells/HOWTOSPOT/howtos pot.html", would be very useful.
Target Milestone: M14
Not sure what to do with this. Marking M14 for the moment.
I'll add this to the mail/news [HELP WANTED] bug tracking list tomorrow.
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → LATER
Summary: Handle virus/internet hoaxes. → [HELP WANTED] Handle virus/internet hoaxes.
Target Milestone: M14 → M15
Help wanted, M15, Later
Assignee: phil → nobody
Status: RESOLVED → NEW
Reopen mail/news HELP WANTED bugs and reassign to nobody@mozilla.org
Resolution: LATER → ---
Whiteboard: HELP WANTED
Put HELP WANTED in the Status Whiteboard so the mozilla.org bug query finds them
If someone does end up doing this, I suggest a change from the proposed wording "contains an internet/virus hoax." People are going to read that and flip out because they think the computer has told them that the message contains "an Internet virus". As far as implementation goes, if mail filters could pop up message boxes on display of the message, that's all you'd need. Anyone wanting to create something like this could then just distribute canned mail filters to interested users. Given the possibility that a false positive would malign a reputable person or, worse, flag a legitimate warning (see Melissa, etc.), such a set of filters shouldn't be included by default, or even "officially" sanctioned. Too many ways to lose.
The wording is certainly important. It needs to educate. Any warning should: (a) Explain what a internet/virus hoax is. (b) Give a brief summary of the detected hoax, so the user can gauge its abuthenticity themselves. (c) Clearly advise of the possibility of a false positive. (d) Allow the checking to be turned off in future. It simply needs to be explained to people. With this in place, any morons who still act as you describe are not worth sacrificing the massive benefits to the internet this feature would provide. There is certainly a danger in flagging a legitimate warning, so there probably shouldn't be a general checking mechanism, only known hoaxes.
One of the O'R
Keywords: helpwanted
Summary: [HELP WANTED] Handle virus/internet hoaxes. → Handle virus/internet hoaxes.
Whiteboard: HELP WANTED
Target Milestone: M15
Should this be handled by the e-mail program or by anti-virus software?
This would definitely go in the mail program, since it really isn't about viruses. It has more to do with identifying hoaxes, like the "$250 cookie recipe", "boy dying of brain cancer wants postcards" (actually not a hoax per se, but he was cured long ago and is now a grown man), and other messages that continue to get forwarded and refuse to die. BTW, sorry about that indecipherable message.
maybe this could be an idea for the blue sky project mozilla.org/bluesky
http://www.mozilla.org/blue-sky/ has been inactive for a while.
Yeah, almost two years, you can't get to it anymore without going through the "old" pages I believe. There never was years on those dates.
I agree that Netscape should neither assign resources to this specific issue nor accept such functionality into its own mail/news client. Two reasons: 1) A client-based effort is doomed to failure. We won't be able to keep up with the mutations and evolutions of such hoaxes--a client-based solution will always be behind in the arms race since hoaxers can tweak their wording so much faster than Netscape can rev its browser. If you were really going to attempt this, you would need a McAffee/Norton-style solution where the client continuously updated its hoax hueristic list from a server at each login or on a regular schedule. But that would require a server infrastructure as well and that's beyond the scope of what we're attempting with Netscape 6. 2) Inadequate scope: hoaxes are just a special case of the more general problem of spam. It makes no sense to try to create a special-case solution for hoaxes without addressing the more general (and more frequent) problem of "Buy Viagra online" or "Free magazine subscriptions"-type spam. A general-case solution with server database integration that users could leverage to block all kinds of spam might well be worth pursuing and could be a useful differentiator of our mail client against others by addressing one of the biggest problems in Internet mail today, spam.
> We won't be able to keep up with the mutations and evolutions of such hoaxes Sure you won't. But it's better than nothing. And every mail a user realises a hoax increases the chance they won't forward another undetected hoax. Sure, it would be cool if someone added an auto-update facility, but I don't believe the lack of one should absolutely prohibit this. > hoaxes are just a special case of the more general problem of spam. Eh? They've got nothing to do with each other. Hoaxes are known material received from addresses known to the user and not the community as a whole, and spam is unknown material received from addresses unknown to the user but possibly known to the community as a whole. There is no subset relationship here that I can see.
Blocks: 66425
I argee with Matthew. Just because we aren't Norton/McAfee doesn't mean we or a third-party GNU/free effort shouldn't try. I think this links to another feature I requested <a href="http://bugzilla.mozilla.org/show_bug.cgi?id=92469">here</a> about import/exporting Junkbuster-style image blocking filters. The entry boxes would be something like the Mail Filter box, except it would display a message, instead of deleting/moving a message, and it would have to be a seperate section. Maybe this would be better solved with a directory structure for the Mail Filter section (like the "Virii/Hoax" section contains 100+ entries of those filters, and a "Mailing List" section for all of your ML folders, etc.), but something would need to be put in place to seperate the filters. And of course, we would need an [im/ex]porting feature. Being about to [im/ex]port these records is important in getting the public as a whole to contribute to a global database of spam hoaxes. I think if somebody started a site to house export filter records for image blockers, hoax/virii warnings, and the like, then many people would support the site. Many even a person or two from Norton/McAfee, or a less capitalism entity like CERT, could spend five minutes to fill out a small form detailing the nature the hoax/virii. Of course, this would only be a once a month (if even that) activity, as new hoaxes/virii pop out for only that long. <a href="http://www.spamcop.net/">SpamCop</a> can do it. Why can't somebody else try it with this idea, especially since worms/hoaxes are so much easier to filter out (than spam)? PS: We -have- to give away a default filter with Mozilla. Most people who fall for this kind of thing fit into the... errr... "Internet dumbass" catagory, and wouldn't bother to do any other browser-related downloads besides the browser itself. Unforunately, a majority of Internet users fit in this catagory, and will forward hoaxes all over creation to ruin it for the rest of us, -UNLESS- they are educated. It's just something that the computer-saavy community needs to do on a global scale to help out Internet education as a whole (as well as save on bandwidth). Then, all we have to do is wait for AOL to adopt Netscape/Mozilla as their browser :)
Summary: Handle virus/internet hoaxes. → Handle internet/virus hoaxes.
see also bug 103487
bug 103487 is unrelated. It's about catching actual viruses. This is for detecting known virus warning *hoaxes* and warning the user that the information is probably not true/accurate.
suggest WONTFIX. It should be up to the users to decide what messages they want to see, and what they do not want to see. If they so desire to block hoax mail, they should create filters for it or use the junk control. If they don't, e.g. they receive joke mail from friends, it's their business
QA Contact: lchiang → nobody
Suggest WONTFIX. Start your own mozdev.org project.
I'd like to suggest a flexible way to handle this. Why don't rely on an external program, as second chance? I suggest to add an option "let an external program check for junk", with a "browse" option to choose it, and provide extra parameters. There, "junk" can include viruses and anything undesired. Then, there could be additional options for checking individual files, priorities when processing, etc. What do you think?
Product: Browser → Seamonkey
No activity in more than 3 years. Started in 1999 but never more than talk. Notice comment #22 and comment #23 (the two latest but one, but from 2003) suggesting WONTFIX. Concerning comment #24, Thunderbird (but maybe not yet SeaMonkey?) can interface with external apps: Spampal (Windows) and SpamAssassin (mostly Unix-like).
QA Contact: nobody → mail
As Tony said 2.5 years ago, this should be WONTFIX.
Whiteboard: # # [CLOSEME INVA/WONT?]
RIP.
Status: NEW → RESOLVED
Closed: 26 years ago15 years ago
Resolution: --- → WONTFIX
Keywords: helpwanted
Priority: P3 → --
Whiteboard: # # [CLOSEME INVA/WONT?]
You need to log in before you can comment on or make changes to this bug.