Status

enhancement
RESOLVED WONTFIX
20 years ago
9 years ago

People

(Reporter: CodeMachine, Unassigned)

Tracking

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

I have seen the mail/news task list which includes spam blocking, but I think
this is a different animal.

Virus and other types of hoaxes are a scourge on the internet.  They rapidly
spread from one email box to another by making use of users' ignorance.  If
Mozilla included facilities for dealing with them a would be a big blow to
stopping the old ones at least.

Now, what's the difference between spam blocking and handling virus hoaxes?
Well, you can't tell hoaxes from headers like to, etc.  All you can do is look
at the subject line/body for fragments of well known text.

So what can't be handled from mail filters for instance?  Well, I think the best
way to handle hoaxes is to not delete them, but pop up a dialog or prepend some
text to the msg saying something like this:

This message appears to contain the "Good Times" virus hoax.  Please see
"http://ciac.llnl.gov/ciac/CIACHoaxes.html#goodtimes" for more information.

-- or ---

This message contains text that makes it look like it contains an internet/virus
hoax.  If this message contains a warning, please see
"http://ciac.llnl.gov/ciac/CIACHoaxes.html" to determine its status.


Because these would essentially be heuristic, you wouldn't want to display the
second unless you were pretty sure.  But there are a number of phrases that
commonly occur in virus hoaxes.  And you definitely wouldn't want the message to
be deleted (or the user won't learn its a hoax).

Another great feature would be a way for the user to choose to reply with an
automatically generated msg debunking the hoax to the author, for example:


This message has been generated on request of the sender of this message by
Mozilla version 5.

A message you sent me appears to have contained the "Good Times" virus hoax.
Please see "http://ciac.llnl.gov/ciac/CIACHoaxes.html#goodtimes" for more
information on this hoax, and
"http://www.av.ibm.com/InsideTheLab/Bookshelf/WhitePapers/Wells/HOWTOSPOT/howtos
pot.html" for more information on spotting virus and internet hoaxes in general.
This is the kind of thing that might be done by a mozilla contributer or a
3rd-party. We don't have the resources to do it internally.
This is the kind of thing we really don't want to do.  Once we program in some
heuristic, the creators of these hoaxes will just modify their wordings so as to
avoid our heuristics.  It's a spy-versus-spy game and we can never win.  Same
thing goes for programming in some heuristic to catch spam.
Wrong, we can get close to defeating virus hoaxes.  We can't stop new hoaxes,
but the same is true with virii themselves.  We still have anti-virus software,
because we can get rid of the existing hoaxes and reduce the problem.

Most importantly, the mail software can EDUCATE users about virus hoaxes when
they receive them.  This is the fundamental part, since if they realise the
first one is a hoax, and so is the second one, they might start realising that
you don't get real virus hoaxes from your friends, and that would cut off the
replication engine of NEW hoaxes.  Pointing users to virus hoax sites,
especially
"http://www.av.ibm.com/InsideTheLab/Bookshelf/WhitePapers/Wells/HOWTOSPOT/howtos
pot.html", would be very useful.
Target Milestone: M14
Not sure what to do with this.  Marking M14 for the moment.
I'll add this to the mail/news [HELP WANTED] bug tracking list tomorrow.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → LATER
Summary: Handle virus/internet hoaxes. → [HELP WANTED] Handle virus/internet hoaxes.
Target Milestone: M14 → M15
Help wanted, M15, Later
Assignee: phil → nobody
Status: RESOLVED → NEW
Reopen mail/news HELP WANTED bugs and reassign to nobody@mozilla.org
Resolution: LATER → ---
Whiteboard: HELP WANTED
Put HELP WANTED in the Status Whiteboard so the mozilla.org bug query finds them
If someone does end up doing this, I suggest a change from the proposed
wording "contains an internet/virus hoax."  People are going to read that
and flip out because they think the computer has told them that the message
contains "an Internet virus".

As far as implementation goes, if mail filters could pop up message boxes
on display of the message, that's all you'd need.  Anyone wanting to create
something like this could then just distribute canned mail filters to
interested users.

Given the possibility that a false positive would malign a reputable
person or, worse, flag a legitimate warning (see Melissa, etc.), such
a set of filters shouldn't be included by default, or even "officially"
sanctioned.  Too many ways to lose.
The wording is certainly important.  It needs to educate.  Any warning should:

(a) Explain what a internet/virus hoax is.
(b) Give a brief summary of the detected hoax, so the user can gauge its
abuthenticity themselves.
(c) Clearly advise of the possibility of a false positive.
(d) Allow the checking to be turned off in future.

It simply needs to be explained to people.  With this in place, any morons who
still act as you describe are not worth sacrificing the massive benefits to the
internet this feature would provide.

There is certainly a danger in flagging a legitimate warning, so there probably
shouldn't be a general checking mechanism, only known hoaxes.
One of the O'R
Keywords: helpwanted
Summary: [HELP WANTED] Handle virus/internet hoaxes. → Handle virus/internet hoaxes.
Whiteboard: HELP WANTED
Target Milestone: M15
Should this be handled by the e-mail program or by anti-virus software?
This would definitely go in the mail program, since it really isn't about 
viruses. It has more to do with identifying hoaxes, like the "$250 cookie 
recipe", "boy dying of brain cancer wants postcards" (actually not a hoax per 
se, but he was cured long ago and is now a grown man), and other messages that 
continue to get forwarded and refuse to die.

BTW, sorry about that indecipherable message.
maybe this could be an idea for the blue sky project mozilla.org/bluesky
http://www.mozilla.org/blue-sky/ has been inactive for a while.
Yeah, almost two years, you can't get to it anymore without going through the
"old" pages I believe.  There never was years on those dates.
I agree that Netscape should neither assign resources to this specific issue nor
accept such functionality into its own mail/news client. Two reasons:

1) A client-based effort is doomed to failure. We won't be able to keep up with
the mutations and evolutions of such hoaxes--a client-based solution will always
be behind in the arms race since hoaxers can tweak their wording so much faster
than Netscape can rev its browser. If you were really going to attempt this, you
would need a McAffee/Norton-style solution where the client continuously updated
its hoax hueristic list from a server at each login or on a regular schedule.
But that would require a server infrastructure as well and that's beyond the
scope of what we're attempting with Netscape 6.

2) Inadequate scope: hoaxes are just a special case of the more general problem
of spam. It makes no sense to try to create a special-case solution for hoaxes
without addressing the more general (and more frequent) problem of "Buy Viagra
online" or "Free magazine subscriptions"-type spam.

A general-case solution with server database integration that users could
leverage to block all kinds of spam might well be worth pursuing and could be a
useful differentiator of our mail client against others by addressing one of the
biggest problems in Internet mail today, spam.
> We won't be able to keep up with the mutations and evolutions of such hoaxes

Sure you won't.  But it's better than nothing.  And every mail a user realises a
hoax increases the chance they won't forward another undetected hoax.

Sure, it would be cool if someone added an auto-update facility, but I don't
believe the lack of one should absolutely prohibit this.

> hoaxes are just a special case of the more general problem of spam.

Eh?  They've got nothing to do with each other.  Hoaxes are known material
received from addresses known to the user and not the community as a whole, and
spam is unknown material received from addresses unknown to the user but
possibly known to the community as a whole.  There is no subset relationship
here that I can see.
Blocks: 66425
I argee with Matthew.  Just because we aren't Norton/McAfee doesn't mean we or a
third-party GNU/free effort shouldn't try.  I think this links to another
feature I requested <a
href="http://bugzilla.mozilla.org/show_bug.cgi?id=92469">here</a> about
import/exporting Junkbuster-style image blocking filters.

The entry boxes would be something like the Mail Filter box, except it would
display a message, instead of deleting/moving a message, and it would have to be
a seperate section.  Maybe this would be better solved with a directory
structure for the Mail Filter section (like the "Virii/Hoax" section contains
100+ entries of those filters, and a "Mailing List" section for all of your ML
folders, etc.), but something would need to be put in place to seperate the
filters.  And of course, we would need an [im/ex]porting feature.

Being about to [im/ex]port these records is important in getting the public as a
whole to contribute to a global database of spam hoaxes.  I think if somebody
started a site to house export filter records for image blockers, hoax/virii
warnings, and the like, then many people would support the site.  Many even a
person or two from Norton/McAfee, or a less capitalism entity like CERT, could
spend five minutes to fill out a small form detailing the nature the hoax/virii.
Of course, this would only be a once a month (if even that) activity, as new
hoaxes/virii pop out for only that long.  <a
href="http://www.spamcop.net/">SpamCop</a> can do it.  Why can't somebody else
try it with this idea, especially since worms/hoaxes are so much easier to
filter out (than spam)?

PS:  We -have- to give away a default filter with Mozilla.  Most people who fall
for this kind of thing fit into the... errr... "Internet dumbass" catagory, and
wouldn't bother to do any other browser-related downloads besides the browser
itself.  Unforunately, a majority of Internet users fit in this catagory, and
will forward hoaxes all over creation to ruin it for the rest of us, -UNLESS-
they are educated.  It's just something that the computer-saavy community needs
to do on a global scale to help out Internet education as a whole (as well as
save on bandwidth).

Then, all we have to do is wait for AOL to adopt Netscape/Mozilla as their
browser :)
Summary: Handle virus/internet hoaxes. → Handle internet/virus hoaxes.
see also bug 103487
bug 103487 is unrelated. It's about catching actual viruses. This is for
detecting known virus warning *hoaxes* and warning the user that the information
is probably not true/accurate.
suggest WONTFIX. It should be up to the users to decide what messages
they want to see, and what they do not want to see. If they so desire
to block hoax mail, they should create filters for it or use the junk
control. If they don't, e.g. they receive joke mail from friends, it's
their business
QA Contact: lchiang → nobody
Suggest WONTFIX.
Start your own mozdev.org project.
I'd like to suggest a flexible way to handle this.

Why don't rely on an external program, as second chance?

I suggest to add an option "let an external program check for junk", with a
"browse" option to choose it, and provide extra parameters. There, "junk" can
include viruses and anything undesired. Then, there could be additional options
for checking individual files, priorities when processing, etc.

What do you think?
Product: Browser → Seamonkey
No activity in more than 3 years. Started in 1999 but never more than talk. Notice comment #22 and comment #23 (the two latest but one, but from 2003) suggesting WONTFIX. Concerning comment #24, Thunderbird (but maybe not yet SeaMonkey?) can interface with external apps: Spampal (Windows) and SpamAssassin (mostly Unix-like).
QA Contact: nobody → mail
As Tony said 2.5 years ago, this should be WONTFIX.
Whiteboard: # # [CLOSEME INVA/WONT?]
RIP.
Status: NEW → RESOLVED
Closed: 20 years ago9 years ago
Resolution: --- → WONTFIX
Keywords: helpwanted
Priority: P3 → --
Whiteboard: # # [CLOSEME INVA/WONT?]
You need to log in before you can comment on or make changes to this bug.