Slashdot Mirror
The Battle Against Junk Mail and Spyware
wildfrontiersman writes "A New York Times editorial by Brent Staples, The Battle Against Junk Mail and Spyware on the Web, laments 'The story of technology is the story of noble aspirations overtaken by a hard-core huckster reality. This process is on vivid display in the debate about electronic junk mail, which makes up more than half of all the e-mail that travels on the Internet.' He criticizes the new spam law, the lack of attention to spyware and how it threatens our beloved internet."
Try this link. However, for what it's worth, the editorial can be summarised to "Congress' new law won't work. Won't somebody think of the children!"
for the tin-foil hat crowd, posted AC to avoid Karma-whoring, here.
Is this the black activist Brent Staples? The guy who wrote "Parallel Time"? If it is, then he seems to really be branching out in terms of subject matter. He's not a regular for the NYT, is he?
A year ago, spyware wasn't nearly as bad as it is now. I was at a friend's house trying to show him some stuff from my gallery on his P4 2.0ghz, and it choked by starting Internet Explorer. 3 toolbars over each other, hard drive spinning like hell because all the ram is eaten up by spyware...
Had to run Spybot, ad-aware, spybot, ad-aware over and over for like 2 hours while rebooting to get rid of everything...
At least the latest Norton Antivirus scans some of it and so does Network Associate's antivirus. I wish Trend Micro's would do it too, it probably will soon...
Even though spyware may be annoying, it's the price that must be paid to allow for a more user-friendly computer. The more we automate our PC's, the less control we have over what runs on them. Or, one could buy a Mac and forget about it entirely...
------- "A true friend stabs you in the front." -Eliot
The new spam law does nothing about the invisible programs that invade our computers as we move from one Web site to the next. These insidious programs -- variously known as adware, spyware and snoopware -- can cause computers to call up aggressive ads or can actually track a user's movements through the Internet for use by marketers later on. The most sinister programs can record everything the user does, whether offline or surfing the Net.
And what the article does not discuss at any length is that we have Microsoft security (or lack thereof) to blame for most of the spyware problems. If Windows had better security, then most of these problems would not be there to the same degree as they currently are.
Visit Jonesblog and say hello.
In most other forms of media, it seems that advertising has had its day. Television is no longer able to subject us to ads and is threatened, Radio ads in internet radio are able to be skipped. So we only have to deal with the advertisements that arrive in our inbox.
There are a variety of ways of dealing with this detritus, the easiest one is make it a social stigma to admit to buying anything from spam.
Have any enlargements or pharmaceuticals ever been sold using this method? Has anyone ever received one of these messages and replied and then eagerly waited for their postie to drop by with their delivery of "Hot Teens"?
Turn Spam purchasing into the Venereal Disease of the new century and it will cost these folks more to send the messages than is returned in sales.
Legislation is pointless in an area where geography is no longer a method of control.
Both problems, the spammer and the salesman, can be solved with the use of a good 12-gauge shotgun.
Trespassers will be shot. Survivors will be shot again.
Mea navis aericumbens anguillis abundat
I was visiting my parents when they got their Dell and out of the box it required over 20Mb of security fixes and had a virus scanner (Mcafee) that was set to explode after 90 days if they didn't subscribe and the firewall off by default. Oh and of course their account that they setup with the instructions made them an administrator. We got that patched up and hardened quickly but your average Joe who buys a system and plugs it in is just a sitting duck and he has no clue. It's pathetic that companies like Dell can't harden the things a little before shipping them out.
Given what it's costing companies to reduce spam, and what they're paying in network bandwidth, wouldn't it be more economical to just hire people to track down the major spamers and then just post 10 million dollar international bounties on each head? I bet it'd cut the spam level alot more effectively for alot less money.
As for spyware, maybe it's just me, but how about say, not letting files download onto your local disk and set up with executable permissions? You'd think that maybe a modern OS would have some kind of setting to disable this kind of thing? Maybe even just lock out c:\program files\ from being able to create new directories? Yeah I didn't think so. I'm sure the new "security focused" development has better things to secure than the filesystem from malicious executables, because we all know this is a new and infrequent problem right?
One of these days I'll run into someone who gives you these "free offers to improve your life" and talks about how beneficial they are. Then I'll give them some nice theraputic blows to the face to increase the supply of oxygen giving blood to the skin. Look, it works! I can see it turning purple with extra blood now. You should thank me for preemptivly solving a case of skin irritation from lack of bloodflow. How about I remove some of those teeth so you're protected from dangerous cavities too?
Introducing the new Occam Fusion! Now with sqrt(-1) fewer blades!
I run a Windows XP machine for music editing and I use it online plenty too, and to date I have yet to worry about spyware, or worms. I don't have some ultra fancy shmancy set on the Win machine because I don't care that much about it. Now... I do contracting work at a mid sized Uni from time to time (I work at an ISP), and whenever at the Uni, I would see students' machine flooded with tons of spyware, viruses, you name it they had it. After fixing things for some of these kids while there, a call would come in an hour later, ONE HOUR, same kid, same viruses, same spyware.
See what happens is, people who are using Windows are using it mainly because of ease of use, at least that's my take on it, and it's easy to trick many Windows users to open up stupid mail, get horny guys to open up "Bratney Spears nude!" emails, as well as leechers to swap files a-la kazaa. ... Sorry to say I have no pity on most Windows users. Me I have everything from sparcs to ultras to i386's, and I've NEVER, NEVER, let me repeat, NEVER have gotten spyware, nor a virus. And no... I don't use antivirus software because my home gateway (NetBSD) filters garbage out before it comes in.
MoFscker
From article:
The story of technology is the story of noble aspirations overtaken by a hard-core huckster reality.
I think that's a little too narrow of a generalization to make about all of technology. But it is a symptom of a larger truth about technology. The story of technology is the story of technical progress outpacing social progress. We have not, as a society, come to a consesus on privacy, security, information as property, and who should regulate these matters. Similar, perhaps tougher, problems in biotech. This characteristic of technology driving questions about social morality is something I don't think was ever seen before the 20th century.
And oh... 20% on one extreme, 50-60% on the other extreme leaves 20-30% in the middle. Not really "hardly anyone" is it?
I do tech support for ~10,000+ clients. When Windows 98 was common, the biggest problems were stability and trying to keep it that way.
Now that win2k (and winxp) is out, the stability issue has been resolved. Now the most common thing I see is tons of spyware slowing the PC down to a crawl (obligatory slashdot humor: The difference between a PC infested with spyware that crawls, and Windows XP hogging all the resources making the PC crawl, is sometimes hard to discern.)
And of course lovely viruses from that oh-so-wonderful default-installed e.mail program, Outlook Express.
Most (nearly all) the *major* spyware issues stem from PEBKAC, a little knowledge (on the end-users part) would go a long way, but much of the spyware out there cloaks itself in "official" looking popups, all happily Verisigned, which can sometimes even trip up sys admins.
The next version of windows is rumored to fix this (to what extent is unknown) but undoubtedly will introduce a ton of new spyware.
Now isn't it nice that we BeOS and *nix users are immune to all that crap? I know I'm glad I use BeOS.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Most acts detrimental to the free state, such as murder, can be solved to within an acceptable degree by simply illegalizing it. Deterrence acts on would-be offenders, and the number of murders in the country is small enough that it generally does not disrupt life for most of us.
Spam works by entirely different rules. It is not enough to deter MOST spammers. It takes only a sufficiently capable handful to bring the mail systems of the entire country to their knees. The economies don't work in the same way: a typical murderer affects the lives of anywhere between one and a hundred people; a spammer affects between one and a hundred MILLION every week.
So relying on a citizen to be rational -- to realize that it's not in his best interest to spam, given the consequences -- will not work. There are more irrational actors than it takes for spamming to remain alive and well. There must be some sort of technological barrier in place -- with the support of the law, I believe -- to ensure that even these irrational actors are incapable of spamming.
What are some examples? Require by law that all ISPs -- be they mom and pop shops, tremendous corporations, or colleges and universities -- provide information in an email sufficient to identify the sender. Then prosecute the ISP harshly if it allows a user to spam; hopefully, ISPs can be deterred more consistently than individuals. Overseas ISPs are obviously beyond this jurisdiction, but the FCC might take it upon itself to publish a list of overseas ISPs that comply, and recommend blocking all that don't.
Alternatively, institute a microcharge on email -- be it monetary or computational -- to disrupt the economies of scale. When a user receives an email from an address not on his whitelist, his computer (or the ISP's) responds with an NP-hard computation problem that the sender's computer must solve before the email is delivered. Solving one -- or one hundred -- such problems would be no problem for a user's computer, but solving one to one hundred million would be much harder. Spamming would require computation like Japan's Earth Simulator to pull off, and the amount of computation might scale each year according to Moore's Law.
mayebe I dont remember the law very well, but wasn't there some type of law back like 20 or more years that made it illegal to steal computer time. This applied mainly to mainframes. Couldn't this be applied to spyware,adware, and snoopware, stealing computer time on pc's?
It doesn't help that spyware databases software databases have gotten so undiscriminating. You run a spyware scanner, and even the best ones raise red flags over stuff that has some of the features of spyware, but simply isn't. These include customer support tools like backweb. Yes, these can be abused, but ultimately anything you install in your system can be abused. It's simply a question of whether you trust whoever provided the software. Gator and Alexa have used up our trust. Backweb and the CS orgs that use it have not.
There's also the cookie issue. Yes, cookies are a grave threat to privacy. But the solution is in your browser: configure it use a good privacy policy, or if you totally hate cookies, not to accept them at all. Scanning the cookie database is a waste of time. Yet all adware scanners insist on doing it.
I still remember the stories of my grandfather who worked at the federal post office how the amount of advertisment letter rised with the introduction of railway post transport.
Before that messengers on horses of coaches had to be used. This had the effects that letter where relatively expensive and traveled very slow (4 months from east to west coast). And it was insecure due to hostile natives.
However all this changed with railway post transport. And so the amount of advertisment letter increased greatly. It even delayed the transport of legit letters, so that the post office had to use special (more expensive) rates for advertisment transport to keep to flood under control. Note that hiding advertisment letters as normal ones didn't work: the post offices clerk were allowed to open every letter and check which they really did regulary.
Over 90 years and counting !
If you know what you're doing with email, and use a statistical filter such as spamprobe (or SA/other bayesian) from procmail, consider joining the community wpbl experiment. This is essentially an IP blocklist built automatically, in real-time, from many statistical filters (no manual user action ). IPs from mail are automatically extracted, classified as spam or good by your bayesian filter, then reported to the central server 24 hours a day. This is not like spamcop.
It's seldom that a well reasoned analysis of the spam debacle makes it to the pages of the mainstream press, but the discussed article is well reasoned and quite to the point in emphisizing that this issue (unwanted advertising) is nothing new.
/.
As for how widespread the spam problem is, I cannot really opine as to whether the problem deserves the kind of attention that it is getting, as I have had the same email address for well over three years, it is visible on several mailing lists and usenet, and "I have yet to recieve the floods of spam that I so poften see described here on
I'm not claiming to get no spam, as I do recieve two to three unsolicited comercial email adverts per month at my account, sometimes a few more (I once recieved six in one week), and this leads me to believe that there is probably something about one's user habits that either does or does not attract spam.
I'm also sure that one's email provider has an effect on how attractive that address is to spammers. I'm sure that GMX's anti-spam measures do make thier users less attractive to spammers (If you were a spammer, would you put much energy into spamming a domain of email users if you were certain that the domain admins were likely to adjust thier filters before your ad run was complete? or would you concentrate on those domains that left it up to thier users to face the onnslaught alone?)
Email providers would take common sense measures to protect thier users from the most obvious spam with poorly forged headers, email originating from unsecured proxies and open relays, large numbers of identical meassages targeting alphabet blocks of obviously generated addresses, and emails originating from known spam source IPs (not netblocks), as well as applying "learning" filters (Beyesian and/or whatever), allowing users to submit examples, but apparently few providers do this.
Why do people continue to use thier services?
Has anyone here abandoned an email address after it became such a spam magnet as to be nearly unusable?
Read, L
If there is spyware sending out packets, one could presumably see what IP address they are going to and maybe even reverse engineer their data format. Then someone could write a program which sends their servers spy packets containing meaningless or misleading information, thereby screwing up whatever market research they are trying to do. Maybe we can create some fake correlations between unrelated items, after all, unlikely correlations come up often enough in real life, like diapers and beer, that they may not catch on until long after their databases are completely cluttered with meaningless crap.
Unknown host pong.
The irony is that at the end of the NYT article, if one inspects the source code, there is this little gem of javascript code from:
g .j s
http://www.nytimes.com/js/s_code_remote_samplin
This fetches a few pieces of data and sends it back to 2o7.net in the form of a URL for a 1x1 gif.
Anyone care to reverse engineer this code and see what it's reporting back?
Why do you say you are immune? Ever hear of installing a program as a user, in your home directory?
Sure, it wont effect other users directly, but it will still slow down the machine and waste bandwidth...
Sure, *nix users arent targeted yet so we are safe for now. But we cant *just* sit back and laugh...
---- Booth was a patriot ----
I assume that spam is one of the last places where people believe that an ad driven business model will survive. In most other forms of media, it seems that advertising has had its day.
What world are you living in? In the one that I inhabit, advertising is a multi-billion dollar industry. All of that brain sapping drivel pushed out on network television every night creates a captive audience to push sodas, alcohol, cars, and everything else that makes the (Western) world go round.
The fact that you and your friends use Tivo or listen to internet radio stations is only slightly more important than the fact that you use Linux at home. The rest of the world still uses M$ products and buys things because a commercial told them it will get them more pu$$y.
As for e-mail advertising, this is the latest (not even latest, but relatively recent) intrusion of advertising into communications mediums. Until people are willing to PAY for things (e.g. HBO) instead of being cheap greedy hypocrites, advertising will continue to infiltrate all communication and entertainment mediums.
Even when people are willing to pay for things, the advertisements will become more subtle and embedded, with product placements as perfectly nailed in the movie The Truman Show.
And the reason advertising continues to happen in e-mail is that the costs to advertise are getting less and less to the point that now if 1/10000 people buys Herbal Viagra or whatever crap is being sold, then it becomes worthwhile. So good luck convincing 100% of the people to stop buying stuff. Let's come up with realistic solutions.
Buy a Mac.
.Mac email addy, I haven't had a bit of spam come thru at all.
I'm not trolling, nor am I evangelizing, but the truth of the matter is, out of the box, Macs are FAR less prone to be susceptible to any of these nefarious internet annoyances.
Spyware: practically non-existant for Macs, and any application needs to be manually copied or installed w/a password verification, so nothing gets by without you knowing it (assuming you trust every user of your computer).
Spam: Mac OS X's built in Mail client has an excellent and easy to use spam filter built in, and in the 2.5 years I've had my
PopUps - Not only can you block pop ups in the default browser Safari, most of the pop up ads are themed to look like Windows dialog boxes, so they're easy to spot as advertisements and whisk away with a single click.
Just my 2
Of course they haven't. They still haven't forgiven Franklin Delano Roosevelt for being so uncouth as to die in office.
NYT writers are well known for making things up, so I'm sure that any word about software that would indeed make things better would be considered obviously false and get the writer fired. One must not be quite so obvious about the fraud, so as to get awards rather than fired.
Bob-
The Ludwig von Mises Institute. The reasoning individuals economics
Is there a correlation between spam and spyware?
Does any spyware collect email addresses from adress books?
Does any spyware submit the user's address with it's data?
Do people who's machines are or have been infected with spyware get more spam?
Just wondering.
It seems that spyware that tracks a users web viewing habits would be a no brainer as a data feed for a targeted spam operation.
Read, L
Most apps that install spyware usually have something in their license that says "we have the right to install whatever we want on your system". When a license says something like that I usually back away and not install it. There is a certain sense of apathy where people no longer read the End User License Agreement, but with freedom, and freedom from spyware, you must read the EULA and make sure a phrase like this is not present.
Granted EULAs are usually long and cumbersome and rightfully so, that is what makes most end user just click 'accept' right away. Also if you search the program you want to install on the web you may come up with a review or someone else stating that spyware is installed with it.
A majority of spyware programs are installed with legally questionable software, file sharing. To minimize your chances of installing spyware do not install any "legally" questionable software and read the EULA!
Make me your friend. All my friends get +1 modifier and I need friends :)
But then you would filter out emails coming from Bugtraq, confirmation emails from online retailers, opt-in email that you want to recieve, not to mention creating a huge pain in the ass for people that just send alot of email.
;-)
You have to look at this from an abstract viewpoint to realize why nothing works so far (except bayesian filtering - to a limited exent).
You own server X. Out on the internet are servers A, B, C, D, and E. You know that you don't want any mail from D and E because they're spammers. You *might* want mail from C, sometimes but not all the time (a retailer, let's say). Messages from B you'd like to let through because that's your buddy's ISP, but A is a server used by both your friends and spammers (for example, AOL).
Now then, give us a simple algorithm to make sure that you always block D and E as long as they're sending spam, sometimes/never from C, allow from B, and block some mail from A depending on whether or not it's spam.
If that sounds too hard, then just come up with a simple algorithm to determine whether or not an email is spam.
See why it's still a problem
"It is seldom that liberty of any kind is lost all at once." -David Hume
here
Help fight continental drift.
The boycott you propose has already been around for a long time. It's called the "Boulder Pledge". Unfortunately, it doesn't work.
The people who advertise through spam are fly-by-night operations. They typically hope to make a quick buck by shoving a message at a million people and getting a 0.0001% conversion rate. (Do the math.) Often they aren't even the ones with products to sell; rather, they're "basement operations" with little in the way of resources or business sense hawking merchandise on behalf of the less-reputable amongst affiliate programs.
The people who make the real money off spam don't make the money selling stuff through spam. Instead, they get paid by aforementioned fly-by-nights to send the spam. They are the few fat sleazeballs sitting at the top of the pyramid being supported by everybody else. Just ask Alan Ralsky (if you can get a letter through to him under the massive number of catalogues he receives).
This convoluted chain of middlemen is the reason why normal market forces haven't stamped out spam, even though spam is net unprofitable. Losers pour money into the spam system and are dealt out of the game with a high turnover rate; but there are always enough new losers coming in to keep the system afloat. Meanwhile, professional scam artists know every trick in the book to squeeze money out of an activity that truthfully causes a net loss for everybody else involved.
From the fly-by-nighters lured in by the promise of easy riches and duped into paying hard cash for spam advertising to the victimized ISPs and end users who have server, bandwidth, and support costs shifted to them, everybody else comes out in the red anyway. So how, exactly, is a boycott supposed to work?
Microsoft Windows is, fittingly, the official Desktop OS of Olig
But the Solution to Spyware is fairly simple. Make the sender pay, like normail post. That is why I don't get hundreds of posts in my physical mailbox. (and the fact I don't participate in competitions every chance I get) Simply put, for somebody to send me email they have to perform a task. Say calculate the first five primes that end in five. For one persons computer this will be trivial. But for somebody mailing out millions of posts it becomes impossible. In fact I can increase the computation difficulty depending on what I want to filter out.
Your post advocates a
(x) technical ( ) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Spammers need images to get past word filters and to make an ad "stand out." Images can't be sent with the e-mail so src tags are used. href tags are also used for links they expect people to click on. "http://" is a unique identifier that absolutly cannot be obfuscated or it will not work. You can add a lot of junk before an @ symbol but eventually the real link must be there. Simply block that link and poof, no more spam from spammers advertising using that domain. You can block countless spammers by blocking a single 100% unique URL that no legitimate e-mail will ever contain.
The full write up of my take on what I see as horribly flawed ways to combat spam and source code for the custom programs I use to strip links out of e-mails.
I have an example of spam posted there where everything is just a mess in the e-mail. The headers are forged, the text is all obfuscated. But there, clear as day is an "HTTP://"
Poof, killed the spam domain. And there's no way to circumvent my method except by not having links of any form in the e-mail. If you put a link in a spam, I will find it and I will block it.
Ben
Work Safe Porn
Really, many things together contribute to this problem. In no particular order:
A rabid consumerist/capitalist economy. Everyone wants you to buy something. Everyone NEEDS you to buy something or the whole thing unravels.
As a result, advertising in general has become a tragedy of the commons. It's so pervasive that it's becoming ineffective. Nearly everywhere you turn, there's an ad for something. Most advertising doesn't even improve sales, it just keeps them from slipping. The culture of advertising has gotten so embedded in business that few have realized that superbowl ads are usually a net loss. Perhaps the crassness of spam would turn off the 1/10th of a percent who buy if all other advertising wasn't so crass.
A general acceptance of legalese. If products carrying a EULA over three paragraphs (normal paragraphs) long or using words that have not otherwise been in use for 3 centuries was simply rejected, there would be none. With EULAS cut short, there'd be no fine print on page 123 to hide the spyware disclosure in.
Another way to accomplish that would be for the legal system to admit that it's just not practical (or even financially possible) to hire a lawyer everytime someone shoves a document at you. Further, it should recognize that a contract must be understandable to an average person with an average amount available to devote to such things. Anything not meeting that criterion is null and void. Fine print on page 123 does NOT constitute disclosure.
Loosened community ties have opened the door to scam artists like never before. In a worldwide community where the number of people you actually know is vanishingly small, social shame is not very effective.
Society is well behind the growth of technology. When it becomes more socially acceptable to proclaim that you sell drugs to 8 year olds than to admit you're a spammer, much of it will stop (OK, they may not be that bad, but it's close).
We need for it to be socially and legally acceptable to spit on a spammer's shoes in disgust. It's good that we as a society are (slowly) learning to accept diversity, but at the same time, some things are NOT reletive. An obnoxious ass who deliberatly annoys millions of people a week does NOT deserve understanding, he deserves contempt. Nevermind jail, ostracise them.
Law enforcement. If you or I produced the very same spyware that's out there with the very same barely existant (or non-existant) disclosures, we'd be up on charges. Just because it's incorperated doesn't make it OK!
</soapbox>
$5 / month hosted VPS on linux = awesome!
I can personally attest to this. I've been doing on-site PC service for a local company for the last couple months, and our #1 call by far is for problems that end up being spyware/ad-ware related.
In my experience, SpyBot works extremely well, but it has a few quirks in its interface that lead people to not get everything cleaned up that it can clean up.
Most importantly, when it finds spyware it tells you requires a reboot to remove, you'll notice that it rescans everything during the system restart. The thing is, though, it isn't *removing* everything during this stage. It's only setting itself up so it *can* remove what it finds successfully, if you click to "fix problems" on its console window after everything finishes and the Windows desktop comes back up!
Also, I'm seeing more and more virii/trojan horse type infections that are smart enough to kill processes of any known virus scanner. These wouldn't have the chance to infect a PC in the first place if people kept their virus scanner running and updated, but many people don't. Then when someone like myself comes in and tries putting an updated one on the PC, the install won't even complete successfully. (This also manifests itself as a scanner that shows itself as "disabled" in the system tray, but which won't ever stay enabled when you try to toggle it back on.)
I'm at a loss as to why Symantec, McAfee, AVG, and the other popular scanners don't allow doing a "reboot and scan/remove virii before system startup", so the virus code can't get a jump on the scanner??
But hang on ...
...
/. is a wonderful and colourful place
"(x) Mailing lists and other legitimate email uses would be affected"
The most I have emailed in bulk is say 5o people. If my computer requires 15 minutes of computation to post to 15 people so what !!! My computer is multitasking, and if I were to send postcards it would cost me much more time and money
"(x) It is defenseless against brute force attacks"
Ammm we are talking Spam, but brute force would require that they do a computation for every post they send. (They not me)
"(x) Users of email will not put up with it"
Well, I can't see why, if it a solution to a problem, why not. It's no skin of the users back.
"(x) Lack of centrally controlling authority for email"
True, but tell that to Linux development. This would only work if It is viral.
"(x) Public reluctance to accept weird new forms of money"
I doubt this point is relevant. In any event, you will use it if that hot chick gave you her email address.
Killer app is all it's about on the internet.
"(x) Huge existing software investment in SMTP"
Very true, but how much is spam costing ?
"(x) Extreme stupidity on the part of people who do business with spammers"
So what, "I" don't want spam and if I and enough like me implement this method of sending mail then It wil be part of the next outlook. The Extreem stupidity" market will upgrade without knowing.
"(x) Armies of worm riddled broadband-connected Windows boxes"
Not relevant, we are talking Spam that keeps showing up in my box. It is relevant if you mean that they will distribute the computation that way. Well, so be it, only a small persentage of the spam should be coming from those boxes. And even they will be bogged down. Currently it has becoe a huge computational task to send simple email. If you increase the computation 100 fold (that is too small still) Considering the drop in hit rate, it will just make it unprofitable.
"(x) Sending email should be free"
But it is, you see, all you will use is waste. 99%+ of most computer time is idle time. It will only cost spammers that send 100 million posts.
"(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical"
This is a discussion on what a future solution may be
"Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work."
?!?!?
Giorgis
Not only is the FTC now required to study a do-not-email list, there's even talk of the DMA's worst fear - a do-not-mail list for paper mail. Bills have already been introduced in New York and Massachusetts.
This is the year to go for a do-not-email list with teeth as sharp as the do-not-call list. It worked for fax. It worked for phones. It can work for e-mail. And it's an election year. Keep pushing on your elected officials and the FTC. Push the FTC to implement a do-not-email list. Insist that it include domain-wide opt-out.
And yes, it will work if the law goes after where the money goes. Any competent cop and prosecutor can find out where those Viagra orders get fulfilled and who collects the money. It just takes some routine police work and a few court orders.
I am a full time Linux user, however I am always drafted to work on my families trashed Windows computers. Anyway after a long hard search I found good freeware solutions for detecting & removing Keyloggers and Spyware.
These are also good if you want to safely use a strange machine. These are the programs:
SpyBot S&D safer-networking.org
Pest Scan pestscan.org
Keylogger Hunter http://www.styopkin.com/keylogger_hunter.html
Patent: from Latin patere, to be open
In ye old days, AV scanners would not only scan for malware that wasn't strictly a virus, but would invariably include an "innoculate" feature which would create checksums for executables and libraries, and the on-access scanner would refuse to run altered or non-checksummed executables. The latter is handy to protect against users installing or running malware. Windows XP includes this, but in a very, very cumbersome manner (Software Restriction Policies) but which at least can check certificates so windows updates will work..
Any one know of any free checksum-checkers-on-execute, preferably with some sort of centralized checksum database, for windows?
SCO employee? Check out the bounty
Now, Windows is well-entrenched because it's what the current user base is used to. We can't get them to budge because we can't persuade them that the change is worth the effort. But if millions of college students are getting a thorough education in how totally insecure Windows is....
I have java, javascript and css enabled and don't have problems either.
This might have something to do with me running mozilla on linux tho.
For spam, I let spam assassin do its work, and very rarely see spam coming through.
But then again, I can't go back to windows. I am too used to my heavily customised unix-like (in this case gentoo) desktop. So spyware isn't really a concern for me.
The way to corrupt a youth is to teach him to hold in higher value them who think alike than those who think differently