Articles

Technology Probate

Technology—Probate Editor: Daniel B. Evans, P.O. Box 27370, Philadelphia, PA 19118,  dan@evans-legal.com.

Technology—Probate provides information on current technology and microcomputer software of interest in the probate and estate planning areas. The editors of Probate & Property welcome information and suggestions from readers.

E-mail: The Good, the Bad, and the Ugly

I was on vacation for two weeks in August and shut down my computer system while I was away. When I returned home, I found that my ISP (Internet Service Provider) had more than 1,800 messages waiting for me, of which more than 900 (that is, more than 50%) were notices relating to viruses (mainly the SoBig virus), about 50 were spam that slipped through my ISP’s filters, and the rest were messages I might want to read (mainly mailing lists thatI subscribe to).

The Bad: Viruses

Most viruses still rely on Microsoft Outlook or Windows (or both) to propagate, but (as the SoBig virus shows) they’re getting smarter (or at least sneakier).

One problem is that it is no longer as easy to tell where viruses come from. Both the SoBig and Klez viruses select an e-mail address at random to “spoof” from the infected computer, so that the next recipient of an infected message will not be able to tell where it came from. So when an infected message is intercepted, there is no point in notifying the “sender” because the e-mail address that is shown as the “sender” in the message probably had nothing to do with the message and is not infected. (For example, among the 900+ notifications I received were 40 or 50 from virus checkers notifying me thatI had sent them an infected message, which is impossible because my computer was never infected and was actually turned off at the time the messages were supposedly sent.I also got 20–30 automated “out of office” and “thank you for your inquiry” messages from commercial e-mail addresses that were undoubtedly triggered by infected messages with my return address.) Having messages with “spoofed” senders also means that the usual nostrum about “not opening messages unless you know the sender” is less useful, because the “sender” may be someone you know yet still be infected.

Another problem is that new viruses include their own e-mail system, so that they can generate and send out e-mails through an Internet connection without touching the user’s own e-mail program. This means that, once the computer is infected, the computer can be sending out hundreds or thousands ofe-mail messages without the user ever knowing. And the SoBig virus not only keeps its activities secret, but also plants a “Trojan horse” in the operating system so that the computer can be “invaded” in the future and controlled directly through the Internet without having to receive any additional infected e-mail. (One theory about the SoBig virus is that the author is actually trying to develop a network of infected “slave” computers through which to distribute spam at a profit.)

How can law firms and lawyers protect their computers from viruses?

The traditional advice has been to equip each computer with virus software, make sure each e-mail is scanned before it is opened, and update the software frequently to catch new variants of viruses as they are detected. This approach has its problems. New viruses are being discovered constantly, so someone in the firm must be responsible for constant updates to the virus detection software. It takes only one “weak link” in a network to infect an entire firm, so one sloppy or uncooperative user can defeat the efforts of the rest of the firm. It is also possible for some viruses to begin to act as soon as the e-mail is delivered, and before the virus scanning software can intercept and neutralize the threat. Finally, if the virus software is set to the highest level of security, it can noticeably slow down computers, which users may not appreciate.

As a result, the better approach is to attack the problem at the level of the mail server and not the individual user. For example, both America Online (AOL) and the Microsoft Network (MSN) apply virus filters to all incoming e-mail, so that their users have fewer worries about viruses. And any law firm with its own domain name can contract to route all incoming and outgoinge-mail through a commercial e-mail filtering service, such as E-Mail Protection Services (mailcleaner.com) and CleanMail from Cinergy Communications (www. cleanmail.com), which will make sure that no virus ever reaches an individual user. Outsourcing the virus scanning problem is advantageous because it ensures that all e-mail is scanned and that the latest filters are used, reducing the burden on both individual users and the IS department.

Nevertheless, even with all the right filters in place, it’s still wise never to open an e-mail attachment unless you know the sender and are expecting the attachment.

The Ugly: Spam

“Spam” is defined broadly as any unsolicited e-mail selling a product or service, and it can range from the merely annoying (mortgage refinancing, prescription drugs by mail, or messages that are simply gibberish) to the offensive (pornography and sexual aids) to the criminal (Nigerian scams and pyramid schemes). Still, the net effect would be mostly inconvenience if it weren’t for the estimates that as much as half of all Internet traffic is now spam. That means that about half of the cost of operating the Internet is now being spent on the free distribution of massive amounts of trash.

Like viruses, spam is also getting “smarter.” At one time, it was fairly easy to filter out most spam because the orginator used fictitious or invalid addresses for the sender, did not have the address of the recipient in the “To:” field, or the message contained key words or phrases that were easy to spot (such as “$$$$$” in the subject line, or references to body parts to be enlarged). More recently, distributors of spam have gotten better at constructing e-mails with valid return addresses, at addressing the recipient correctly, at constructing subject lines that are both inviting and misleading (such as “Waiting to hear from you”), and in misspelling key words to evade identification. It is still possible to identify mail servers that distribute a lot of spam, and to block all e-mails from those servers, but that carries the risk of blocking legitimate e-mail as well as spam.

So, somewhat paradoxically, spam is less harmful than viruses but more difficult to screen out. According to one recent survey, the efforts by the top ISPs to block spam have resulted in about 20% “false positives.” That means that, of all the “spam” that is blocked by ISPs, only 80% is really spam and the other 20% is made up of real e-mail messages that are never delivered.

What can individual users do about spam?

The best thing to do with spam is just delete it. Don’t bother to read it, and under no circumstances should you respond to the spam in any way, even to complain about it or to request that you be removed from the mailing list, because that just confirms that the address is valid and allows the spammer to put a higher price on your address when the mailing list is sold to another spammer.

You can also use the filtering abilities of your e-mail software to try to filter out spam. For example, I use a number of filters, including a list of domains that send me junk repeatedly and a list of key words and phrases, to move apparent spam into a special spam folder. And I filter all of the mailing lists to which I subscribe, placing those messages into separate folders by mailing list. As a last step, I take any message that does not have my correct e-mail address in the “To:” or “Cc:” field and move it into the spam folder as well, so that the spam folder gets any mass mailing that I am not expecting. Once every week or so, I scan the spam folder to see if anything is there that shouldn’t be (such as a message from a mailing list to which I recently subscribed and forgot to filter), adjust the filters as needed, and delete the rest.

Unfortunately, until better laws regulate spam or provide better legal remedies against spammers, that’s about all you can do.

The Good

The good news is that, despite spam and viruses, e-mail is still a good way to communicate with clients and colleagues and is still worth the aggravations. The ABA-PTL list, which allows for announcements and discussions of events and issues of interest to estate and trust lawyers, is still running and still a good resource for working lawyers. For those who have never sampled the list, you can subscribe by pointing your web browser to www.abanet.org/rppt/links-list-serves/list-serves.html for information about subscribing to both ABA-PTL and other more specialized lists sponsored by the Section.