Current Antivirus Software is Not Enough
by Fernando de la Cuadra - International Technical Editor, Panda Software - Friday, 28 November 2003.
It is often argued that spam is not a type of malware, as it does not contain any software. While this may be true, spam can still be very harmful, if only because of the space it occupies on computers and servers, and the time which has to be spent deleting it. If a company's employee spends 5 minutes a day deleting unwanted emails, it is easy to calculate the financial impact of this; over the course of a year, 5 minutes a day are the equivalent of more than two working days dedicated solely to deleting spam (on the basis of 8 hours a day, and 200 working days a year). You only need to work out the average daily salary of the company's employees to see just how much money can be lost as a result.

(Of course, the above calculation could also be used to argue that the coffee machine is one of the greatest causes of losses in any business, as more time is usually spent taking coffee than deleting spam. However, drinking coffee is something which employees enjoy, while the resultant caffeine intake is good for the company's productivity; by contrast, deleting unwanted emails is not something which anyone likes doing.)

Junk mail has a series of characteristics which make it relatively easy to identify. Almost all of them use very similar messages to try to persuade the user to buy something. Specialized software can use the structure and content of these messages to create a profile of the emails received, and can then use this profile to classify some mail as spam.

The main challenge when creating such profiles is how to avoid labeling as spam messages which are users actually need to receive. For example, it would not be possible to systematically delete any email containing the word "Viagra", which frequently appears in spam, as in some circumstances this word could appear in a legitimate email. So the analysis must be based on more than one word, or on the appearance of combinations of words or email formats.

A good system for detecting unwanted emails must be capable of learning. In other words, when the system incorrectly identifies a message as being spam, it should be able to "study" the message and learn which characteristics make it of interest to the user. Then, when similar messages are received in the future the system will not reject them.

The system also needs to be able to learn in the opposite situation: that of so-called "false negatives". Where a user wishes to receive a certain type of email - which in principle could be classified as spam - the system should recognize the characteristics of these and allow the user to receive them. We should not forget that most spam consists of offers and other business communication which could be of interest to the user.


Spyware and adware are types of harmful software which are used by some unscrupulous individuals to spy on the behavior of Internet users. These applications, also called "spy programs", are a form of malware, as they invade people's privacy when using the internet.

Spyware and adware focus mainly on how users click on certain types of advert, and on the time users spend viewing web pages. This data and the email address of the user who is being spied on are then used to create user profiles which are sent to the creators of the spy program. This information is incorporated in large databases of detailed consumer profiles, and these are then sold to advertisers.


There are still numerous myths going around on the Internet describing the terrible disasters which will befall our computers if we open an email with a particular subject line: hard disks will be erased, monitors will be damaged, broadband connections will be rendered unusable, etc.

The great majority of information circulating on the Internet warning people about new viruses is completely false; such rumors, generally spread via email, are referred to as "hoaxes". Somebody wants to play a trick and sends the hoax out to everyone he knows, asking them to send the message on to everyone in their address book. What does the hoaxer gain from this? Sometimes this is done for entertainment alone, while others reap the benefit at the end: the addresses obtained from sending and resending hundreds of emails are used to create huge distribution lists which can then be used in an advertising emailing, for example.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th