Re: Why doesnt Microsoft virus check Hotmail services ?

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: *Vanguard* (no-email_at_post-reply-in-newsgroup.invalid)
Date: 03/18/04 

Date: Thu, 18 Mar 2004 16:22:39 -0600

"svaardt" said in news:e5trvaJDEHA.3748@TK2MSFTNGP11.phx.gbl:
> When Installing Windows XP you're asked to setup a MS Passport
> account, Now of course you dont have to do this, though if you do in

*IF* you chose to open a Passport account, you do NOT have to also open
a Hotmail account. Passport accounts can be tied to any e-mail address
you want. I know, I've had 2 Passport accounts: one for Hotmail
(because creating a Hotmail account forces the create of a Passport
account) and another for an alias e-mail address from a completely
different provider and domain.

> order to use MS Messenger, then you end up with a hotmail account. MS
> Outlook is designed to allow downloading of emails from hotmail
> without having to open up a browser. There-by bypassing the virus
> check utility that "Mr Vanguard" correctly pointed out exists.

Just as there are false positives regarding anti-spam software, there
can be false positives regarding attachments that the particular
anti-virus software thinks is infected. After all, why do you think so
many installs tell you to disable your anti-virus program? While
anti-virus programs may use heuristics or watch behavior to detect
viruses, their primary means of detection are through signatures.

>
> However my point is that we are seeing a proliferation of email based
> viruses, a number of these end up in Hotmail accounts, if MS could

They are ending up everywhere. Just because you use Hotmail doesn't
mean that is the primarily targeted domain for virus-generated and
infected e-mails. It really depends on who you have listed in your
address books if you're the one infected and sending out infected
e-mails.

> scan the inbound/outbound mails then that in itself would help
> "reduce" the number of mails being sent around - recall that some of

Most of the Hotmail accounts are the freebie accounts. If Microsoft had
to pre-scan every e-mail then they would chew up a lot more CPU cycles
and that freebie webmail service would disappear. The number of e-mails
sitting in your mailbox and downloaded to your e-mail client is
insignificant when compared to the number of e-mails sitting on
Microsoft's servers for all their customers. When your anti-virus scans
inbound e-mails for viruses, you already know there is an impact and
that it slows you receiving your e-mails. Just get a really huge e-mail
and then wait until the anti-virus program finally gets done scanning it
before it eventually shows up in your Inbox. Now you want Microsoft to
do that on every e-mail in their system - even for e-mails that go to
dead accounts, rarely monitored accounts, or accounts that are
configured to use spam filtering and rules or for users that typically
just check for good e-mails and delete all the rest. They'll waste a
lot of resources checking e-mails for viruses that the recipients never
bother getting.

> these viruses access the Windows/Outlook address book and send mails
> to addresses therein. Other web based mail services such as Yahoo
> mail, cant (normally) be connected to via Outlook /Express, so their
> virus check on download is effective.

I have Yahoo accounts. There is no automated virus scan when you
download messages from them. I'm using YahooPOPs against the freebie
Yahoo accounts. Perhaps when you pay for the premium service(s) that
include POP3 access then maybe they do a virus scan for you, but I
really doubt it.

> ISP's such as the ones you've
> mentioned who provide POP mail access, etc, should also be pressured
> to implement some form of virus check against inbound/outgoing mails
> through their servers. However there's a lot of ISP's out there and
> one Microsoft.

I disagree. Distributing the processing across the users eliminates the
huge load on the ISP's resources if the ISP had to do all that
processing instead. Also, it would severely slow down access to e-mails
since you would have to wait until all of them in your Inbox got
scanned. As it is now (without the proposed server-side pre-scanning of
ALL messages), I can download my messages immediately. Anti-spam
software will get rid of almost all the spam messages which are the ones
most often infected without any scanning required to see if there was a
virus. Your proposal would delay the delivery of e-mail (because it
won't be available for download until the anti-virus scan completes on
that message). Yeah, each message might only be delayed slightly but
your e-mail client will get timeouts and still have to wait until the
rest of the messages get scanned, and e-mail clients and servers are not
geared to wait between downloads of messages (you'll get client timeouts
and server disconnects).

> I suspect that for Microsoft to implement an effective mail virus
> checker would of course hurt potential sales of their anti-virus
> software.. hence the Micro$oft comment. There's always an ulteria
> motive in there regardless which company you deal with.

With scanning for viruses on those e-mail you choose to download
providing they even get past the anti-spam filtering, you get to choose
what you consider is the better anti-spam product. Maybe you don't
believe McAfee is as good as Symantec who might not be as good as NOD32
and so on.

I would suggest a modification to your proposal. Make it an option that
e-mails with attachments gets pre-scanned for viruses. There is already
an option to engage their anti-spam feature so the user gets to choose
if they want to use it or not. Because enabling the anti-virus pre-scan
would cost time and resources on their servers, I suspect the freebie
accounts would get stuck with a mutually exclusive choice of checking
for spam or checking for viruses but not both. To have both, you would
have to pay for their premium e-mail account to offset the added expense
in performing more checking on your e-mails. The default should be to
not check for spam and to not check for viruses. Too many Hotmail
accounts are created for temporary use, configured for exclusive mode
(only senders in the address book are accepted), and many are abandoned
(i.e., not closed) but remain active for a couple months. So the
choices would be radio buttons for: No Scanning, Spam Scan, and Virus
Scan.

Quantcast