It's time to declare war on e-mail attachments. What was intended to be a benign feature for shuttling files around the Internet has turned into a corporate security nightmare.
A profusion of new viruses over the past two months has made the problem alarming. First there was Melissa (annoying but not destructive), then CIH (destructive but not widespread) and, most recently, Explorer (destructive and widespread). E-mail-based worms, which reproduce by foraging through your address book, are a brand-new phenomenon that crackers are only beginning to exploit. That means things are going to get worse before they get better.
All these viruses have one thing in common: They arrive as e-mail attachments. Once you launch them, there's nothing you can do to stop the destruction. That makes this a no-win situation for corporate IT. You can't tell users to stop opening attachments because that neutralises the 99.99 per cent of attachment-bearing e-mail that is harmless. You also can't reasonably filter and test every attachment that comes into the server.
But attachments are becoming a primary security problem, an anonymous way to deposit files from outside the company on users' computers without their knowledge or consent.
Corporate IT needs an alternative to them, one that takes file management away from the sender and gives it back to the user. Files should be deposited on a secure FTP server with users getting only a link back to the file name. Or IT departments should have the option of stripping files off incoming e-mail and depositing them in secured areas where users can retrieve them when needed. Imagine how much destruction would have been prevented if companies had been able to eradicate the Explorer virus in a single location instead of across thousands of PCs.
The leading commercial e-mail products do next to nothing to enable IT to manage attachments. If there are good third-party products available, e-mail me at email@example.com, and I'll post an update on our Web site. Let's get control of attachments. Because they're taking control of us.