Stop that. Right now. I know — you meant well. You were try­ing to warn your friends and fam­i­ly about whichev­er virus is mak­ing the rounds. But…

What’s the source of your infor­ma­tion? Is it email sent to you by some­one else, prob­a­bly for­ward­ed sev­er­al times already? What kind of author­i­ty do any of the senders have? Are they peo­ple you trust to know about virus­es and secu­ri­ty issues? Or is it your Uncle Fred who just got a com­put­er last year and has been glee­ful­ly for­ward­ing every piece of mail sent him to a dozen oth­er peo­ple ever since he got on the net?

Did you ver­i­fy the infor­ma­tion with a reli­able source? Per­son­al­ly? I don’t care if the per­son send­ing the mes­sage to you said they checked — did you? 90% of the virus warn­ings I see are hoax­es, and if every per­son per­son­al­ly checked the infor­ma­tion they’d received before send­ing it to any­one else, hoax­es would die. I worked in the devel­op­ment depart­ment of a very well-known inter­net com­pa­ny where we reg­u­lar­ly received “alerts” from the MIS depart­ment that were almost always virus hoax­es — and there­fore any infor­ma­tion from the MIS depart­ment was auto­mat­i­cal­ly con­sid­ered non­sense by just about every­one. My favorite reli­able sources are Com­put­er Virus Myths, Syman­tec and The Urban Leg­ends Ref­er­ence Pages.

If it is about a real virus — do the peo­ple to whom you’re about to send this warn­ing need to hear about it from you? Prob­a­bly not. If they’re on the net and haven’t already installed antivirus soft­ware and set it to update itself reg­u­lar­ly, they have prob­lems any­way. If you’re a sys­tem admin­is­tra­tor or oth­er­wise respon­si­ble for the secu­ri­ty of those people’s machines, you already have poli­cies and soft­ware in place to pro­tect them, right? So you prob­a­bly don’t real­ly need to send out email about this virus, what­ev­er it is.

Please don’t send virus warn­ings to unre­lat­ed mail­ing lists and news­groups, please, unless you absolute­ly know that a virus has been dis­trib­uted via that list or news­group. Don’t send them to any­one, in fact, unless you have rea­son to believe that the indi­vid­ual to whom you are send­ing the mes­sage has been exposed to the virus in ques­tion. Don’t ever send virus warn­ings to every­one you know, unless your sys­tem has been infect­ed and you have rea­son to believe that you have per­son­al­ly exposed all of those peo­ple to the virus.

There are plen­ty of legit­i­mate email newslet­ters to which peo­ple can sub­scribe if they do want to hear about the lat­est virus­es. All of the major antivirus soft­ware pub­lish­ers have them — Syman­tec, AVP, Trend Micro — check with your cho­sen product’s pub­lish­er. Peo­ple who want to get trust­wor­thy alerts about gen­er­al secu­ri­ty issues should sub­scribe to the CERT advi­so­ry list.

Nobody sub­scribes to mail­ing lists for home­school­ers (or for sax­o­phon­ists, philoso­phers, fash­ion enthu­si­asts, needle­work­ers, or hag­gis lovers) to get virus alerts. They’re off-top­ic, even if the list-own­er doesn’t say a word. They just don’t belong on those lists unless a spe­cif­ic virus was dis­trib­uted to the list or list­mem­bers. It is rude to send virus alerts to those lists for any oth­er rea­son. Please don’t be rude.

Orig­i­nal­ly pub­lished Jan­u­ary 28, 2001