Stop me if you've heard this one: "Wincash.zip - GREAT way to make money on the Internet!". Variations on this Ponzi scheme get posted all over Usenet. The problem with these scams is that they're spam, (simultaneous off-topic postings to multiple Usenet newsgroups,) they're illegal under the laws of the USA (all pyramid schemes are) and they're a clear violation of Netiquette. So what? It's none of your business, is it? It might be. Although the vast majority of Wincash and similar "Make $$$ FAST!!" postings are from users with individual accounts, some of them originate from Usenetters posting from accounts at their places of work. If they're doing it through your LAN, you can look forward to an immediate flood of outraged email from self- appointed Netcops complaining about your user's abuse of Usenet bandwidth. You can also expect to be mailbombed until the offending post ages enough to be deleted from the newsgroups it's been posted to (and there's nothing quite like having a couple of thousand 100 megabyte email messages arrive over the space of a few hours to bring your entire system to its knees--assuming your ISP doesn't cut off your access out of simple self-preservation). Spamming (so named for the Monty Python routine about a restaurant where every dish includes the original mystery meat and a hearty male chorus repeatedly intones a hymn of praise for the famous processed meat food product) is only one of the range of abuses which can occur. Others include trolling, (posting inflammatory messages on political, religious or other sensitive subjects in order to bait naive users into responding with self- righteous outrage), flaming (posting insults and immoderate criticism in response to other users' messages) and the unauthorized posting of copyrighted material. They all create not only the risk of retaliatory mailing, but potential legal liabilities, as well. If one of your users posts defamatory statements about a person, product or organization, you may find your company being sued for libel on the grounds that your lack of a policy forbidding such behavior constitutes endorsement of that behavior. A similar argument can be made for corporate complicity if your users engage in virtual Ponzi schemes, as well, and it doesn't much matter whether you win or lose in court--neither the potential damage to your company's reputation nor the cost of litigation are acceptable risks. So far, we've only covered Usenet and we've only listed directly harmful user behavior. Your users may also be downloading and installing unauthorized software via ftp. This presents other dangers to the integrity of your LAN, both indirectly from buggy OCXs and Java applets and from shareware or freeware which may attempt to install outdated versions of DLLs, VXDs and other drivers and directly from viruses and Trojans. There's also the more subtle cost of lost employee productivity due to on-the-job but non-job-related Internet uses which encompass everything from viewing dirty pictures on company time to aimless, non-productive Websurfing or Usenet browsing. What can you do about these problems? The very first thing, of course, is to create a corporate policy on acceptable uses of the Internet. Your corporate acceptable use policy should be explicit. Don't just forbid posting inappropriate messages to Usenet--spell out which kinds of postings are unacceptable. An acceptable use policy must also be flexible. If you have a rule against cross- posting the same message to multiple Usenet groups, provide for circumstances under which cross-posting may be appropriate and necessary. Your policy should be reasonable. You'll need to address the issue of non-productive Internet use in a way which recognizes that, initially, your users are going to spend a certain amount of time simply becoming familiar with the Net (although you can significantly decrease the time wasted with the proper user training program) and that that time simply won't be really productive no matter how it's spent. Your policy should also specify the penalties users face for non-compliance. Penalties should match the gravity of the offense and escalate for repeat offenders. Above all, your policy should be enforceable. Don't ban behavior if you can't or won't make your proscriptions stick. You should also strive to make your policies equitable and fair. If it's contrary to policy for a mailroom clerk to spend company time posting to alt.sex.fetish.hamsters, the same restriction ought to apply to executives. While it's reasonable to forbid users to spend time playing Netgames during working hours, you may want to make exceptions to that ban during lunch hours and coffee breaks (assuming you can afford the bandwidth). And so on. There are some tools available to help you. SurfWatch Software (http://www.surfwatch.com) offers its Netscape-compatible SurfWatch 1.0 filtering software in versions for Macintosh, Windows 3.x and Windows95. SurfWatch is designed to block access to sexually explicit WWW sites, FTP sites, NetNews, Gopher and Chat, using both IP address filtering (based on a regularly- updated database to which users can subscribe for a modest fee) and on proprietary pattern matching software which blocks on key words or word pattern matches. Microsystems Software, Inc. (http://www.microsys.com/) offers a similar product in its Cyber Patrol which is free to CompuServe, Prodigy and AT&T WorldNet users. Although both of these products are aimed at enabling parents to control their children's access, they can also help you control access to material which is inappropriate for most corporate users. MacAfee Corporation (http://www.macafee.com/) offers WebScan, a version of its excellent virus scanner which works within the Spry Mosaic Web browser and the Pegasus email client (both of which are included with WebScan) to scan ftp downloads and MIME file attachments. You can ftp an evaluation copy of either the English language or international version of WebScan from ftp.mcafee.com in the /pub/antivirus directory. Last time, I discussed anonymous remailers, but failed to mention how to use them! For the Penet server, simply send email to anon@anon.penet.fi and you'll automatically be assigned an account number. You'll also get instructions on how to use the Penet server by return mail. (Copyright© 1996 by Thom Stark--all rights reserved) |