
Subject: Re: a little service
In-Reply-To: <20020531020749.29397.qmail@web14205.mail.yahoo.com>
From: wormalert-admin@somewhere.com (Kee Hinckley)
Reply-To: wormalert-admin@somewhere.com (Kee Hinckley)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You are receiving this message because you either sent mail to the address
wormalert@somewhere.com (or some variation on it), or someone sent mail to
you and a copy to wormalert@somewhere.com.  We are trying to stop this hoax,
and this is the best way we can think of to do that.  This is an automatic
reply message, however we will read any replies to this message.

There is a message traveling around advising people that they should add an
entry called "wormalert@somewhere.com" to their address book and give it the
name "AAAAAA".  This (so the rumour goes) will allow them to detect when they
get a virus, because the virus will send mail to that address first, they'll
get the bounce, and then they'll know that they have a virus and can stop it.
The message sometimes even claims the bogus address will somehow "stop" the
virus from spreading.

This is a hoax, it does not work.  In fact, the wormalert address receives
70 to 80 viruses every day--all from people who put it in their address book
because they thought it would protect them.

1. If a virus has infected your computer, it's too late.  Even if you did see
the bounce, the virus has already had time to send to everyone in your 
address
book and fully infect your computer.  Time to restore from backups.  (You do
run backups don't you?)

2. Most viruses don't scan your address book in alphabetical order.

3. A false address is not going to keep a virus from sending messages to 
every
other address. Even if the virus didn't ignore errors, the bounces occur as
returned mail, not something that happens immediately.

4. Most viruses forge the from address (the Klez virus sets it to the address
of someone else in your address book).  That means that even if the virus did
send to the fake address, it wouldn't bounce to you, it would bounce (with a
copy of the virus) to someone else.  So all you are doing is *helping* the
virus!  

What you are seeing is the creation of a computer superstition.  It's right 
up
there with using garlic cloves to ward off the plague.  And like most
superstitions, it's making people ignore the *real* way to combat the 
problem.
False beliefs can be dangerous.

There is absolutely no substitute for anti-virus software.  If you run
Windows, run anti-virus software.  And you *absolutely* must update the virus
definitions every week.  Not once a year, not once a month.  Once a week.  If
you're paranoid (I am), update it once a night.  If you are not willing to do
that, I strongly suggest you go buy a Mac.  I get 2000 attachments every 
year,
and around 70,000 email messages.  In 13 years of using a Mac I've been
infected by *one* virus, ten years ago.  In 20 years of using Unix computers
I've had none.  The only recent viruses I've received that *could* have
infected my computers were Microsoft Word viruses--and those got caught by 
the
anti-virus software.  That's not to say I don't run Windows either--but I 
don't
read mail on Windows machines, and I don't put them directly on the internet,
it's just not worth the hassle.  So, either use a platform that virus writers
don't target, or run anti-virus software and keep all of your software
up-to-date.

If you really want to help your friends and protect them from viruses, cut 
and
paste the following virus cure and send *it* to everyone in your address 
book.

******
          How to Protect Yourself from Viruses

1. Run anti-virus software and update the virus descriptions weekly.
2. Check weekly or monthly for security updates to your OS, email, browser,
and office applications.  (Microsoft, Apple and the Linux vendors all provide
automatic mechanisms to do this--use them).
3. Backup your computer.
4. Relax, you've done everything you can--time to forward some more jokes. 
:-)
******

For more information about who we are (so you can see if *this* message is
telling the truth) see http://consulting.somewhere.com/.  I run 
Somewhere.Com,
an internet development consulting company (web development, programming,
security and the like).  You can also search for my name on the internet to
find out who I am.  If you're really curious, Google Groups has postings of
mine going back to 1983 or so.  You'll note that the hoaxes you recieve in
email seldom give you a place to go and confirm them, let alone attach a name
you can easily track down and verify.

P.S. I strongly recommend the following two sites for information about
viruses and hoaxes. 

http://www.datafellows.com/virus-info/ is run by an anti-virus company, other
anti-virus companies have similar pages--this just happens to be the one I 
use.
You can use this site to search for information about real viruses and virus
hoaxes.  Always check one of these sites before acting on any virus alert you
receive.  (Especially the ones that tell you to immediately delete system
critical files on your disk.)

http://www.snopes.com/ specializes in debunking hoaxes.  If you get mail 
about
lost children, exploding glasses of water, donations to cancer funds, free
money or coupons or animations for forwarding email, sterilization drugs used
in rapes, Jane Fonda's causing POW deaths..., this is the place to find out
whether they are hoaxes.  (Yes, those are all hoaxes.)

P.P.S.  A lot of the email we see sent to this address is forwarded, and it
has all of the original email addresses in it, going back several generations
of forwarding. You don't know where a message is going to end up in the end
(after all, you didn't expect us to get this one, did you?). Would you like
some stranger to have your email addresss?  Eventually many of those 
addresses
may end up in some spammer's list.  It would be polite to remove people's
email addresses from messages before you forward them.  And besides, it makes
the message easier to read if it doesn't start off with 100 lines of email
addresses.

** This is an automated reply to a message sent to wormalert@somewhere.com **
** To communicate with a human, send mail to wormalert-admin@somewhere.com **
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (Darwin)
Comment: For info see http://www.gnupg.org

iD8DBQE86lS4Jmw993D6vYIRAkIqAKCMuncYrxlg66jsr+goEf5PfcQwAgCg8j7K
snbc2wGJcFB/fmf/RtxdFkI=
=pryQ
-----END PGP SIGNATURE-----