Slashdot Mirror
Infected Windows PCs Now Source Of 80% Of Spam
twitter writes "The Register is reporting a study by Sandvine.com that blames Microsoft Zombies for 80% of all spam. The study goes on to claim that 90% filtering is not effective given the unprecedented volume and that sophisticated trojans are able to drop spam directly on end user's computers despite current efforts. Just another cost of supporting Microsoft, I suppose."
OK, I'm turning SpamAssassin down to .01 points and letting it all get rejected. I just give up!!!
Microsoft Windows is on 80% of desktops or thereabouts. Microsoft Windows is responsible for 80% of spam. Seems fairly obvious to me.
Was this really actually a surprise to anyone or was this just confirming the obvious?
Hmmm.
When XP Bug patch 2 comes out, this suituation will only get worse, since ppl can't patch their dodgy ( illegal) copy of XP.
I get 4 or 5 NetSky infected e-mails every day. I wish people would quit using Windows. It's unsanitary. Kinda like using used needles for shooting up.
Windows users: Please learn Linux or buy a Mac. Thanks.
90% of all statistics are invented. Especially when they bash Microsoft, but certainly not any ones that indicate anything good about Microsoft.
in filter research, maybe we should be spending it on educating users in basic protections....or converting the unwashed masses. I like the 2nd one better :P :P
Please note the sarcasm in the "unwashed masses" comment before modding me as a troll
Here's an idea to help block spam from these. Don't accept any mail from a block of IPs for residential use. Like all of comcasts home subscribers. Same for ameritech, Road Runner and all those other residential networks. They are under a license agreement to not run a mail server anyway.
I admitt it would be an inconvienamce because I run a mail server like that but it might be worth the pain for less spam.
Evolution or ID?
If computers are going to be a tool used by anybody, I think along with securing OS's real user education must be encouraged.
Today you have to have a license to drive so why not learn how to play safe if your PC is connected to a public network.
Everyone will have been evacuated from the Windows world.
Yes, linux can be more secure than Windows, but the fact is that over 90% of these zombie PCs could have prevented infection by simply having (a) their firewalls enabled and/or (b) having intelligent users. By default, most linux distros don't come with firewalls enabled either (at least, the last time I checked; I think it's becoming more common for firewalling to be enabled though, as with XP SP2) and as for (b), well, we'll always have stupid users.
Which translates into Geekish as "PC's Infected with Windows."
I run Windows and there's no sigh that anyone has ever received a spam message from WOULD YOU LIKE A BIG PENIS?! DOUBLE YOUR LENGTH IN 3 WEEKS!! me.
And these people are obviously not patching their machines anyway.
to guess what percent was caused by "infected" windows machines i would have replied 60+
so - the problem is worse than i had imagined, but im certianly not surprised.
Picks up de-gausser.. Gentlemen, i think you know what we need to do. Kachink.
This comment does not represent the views or opinions of the user.
Schools need to start teaching security. Just the idea and what you do. Kids will go home and teach thier parents. And slowly more people will become educated. How else can you educate the masses?
Evolution or ID?
Aren't most of the ISPs (roadrunner) blocking smtp traffic from non-static addresses? I would imagine that this cuts down on the majority wouldn't it?
(Plus, the dshield mailing list is right now talking about using all that data to setup a DNS blacklist).
yeah that's right
but all i see are Americans blaming someone else like China, mayvbe if i put my head in the sand i can do that to
i have an idea,how about those that make the mess clean it up ? (Iraq/Spam/Landmines/pollution/etc etc)
As Microsoft market share on most its products is usually in the mid 90% range they must be somewhat disappointed by this outcome. I'm sure Longhorn will have much better zombie spam machine .NET support.
----
Weather today will be periods of widespread brightness, followed later this evening by periods of widespread darkness. Also, Bill Gates is still in the list of top 10 richest people in the universe.
I can't speak for all geeks out there (we are usually on the front line), but I have seen so many computers running Windows XP out there just getting raped by adware/spyware/worms/trojans lately. One of the primary culprits? Internet Explorer.
The reason I believe it is Internet Explorer is that I have seen a machine that is behind 2 different firewalls (one of which is a very well configured PIX) get molested. It wasn't used for e-mail, no P2P programs for downloading and nothing else was used except the browser. I am SURE some people were browsing dodgy websites on that machine. So far, it is the only PC on that IP segment that has been infected so it wasn't from another machine.
Anyone else see this out there?
Ban Windows machines from the Internet ;)
i think that windows should be banned from internet
... whatever else
or at least, providers should charge windows users
more for the service, since their spam is using
much more bandwith then my emails and surfing
for everyone who really insist having windows,
would suggest dual boot pc, one partition with
linux for email, surfing, etc; and another one
with windows for playing, video editing,
i'm not trying to do video editing on linux
because there are better tools for windows;
and for the same reason, people should not use
their windows computer for internet, it just sucks
Actually it's about 45%.
I JUST found this out, can you believe that?
The people that have dodgy copies of Windows are probably smart enough to get change thier key and get patched, and they are probably smart enough to have a firewall running.
Its the people that buy a standard configuration Dell and throw it on the net as soon as they get home that are probably responsible. No Firewall, no Anti Virus, no clue.
Just another cost of supporting Microsoft, I suppose.
Just another cost of supporting users who install the software. Most of these hijacked Windows boxes are a result of a user wanting to see Britney Spears naked.
CLICK HERE--ALL NEW PICTURES OF BRITNEY SPEARS NAKED
This has nothing to do with Windows security other than running an ignorant user as an administrator.
At least the 80% value is larger than I'd have guessed.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Imagine if ISPs all started implementing this. This could make a huge difference to the amount of virus/worm generated spam.
Step Two: Follow the money.
Step Three: Follow the money.
Step Four: Take a wild guess.
I'm just going to keep on saying this, year after year, as it becomes more and more clear that those engaging in spam are operating outrageously criminal enterprises: If you want to stop spam, FOLLOW THE MONEY.
Find some Viagra spam. Buy some Viagra. Trace the shipment to you, trace the cash transfer from you, arrest. It's not that hard. It's just not very geeky. People, there's no magic technical solution to this -- there's increasingly illegal stunts being pulled, and the only people out there with the IP-layer mechanisms for tracing the attackers really can't afford to release that data as it would compromise rather more important investigations. But -- we've got a very mature infrastructure for tracing financial and mail fraud. We just need the political will to use it against Spam.
It's just not that hard.
--Dan
... I apologise for the percentage of MS users who are beyond help, and for the admins who allow them to be so.
We keep our corporate networks nice and clean, we stomp on infections fast, we try to educate our users, we run filters and firewalls, we put in place policies and we try our damndest to prevent this stuff.
But if those users go home to an infected PC, then we've failed. failed badly. We don't get paid to keep home machines clean, but how much harder would it be to really educate our users? really?
What can we do? Well, we can impress on our users, as I'm trying to do, that thay can suffer real, genuine harm if they don't practice safe computing.
I have this idea. A user doesn't give a crap if they're not harmed directly by a virus. OK, they have a spamming trojan on their machine, do they notice? no, they don't.
So I make sure I tell my users that there are viruses out there which can log their keystrokes and, by inference, steal their credit card number or online banking details or any other personal information.
That makes them wake up. Once there's a chance they might be directly affected in ways other than a slightly slowed down machine, then they start to take notice.
I'd urge every other techie on a windows network to inform your users in the same way. make sure they know that viruses aren't just something that affects other people. then they'll wake up, and everyone else will be better off. really.
Screw you all! I'm off to the pub
that will cut it down by 80 or more %.
it affects some people who DO run smtp at home, but since M$ won't patch everyone who NEEDS the patch (pirate or otherwise), the only thing left is to disallow port-25 originate from home users.
sorry, but its either find/fix all the broken M$ boxes or stop home dsl/cable outgoing mail.
--
"It is now safe to switch off your computer."
I work for a small ISP and spam is the cause for most of my headaches. We run many different spam and virus filters and they work great but each time we crank the screws down a little with more filtering we get bombarded with calls about it. Seems that people complain about getting spam and when we reduce it more they complain about that because the filters may filter one of their love letters to their mom or whatever. You just can't win I guess.
All right, I'll get my coat.
The issue is user education. At least 90% of these exploits are published by Microsoft as resolutions and THEN the scum-sucking-basterds (Yes I do mean you) start using them. I am as educated as any of the linux users out there (I run red hat on a box at home), but I run majorly windows. I have never had a virus or had one of my pcs hijacked in the 24 years I have been doing computers, except for a mac on os 7.1.
The virus writers go for the economy of scale. Mac OS X would be targeted by virus writers more if it was more widely distrubuted. Many of the people I know that use it, have OS X because it is easy and they didn't have to do anything to set it up. Can we say ripe for viruses? Let us start seeing some real statistical indicators. Like Original Virii counts to OS instances ratio.
In God we trust, all others require data.
You are assuming of course that you will actually receive the shipment that you ordered. If most of these spams are a bit criminal, what's to say they just dont deliver? And what if the financial stuff goes through methods that the USA can't touch?
Hmmm.
For the next two weeks until i start a non-crappy job at a linux based company, I still work graveyards at one of the larger aggregate dialup resellers in the US (no, my email address, whois records, etc, are not indicative) and this means i mainly handle abuse complaints.
We get the occasional hit & run spammer who signs up for one of the $9.95/mo services with a prepaid credit card (so we can't effectively fine them) and then spams the heck out of the connection until we cut them off, but 99% of spammer complaints (that aren't due to spamcop being fooled by well crafted headers from brazil, or confused by unpublished relay hosts in our spam filtering cluster) are traced to users who have been with us for some time, who have never given us any trouble, and who have called customer service frequently for fairly basic help with simple internet setup tasks -- usually an account shared by a family with several children, or used by an old lady who just wants to look at pictures of the grandkids on the intarweb gadget. Pretty unlikely spammers.
The accounting department doesn't like it, would prefer to shoot first with a $100 fine and let customers beg for forgiveness later, but i argue constantly that we should give them at least one chance to disinfect their computer. We go ahead and fine 'em if they don't fix their issue within a few days, though, and then accounting makes them prove they are disinfected before giving them their money back.
It's poor customer service, ultimately, but wtf is an isp to do? If we just pestered them with email they'd assume we didn't really mean it, and would never fix their systems.
This is just like television, only you can see much further.
When MS stops letting illegal license keys get patches, those machines will be easy to spot. They will the machines running port scanners, DOS attacks and sending out spam 24/7.
Working from the theory that the same types of people who pirate an operating system would also pirate MP3s and movies, here is where the MPAA and DCMA (spelling?) authorites can focus their efforts.
Agile Artisans
Even if a user keeps up with the latest patches and antivirus software, their machine may become chock full of spyware. They clean it with Adaware and before long, it's chock full of more spyware. The latest round of spyware is just about as bad as any virus I've heard tell of. My point is Windows can't be secured. So I'm not surprised to hear 80% of the spam comes from Windows machines.
Wansu, th' chinese sailor
You can STILL follow the money :D
I am the Barber of Seville.
Since this study was published, whenever I receive spam that (according to the Received: headers) appears to have been sent via a broadband IP address, I refer to it in my spam complaints to ISP's. I also suggest closing outgoing port 25 per default, and only opening it for customers who explicitly indicate wanting to run a mail server.
I keep a text file with this message for easy pasting into the spam complaint.
That argument is based upon the assumption that security == marketshare.
Security is not the same as marketshare.
The vast majority of zombies were infected via Outlook's ability to run executables from email.
In order for Linux to have the same infection rate as Windows, Linux would have to have the same (or similar) flaws. For example, the same email client installed, by default, upon every Linux machine and that email client would have to run executable content.
Windows was designed with "user-friendly" being far more important than security. So important that security would be compromised in order for a feature to be "user-friendly". That is why there are so many problems on Windows machines.
Here's an example. Grab the latest copy of WindowsXP, run it without anti-virus software. Why is WindowsXP still vulnerable to the same viruses that Windows95 was?
``When XP Bug patch 2 comes out, this suituation will only get worse, since ppl can't patch their dodgy ( illegal) copy of XP.''
That won't make it worse - the situation for those user's who can't or won't install SP2 will stay exactly the same as before. Those who do install it will improve. So, it will make life not worse, but better.
It would be interesting if a critical vulnerability were dicscovered that pretty much stops the system from functioning (like Blaster). If only those with licensed installations can get the fix, the rest might realize that you don't get a good OS for free by pirating Windows. Something, though, tells me that Microsoft will make critical fixes available to anyone, though.
Please correct me if I got my facts wrong.
at least thats what 27% of us think
I was going to post this exactly. If you want to stop spam, cut out the financial benifit.
The second the _sellers_ start getting arrested, spam will drop off dramatically. Its supremely easy to figure out who is selling this crap. Why not just slap some handcuffs on the offenders.
Suddenly, noone is available to write that $100,000 check to spammers.
no
But the fact is that it's the *majority* of Windows users, without a clue about the mechanics of their PCs and the Internet that create the problems for those of us who take the time to understand how IP networks & OSes work - whether that's Windows, Linux, UNIX, OS X, etc. etc.
Now is the time for ISPs to start coming down hard on their subscribers and not handing out Internet access to people until they have proven a degree of computer proficiency first - even to have to present a "License to use a computer on the public Intenet". I'm sure ISPs could make some money out of providing training for those licenses also.
I am tired of hearing the same old Windows v Linux arguments - they're *irrelevant* in this case, it's just about the people who don't know what they're doing (yes, 99.9% of them do use Windows) making it bad for those of that do know what we are doing.
The only defence Linux has is that Joe Bloke users who just want to play games and check email have no reason to not use the OS that came with their PC, namely Windows. Those of us that do use Linux do so out of choice and have gone through a high learning curve while using it - therefore, the average Linux user probably knows a lot more about how OSes & networks function than the average Windows user.
Gentoo Linux - another day, another USE flag.
Now that we know top spammers / email marketing firms....
How long would it take for geek population to find the PHYSICAL sites where they are located. And no we wouldn't be interested proofing that they send THE spam we recieved, only fact that they send spam lots of it. Now get AK47 in large quantities, and some explosives and timing based detonators. If 50 or more email marketing sites are attacked at same time all-around the world. With those offices destroyed, and top spammers sleeping with the fishes, how many would think that the email marketing is easy and safe money making business. The punishment maybe on a hard side compared to the crime, but it would simply eliminate Spammers.
Emacs is good operating system, but it has one flaw: Its text editor could be better.
"There are three kinds of lies...lies, damn lies and statistics."
Say that I suspect my Windows box is compromised. Is there a tool that I can use to log all outbound email to see what's being sent from my box?
Is that users of women, or women who use computers? Either way, I think the comment still works!
Spam vendors should add a weight to any email from cable/dsl ip blocks. Dont block them outright, but being from these addresses should add as much weight as a single accourance of the word viagra would.
My current (modified) strategy is: Only greylist IPs which are
- listed in a DNSBL(***) of your choice or
- contain several digits in their resolving hostname which would indicate a dial-up host.
(***) i use l2.spews.dnsbl.sorbs.net and cbl.abuseat.org. I would never reject any mail with these dnsbls as the false-positives are too high, but for greylisting they work perfect.This keeps the number of false-positives low and is really effective, as only suspicious hosts (dialup, dnsbled) are checked.
I am very satisfied by the results. The number of mails in the deferred queue dropped from ~15k to ~600, the system-load dropped from 2 to 0.5 despite the additional checking and database-lookups done. My system sends ~ 3-5 mails/second and rejects/deferrs 10-15 mails/second.
Greylisting implementations for your favourite MTA are allready available. You only have to use them.
Meme of the day: I browse "Disable Sigs: Checked". So should you.
In other news today, the Gartner group released a study finding that 110% of spam comes from unpatched computers running the Linux and BSD boxes.
The study found that unpatched computers with an uptime of more than 7 or 8 days correlated with large amounts of spam. The study recommended rebooting at lest 2 or 3 times per workday day, thereby dramatically decreasing the risk of becoming a spambot. The study consequently found that the so-called Blue Screen of Death is actually a feature.
"People running computers with an uptime of days, weeks, let alone months, are insane. Windows is not to blame for spam. People should learn how to read email," Steve Ballmer is quoted as saying in response to the study.
1) why do you care about the Netsky emails (they don't effect you personally but I guess you could inadvertantly forward them)
2) how do you know they are infected?
I am very small, utmostly microscopic.
If Windows is so easy to hijack and become a spam relay it must be possible for a Trojan to hijack a Windoze box and install all of the patches? Thereby eliminating most of the problem zombie Windoze boxes.
Unless, of course we start getting anti-anti-spam trojans - that actually patch Windoze to stop the anti-spam trojan working?!
Please don't steal my sig, it's my intellectual property
I'm just sincerely aggravated by the rampant viruses and worms and spyware infecting people's Windows machines. I run into people every week that are asking me "Why does my computer keep giving me a 60 second warning and rebooting?" "How come all I can see on the Internet are pop-up advertisements?" etc, etc.
I probably should be thankful because it's this kind of thing that helps pay the bills, but it's really such a mess out there that I'd rather just see people use something less dangerous than Windows.
Also, I wish people would quit modding me as a troll or flamebait just because I'm posting something negative about their favorite operating system. I don't feel like getting banned from posting for another month for this crap.
(Great, already banned again even though the post has more positive moderations than negative. I don't know why I even bother anymore.)
There is immense potential for profit here! Imagine if each trojan writer had to pay Microsoft 1/100th of a cent? They wouldn't ever have to release Longhorn!
I'm in the hole of the broadband donut.
They should be called Borgs.
Dawn of the Dead
What if ISP's had a package for your gran which included a firewall, blocked all SMTP traffic except though the ISP mail server and force authentication for the SMTP connection.
So your gran is at much lower risk of getting a virus, and when she does the virus has more hoops to jump through to send spam.
And a hacker package, no firewall, unrestricted SMTP access. As hackers tend to be firewall'd up, patched up, know not to open odd email etc and generally get less infections and the infections are removed quicker.
Sure, Its not a cure, but would make a big dent in the problem.
a
I worked for an ISP that had outbound port 25 blocked. Served both purposes in regards to our users spamming and infected users spamming. If a business client (or residential even), asked to have it open, we'd set their policy to allow outbound port 25 (assuming they had a static ip) with a small extra charge. Therefore this was never a big issue for us. Is it really this hard for ISP's to do this? I know at least in Ontario, Sympatico does this. Reality is, you can't always expect the user to be 100% patched and secured. At least not all of them.
-----
http://home.ica.net/~casino4u - Safe and Secure!
I seem to get spam from two sources. One is from someone/something that snagged my email address off my website, or who is doing some guessing, like sending to "info@mydomain.com". The other source of spam is clearly zombies, but it's not marketing stuff; rather, it's several flavors of viruses that all seem to have a payload, with messages that try to dupe me into opening the payload.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
Particularly the bit where it runs resident and alerts you to proposed changes in your registry.
WTF?!?
Why is my registry in danger from a website? Is it because Microsoft's default settings mean IE (and Windows) is wide open?
I'd rather the default settings be "locked down" and then each site would have to be allowed more access.
But that would be the complete opposite of Microsoft's "user-friendly" approach. And I'm going to ignore everyone who says that the security settings can be changed. I know they can. I'm talking about the other end-users who want to know about getting rid of all of that crap. Why does it take a THIRD PARTY APP to show them the problems?
``Why do I need to reboot?''
Because some of the updates will only take effect after you reboot - parts of the system that are only loaded at boot time. Some files cannot be changed/replaced on a running system - you'll have to reboot. And, finally, because your system is so wedged that only starting over from scratch can restore normality.
Please correct me if I got my facts wrong.
OK, so how do I tell whether my machine is infected or if SPAMmers are just using my return address? I'm getting bounced e-mails that I didn't send! I've scanned my machine, but I don't find any viruses. Also, the date and time for one of the bounces was while my machine was shut down over the weekend. Of course, the date can be wrong, but how do I tell? And if it's just SPAMmers using my return address, how do we stop this? Can't we modify the e-mail system to validate e-mail came from whoever it says it did!?
Xesdeeni
I know this would only be a bandaid solution, but it would definately help.
These zombie computers are getting the list of email addresses and commands to push somehow.... by connecting to an IRC server, etc... Shut down the source, and all you have left is an infected PC who can't download commands/lists. Has this even been looked at? I know different viruses use different methods, but I don't really think it would be a waste of time to go after the 'distribution' centers.
It's better to burn out than to fade away
Why not use SPF? check my weblog for some details as to why this is a much better idea then blacklists or some of the other solutions being proposed.
As far as I can figure from the statement in the article:
..it seems to me that the article should say 80% of the service provider's mail traffic was generated by zombies. This is completely different from the statement made in the topic.
"After comparing those data points with the total volume of legitimate messages passing through the service provider's mail system, we are able to arrive at our percentage of 80 per cent",
It's like you'd go to a bar and observe that 80% of women leave with drunken idiots, and thus proclaim that drunken idiots are able to hit 80% of women.
There may be some causality and statistical significance, but it definitely isn't as clear as the article suggests.
http://codeandlife.com
Thanks for helping destroy 'open standards' email, just so we can migrate to one of your 'trusted' systems.
Great.
Oh, and thanks for the free service packs to 'copiers' to help reduce this mess.
I'm so thankful you are a monopoly with a stranglehold on the consumer and business market. What would we ever do with out you.
---- Booth was a patriot ----
Spam is looking to sell something.
Someone paid someone something to spam it in the first place. Follow the money trail, find the spammer.
Nonsense. I run a personal webserver on a DSL line with a static IP. No spam comes from me.
Run spamprobe instead. After 4 month it's more than 99 percent accurate.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
Spam is all about mass market.
Mass market totally lacks any mechanism for avoiding easy to track, long distance transactions (cash doesn't work over distance).
People are actually receiving these penis enlargement pills...I mean, they're filled with dust, but they arrive.
--Dan
The simple thinking is this. If everyone used linux then we wouldn't have this problem.
The next level of thinking is that hey, if everyone used linux they would make viruses for it instead of windows and we'd have the same problem.
The next level of thinking is that linux isn't homogenous like windows so making a virus to infect all linux boxes is more difficult. But that is false because if linux were to be used by everyone there would have to be a homogenous version everyone used.
The real high level of thinking is this. If a spammer knows linux and gets a hold of a few linux boxen that's a lot worse than if he got a hold of the same number of windows boxen. Because linux is more powerful and stable they can send a lot more spam a lot easier than on a windows machine. They will only be limited by the hardware of the machine and not the resource hungry windows.
The only real solution is network level security. Firewalls and such. And of course smart users who can prevent themselves from getting hacked or can unhack themselves.
The GeekNights podcast is going strong. Listen!
Just another cost of supporting Microsoft, I suppose
I think the editors should exercise a little more control when posting things. This was perhaps an excellent resource to link to, but the last line could have been edited, sparing us from an easy (if overinclusive and ineffective) jab at everybody's favorite company to hate. In sum, the facts speak for themselves. We don't need slashdot to become like Fox News.
Did I miss the actual study with actual data? I only saw the one page executive report.
Pretty flimsy but probably true.
Keep the Classic Slashdot.
This should be a ridiculously easy problem to solve. If Microsoft just makes the TCP stack of the server versions of its OS fingerprint slightly different from the desktop version -- connections from these desktop machines can be easily blocked by a passively fingerprinting firewall such as Pf.
> Just another cost of supporting Microsoft, I suppose.
:rollseyes
Again, I must emphasize that were Linux the dominant OS and E-mail platform (thus being the target of spammers [b]and their ungodly intensive efforts[/b]) more likely than not it would have just as bad problems if not worse.
I stand prepared to be modded down by those with an emotional interest in Linux, but I cannot let fear dissuade me from speaking the truth. Yes, your lady is the hottest one on the planet, with no blemishes.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I'm sure it's people masquerading as me and the headers confirm this. It sucks though, it's identity theft isn't it?
The cops don't care.
SPF is the best chance at stopping it, but you'll be waiting 5 years before it's implemented and accepted everywhere.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
MSN, and AOL both use customer IPs to fake sending spam.
MSN was charging denver based spammer 1 million/month for bandwidth, email addresses, and use of their customer's IPs. Apparently, MS got greedy and then uped the price to 5 million/month for all the differing companies. So spammer turned to a very large baby bell and tried to sell them on the idea of them doing this for 2 million (While I do know that it went all the way up the chain, I do not know what the outcome was). Apparently, this baby bell is very comfortable in bed with MS and let it slip that the spammer approached them. So, MS was pissed and turned the guy in.
I do know that AOL does this and Yahoo also sells address. I have heard that comcast is doing the same, but this source is not quite as reliable. Though, I would assume that most of the large ISP's are doing this .
I do not have to understand how an internal combustion engine works nor do I have to know how to fix it in order to use it, so why does an average user have to be able to maintain an operating system they don't know how to fix or how it works?
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
Yes, it's currently the fashion around here to be sycophantic to Microsoft.
Stick Men
Yes, microsoft is an evil company. But why is your personal opinion "Just another cost of supporting Microsoft, I suppose." neccessary? /. crowd in the anti-microsoft league. But their evil doings/mistakes/whatever are obvious and can be commented in the appropiate stories.
:)
Some apparently think that they need to keep the
And, no, I'm not new here
Speaking from experience, I can tell you that it's not as easy as it seems...
.au where I'm located, the Spam Act 2003 only provides for civil penalty provisions against the spammers (in essence, the .au government will sue you for violating the spam act in civil court.)
Various jurisdiction's spam laws vary, but at least in
Even though the evidential burden in a civil case is much less (balance of probabilities/preponderance of the evidence) than in a criminal case (beyond reasonable doubt,) it still proves difficult to tie a spam purporting to advertise, for example, penis pills, to a purveyor of penis pills.
Penis pill guy sends his spam through a few thousand of 'fresh proxies' (spam guy terminology for freshly rooted or virused machines garnered from crackers or vx people), penis spam ends up in inbox with penis pill guy's contact details.
So far so good, but there's no causal link between A and B of any forensic value whatsofuckingever. Correlation is not causation.
I'd be more inclined to see a system which plugs into the MTA somewhere between RCPT TO and DATA, which performs a basic open proxy scan on the originating MTA (similar to what many EFnet servers are doing ATM,) and if the originating MTA fails the test, mail is refused (preferably with a '550 5.1.1 no such user' error as this may help get you off certain lists) and the originating IP is added to some form of distributed blacklist for X hours (i'd suggest 48... long enough to allow ample time for the machine's owner to find out that they have a virus or spam problem and fix it, not really long enough to cause a major problem.)
I'm actually working on building such a system at the moment... Details will be posted to my website when I have some half decent code that runs (instead of making postfix' smtpd dump core.)
You're doing it wrong.
Now banners are often not served by the site you're browsing, they're served by some other comapny who accepts them from some other company, and can execute nasty code just as easily as something embeded into the page.
I'm battling some of the same things, on a user's pc who does nothing at all out of the ordinary, just webmail and browsing of sites that are 100% not going to be installing spyware.
He tried to kill me with a forklift!
My ISP - iinet in Perth Western Australia - blocks port 25 (SMTP) by default.
But, you can request to have it unblocked.
This seems to be a good way to prevent this kind of issue, but without breaking the open nature of the internet. Surely this could reduce this kind of problem?
HOW TO CLEAN the viruses and spyware from your computer (and to cut down spam in the process)
I sure get a lot of spam and some of you are responsible. I know you aren't deliberately sending it out but because your computer has not been maintained properly YOU HAVE VIRUSES ON YOUR MACHINE THAT SEND OUT SPAM.
So let's get that fixed now ok. Here are some basic things to do that will clean up your computer. Just because you think you know what you're doing on a computer doesn't mean you do. Please follow this advice. EVERYTHING HERE IS FREE. Pay special attention to steps 1, 2, and 5.
1. Run Windows Update. If you are on a Windows computer you have to do this every couple of weeks. Just go to windowsupdate.microsoft.com and follow the instructions. Make sure you get the critical updates. If you don't understand the other updates don't bother with them.
2. Update your antivirus software. If you don't know what I am talking about then your software is NOT up to date or you don't have any. I recommend you go to http://www.grisoft.com/us/us_dwnl_free.php and get this free antivirus software. If you don't know how to download and install it FIND SOMEONE TO HELP YOU.
3. OPTIONAL: Check your system for spyware. This will improve your computer's performance. You have a couple of good free options in this category. Try Spybot at http://www.safer-networking.org or Adaware at http://www.lavasoftusa.com/software/adaware/
4. OPTIONAL: Install firewall software. If you consider yourself a computer novice then get help with this to make sure it is set up properly. A great product is Kerio personal firewall at http://www.kerio.com/kpf_home.html
5. FORWARD THIS EMAIL TO EVERYONE IN YOUR ADDRESS BOOK. If you aren't the guilty party they just might be. Let's clean up our act OK? If you know enough, BLIND CARBON COPY (BCC:) this so that everyones email is not exposed to all these spam machines. That means email it TO: yourself and BCC: it to everyone else in your address book.
Thank you for your prompt attention to this matter
If every book at Barnes and Noble suddenly has sheets of paper advertising Borders thrown inside, I promise you that Borders would be investigated.
Spam is not prosecuted because there's alot of fear regarding regulating the Internet -- justified, perhaps, but problematic in this instance. We can't solve this problem no matter how we innovate, because we built a network where it's not solvable. But the financial and criminal investigatory systems can help.
I'm telling you, this isn't a technically solvable problem. Your approach -- open proxy scanning -- utterly fails against botnets, which (as the story describes) are becoming _the_ source of spam. But no matter what is tried, most spammers want money from 0.01% of customers (not the stock spammers, but they're in a different category). Follow the money and investigate the subject. A couple people will get framed, but a couple people are always framed. Prosecute the obviously guilty and help solve the problem.
--Dan
My mistake. That one of those hazy rules that makes me hate the English language so.
I wonder if it would be feasible (and fast enough) to fingerprint the remote mail "server" while it's sending its mails. Then just add some SpamAssassin points if it's a Windows box.
blah
The thinking behind that being - anyone on a dynamic IP address running a mailserver is most likely running some sort of Unix-y thing, *or* they have a trojanned Windows machine.
No-one I know uses Windows mail servers, so I don't want *any* mail from Windows mail server anyway.
geeks can be Microsoft supporters. But the masses here at slashdot seem to want them to begone and have to constantly make a hostile environment for them.
The mail program ask you where to save it.
In windows, click-to-infect is the norm.
if you just NEVER use your primary email address on a website! Setup a free one (www.spamgourmet.com / www.gmx.net / www.hotmail.com / others) and use that if you have to fill out your email address somewhere.
:P
Never believe anything in a spam email. Especially not those lines that say 'click here to remove yourself from this list'.
Don't use Outlook (and variants) that make use of the Windows Address Book. Most worms that spread through email check your address book for email addresses. If the address book is empty, it won't send emails.
And slap anyone who puts your email address in a 'forward this to all you know'-email
Ex-post-facto proxy scanning (a-la SORBS) fails because the time between a spam run when the proxy is considered 'fresh' by Lunch Meat Guy and when it gets listed is great enough to make proxies a viable option for spammers.
In-situ scanning is a more viable solution, insofar as 'if you have a trojan, you aren't sending me mail' works. The more advanced gnutella/waste-alike botnets may be harder to detect with a scan, but as far as I'm aware, the majority of spammers are still using systems like Dark Mailer to send out crap through a preconfigured list of infected machines.
Research data on how these bots work will never be far behind them being in the wild (it wouldn't be hard to throw a cursory glance in the direction of a machine which spammed you yet didn't match a known trojan/proxy signature and figure out what it's doing,) though. Their decentralised nature means that they won't be able to deny connections from arbitrary IP addresses...
You're doing it wrong.
I'm not trolling, but how can someone tell if their system is a zombie? I keep hearing that most users are clueless (which is probably true) but no one has ever told me how to see if my PC is a zombie. (Hypothetical.....All I run is Slackware but my wife's machine is Win98)
Ever heard of FTP? How about web hosting your anims somewhere and mailing your clients/contractors a link?
...if Windows users would start using Firefox or something with some real protection on it.
For example back at home my dad and sister both have their own computers. Both of these computers are constantly just clogged with so much ad/spyware that they are a chore to use. After formatting them both and reinstalling Windows XP I decided to install Firefox for them to use as their browser. It's been several months since then and both computers are FAIRLY free of all malware. There is still some but it is a major improvement.
Anybody on a Windows machine plagued with stuff needs to drop Internet Explorer unless they can manage to avoid going to sites that are notorious for infecting your computer with stuff.
the byproduct of years of oppression by the white man
Where I work, we've been using a Barracuda Networks Spam Firewall. Just out of the box it worked pretty well, but I've been very busy with other projects and never bothered to train it. So... within the past two or three months, more spam has been slipping through. Last week, I finally got a small break from the other projects and decided to spend the week training the system. The first thing I learned was that you want to have at least twice the number of messages marked "not spam" as you do the messages marked "spam". Right about now, I have 3000 marked as "not spam" and about 1400 marked as "spam". The change in the amount of messages being blocked increased dramatically after just a few days of training the system. The system provides a graph displaying the number of messages allowed, blocked, tagged (as possible bulkmail), infected, containing an invalid recipient, or just a high rate of messages from one host. Just looking at the blocked portion of the graph, it appears that training the unit has given me almost a multiple of ten times the number of messages blocked. Add to that, the fact that it appears to be very accurate, and I am one happy camper.
With all of that said, I will also say that from what I've seen of the Barracuda, it's probably about 80% customized Linux and other OSS projects and 20% proprietary code. So, I think you can probably achieve this level of accuracy in your own custom built system using Linux and OSS. The main reason we went with the Barracuda is that I've just been too busy to research building our own custom solution. But... if you have the time, inclination and knowledge, it shouldn't be too hard.
The greatest benefit of bayesian filtering combined with whitelists, RBLs and antivirus (as in the Barracuda) at the network level is that you don't have to worry much about your user's PCs. That, and forcing them to use a web based client make for a pretty decent mail environment.
Un-news
From the MBSA site:
"MBSA Version 1.2 includes a graphical and command line interface that can perform local or remote scans of Windows systems."
So Microsoft releases a GUI tool to remotely scan Windows installations for security vulnerabilities, and yet it includes virtually *no way* to automatically exploit those vulnerabilities to provide a remote login?
Typical of them to rush an inferior product out the door and rely on marketing muscle to sell it over superior third party alternatives.
Pony up and pay the cash, or find another OS!
Microsoft has every right to protect it's OS from pirates. If you steal my car, do I have to pay you for the auto repairs?
(While this may not be entirely the same, but it represents the same idiotic logic)
Why is Microsoft obligated to pay for stolen property?
It really scares me that there are actually people with this screwball attitude; it makes no sense at all.
repeat the following: I am not entitled
I think that Microsoft should leak copies of XP out to P2P networks that are trojaned as well as include scripting that "phones home" if a machine is attempting to update it's ILLEGAL OS.
Pay the price, or shut the hell up.
I can offer confirming evidence of the unprecedented volume of spam. Last summer my spam had reached levels of 6,000 per month. During the fall and winter the spam activity dropped by over 50%, but the respite ended about 60 days ago. I am currently looking at just shy of 9,000 spam messages per month in my inbox. Yikes! Fortunately, I have spambayes... so I only have to touch 5-10 messages in my "possible spam" folder each day. It's not as onerous as it sounds, since I only see about 1 non-spam per week in my possible spam folder, so it only takes a couple of seconds to look for something I recognize and nuke the rest.
Of course, that doesn't do anything about all the bandwidth and server resources that are wasted handling all of that spam.
For personal use, I am still a big fan of Tagged Message Delivery Agent which I use mainly for its challenge-response and auto-whitelisting functionality. I don't get any spam, and this on an email address that has been on a popular public website for years.
Of course, TMDA is probably not what you want to use for a business, but for personal use it is great!
I run an SMTP server which goes through their servers.
Plusnet are doing the right thing, if a customer is spamming, acting as a relay, sending worms, viruses whether it's deliberate or not, they need to be quarantined.
This is a proven technique in medical circles, it works. If whole ISPs are refusing to quarantine abusive customers then the whole ISP needs to be quarantined as well.
Government of the people, by corporate executives, for corporate profits.
I say its time to fight fire with fire. If the owners of these zombie machines don't care that organized crime are using them to spam the planet, will they care if they are hacked for good, not evil, as well? What are the moral implications of doing something along these lines?
planet texture maps and more
With all the Microsoft bashing (regardless of whether or not it is always warranted) how could it be anything BUT a hostile environment for Microsoft supporters? It is common for people to infer that people who use Microsoft products do so because they are computer illiterate and only idiots would use such an insecure piece of software. How is that anything but a hostile environment for Microsoft supporters?
If you're going to mod me down as a Troll, fine. But at least say why you think I'm being a troll. One cannot learn without feedback. And a Karma rating is a very limited form of feedback.
In anycase, how do you properly configure and protect a Windoze box from itself? Because the vectors are born in services that the user demands, email and web browsing, you can't keep them from getting through. What bandaids to Microsoft's design flaws do you use to keep your machines "clean"? Can you really justify that kind of expense and effort for home users? You have to clean up after them periodically anyway, don't you? When it's all said and done, it's easier for the home user do dual boot something like Mepis and blind that M$ junk by removing network drivers.
Friends don't help friends install M$ junk.
1. MS should just force a patch that hunts/kills all worms/trojans, how hard can it be?
2. devious, but make a virus that kills all other trojans and does GOOD STUFF.
3. ISPs should detect bad PCs and just KILL THEIR accounts, and say, fix it or else, we can post you a CD with the fixes, make it a telco/govt/fcc rule.
4. tough, but ban whole countries until the goverment forces the ISPs to patch all of their clients.
5. give it same status as terrorism, and hunt em down with the CIA with a bullet in the head, ie the trojan makers.
Liberty freedom are no1, not dicks in suits.
If people are using statistical likelihood to drop emails, then that's kind of reasonable, as long as real efforts are made to make it statistically unlikely that legitimate email will be dropped. No one statistical element right now can be used to say "This is definitely spam". What annoys me is blanket "rules" that drop emails when you cannot reasonably say that all email (or even 99% of email) that conforms to that rule is spam.
There are still better methods of dealing with spam, such as using different email addresses for different businesses (and using expiring addresses and contact forms for "public" addresses that are published on Usenet, the Web, et al) It's a fact that if we adopted such systems, spam wouldn't exist. But system administrators, frequently the same ones that bitch and moan about how "stupid" everyone else is whenever a virus comes out, seem to be just as dumb as everyone else when it comes to adopting workable, effective, solutions, which is where over-the-top systems like SPEWS come in, and why my (unupgraded) Yahoo account is still receiving a good 50-100 spam messages per day.
Spam is a solvable problem, but the more inane blanket filters are imposed, the less easy it'll be in practice to really solve it.
You are not alone. This is not normal. None of this is normal.
Friends don't help friends install M$ junk.
I've had spam show up at new accounts that were only registered, never used. I've even had spam arrive at an email account that was sent before I even created the account!
Then theare are the moron spammers who send out group addressed emails (the ones with 20-30 variants on spelling anything at all like your name.)
Anti-spam on the client is not the solution.
Sticking there severed heads on pikes outside ISPs would be far more effective and satisfying.
Or the traffic problem could be justifiably claimed as a result of poor engineering by Microsoft, and make Bill & co. responsible for the resulting expenses.
Or we could just make ISP's responsible for disconnecting any customer who has an infected machine connected. When the machine is cleaned, then they could reconnect, not before.
No, I don't care about people who can't afford to take care of their machine, buy hardware firewalls, virus scanners, etc. I don't care that people driving rust buckets can't afford better cars, either -- get the hazard off the public byways!
I do not fail; I succeed at finding out what does not work.
The US FCC makes you not only buy a license for your radio/tv transmitters, but also the operators of such must be highly technically trained and be licensed as well. Since an Internet-connected computer is basically a "transmitter" to the public these days, I think they should require licensing as well, with stiff penalties for any operator who operates them "out of spec" just like radio transmitter operators who are negligent (or malicious). Hell, the Brits even require you to buy a license to operate a television receiver!!! It would be a huge source of revenue for the government to mandate computer and operator licenses. If software publishers were also required to be certified by the government, it would ultimately lead to much better quality software on the market too.
Ad-aware result: 0 Spyware found.
Spybot result: 0 Spyware found.
The last time either of these found anything: Over 5 months ago. Give you a hint, I only switched to Moz 4 months ago.
The last time I ran an update on both: This morning.
Sounds like FUD spreading to me from both sides. Does it take effort to stop? You bet! Of course, I haven't had to put any effort into it for a long time now, but it is really simple to do as long as you use that squishy stuff between your ears.
--- Ãther SPOON!
It's not the monoculture, or sheer volume of Windows boxen out there that facilitate the propagation of malware. It's much more simple than that. Windows is simply the easiest platform for which to write malware that propagates rapidly. That's all. Just like electricity, malware naturally follows the path of least resistance.
If (for example) 80% of PCs run Windows and 80% of spam comes from PCs that run Windows, that's hardly saying anything about Windows, is it.
SMTP server only is not a solution. Trojans can use SMTP servers just like your home user does. If you are going to cut off users who's email use suddenly spikes, why not just use that as a trigger to block the individual's outbound port 25 instead of forcing people to use your SMTP server?
I asked these questions to Cox tech support when they used your proposed solution. The response was that Microsoft and AOL would blacklist all Cox email if they did not. Looks like a job for trust busters to me, but good luck finding it in writing.
Friends don't help friends install M$ junk.
This one of Elle McPherson should wreck havoc on a normal fully patched Windows/IE computer with standard settings. DON'T CLICK THE LINK UNLESS YOU KNOW WHAT YOU ARE DOING!!
If you really must click the link using IE make sure that you have a backup of Windows Media Player or the WMP installer, SpyBot S&D, Hijack This and sundry other tools available to repair the damage.
That clicking on a link can 0wn your computer must have something to do with Windows. PS The link worked 4 days ago and consistenly ruined Windows machines by using a malicious WMP file - sorry if its not still 0wning Windows I don't have a spare one to test it on
ISPs should be scanning mail for viruses.
If a virus is found, it should NOT notify the "sender" (which is forged anyway).
If the virus email is one that is totally virus (i.e. no usefull content), it should be removed completly and not even sent to the user.
If its one that might contain usefull content, the virus file should be removed and then the rest of the mail sent on.
If ISPs (small and large) did this, the cluless n00bs wouldnt get the trojan emails in the first place.
As for trojans that infect through known holes in windows, block off ports used by them (e.g. RPC port, windows network drive ports or whatever other ports the zombie/trojan/worm may use)
These 2 measures, if taken by all ISPs, would stop a large chunk of the windows worms and trojans.
I guess the problems are:
1.what ports do you block and how do you handle the issue of ports that have both legitimate and illegitimate uses?
2.the cost of my 2 ideas (cost for a mailserver virus checker, cost for some tech to actualy do the implementation etc)
and 3.the tendancy of email virus scanners to email a "youve got a virus" mail to the address in the "from" field (more often than not, its the mailbox of an innocent person whos email the worm/trojan found somewhere and used.
Still, if both these things were done, it would be much harder for cluless n00bs (even those who dont patch and who blindly run exe files they get sent) to avoid or at least minimize the risk that a virus will infect their machine.
Two points: (1) the story never mentions Microsoft and (2) it says filters are 90% effective, not ineffective.
:P
As an ISP our biggest OS problem is Linux. Proportionally it causes far more problems than Microsoft. Why? Because Linux users sit around saying "poor MS user" and don't even know they've been hacked. And the majority have been hacked. If you say "Oh, that can't be" then you've just joined the crowd
I have a domain, and route *@mydomain to a "catchall" address. Whenever I post, give email address, etc, I use a unique email address, in the form nospam_companyurl@mydomain. That way, when I get V1Agr.a advertisements going to nospam_microsoftcom@mydomain, I know the msft sold my email addr. I suppose I could make it better by using a hash of the name and a lookup table, but I've cut down on my spam, and identified a few companies that have broken their own TOS in giving it out. I wonder if I can sue them...
Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche
They keep saying that filters are becoming ineffective. Yet, between SpamAssassin and some hand-coded rules on my mail server (primarily the "not addressed to me" rule) and bogofilter and some more hand-coded rules on my client (mainly looking for specific charset encodings and document types), I end up with only half-a-dozen messages or so a day getting past my filters out of several hundred pieces of spam. So far the filters seem highly effective to me, far more effective and less intrusive than the solutions the "spam protection" companies are proposing.
how long would it take for a spamming network to generally remove my email address from their infrastructure, as "a dead email", if I turn it off for a while to let the spam bounce off?
Fine the companies that the spam zombies are advertising.
Give them no avenue of retreat, they can pay up or have the fine removed from their bank holdings.
The % is a bit missleading to the nooblet linux kiddies, that think the problem is the MS OS, instead of butting the blame where it should be, on the writters of the trojans, viruses and those paying them to write the spam bots. (do we blame the gun, bullet, gun maker, or the person that picked it up and pulled the trigger...)
By their continued ranting and bashing, the linux fanatics give a lot of people reason to believe that linux users are writting these trojans and viruses...after all isn't it better to write that type of code on a box that couldnt be harmed by a virus designed to attack MS OS's...
(and yes I do run linux where it is useful, so flame someone else, I just point at the obvious)
karma, hah...
Yes, spam affects me personally. Money I send my ISP is going into fighting spam that should not exist instead of providing me a real service. My ISP, Cox, blocks outbound port 25, and I have to put up with their crummy SMTP server performance after two years of problem free Exim use.
There are plenty of other evil and nasty things Microsoft does, but the cost of this failure is obvious and deserve mention when the problem is stated.
Friends don't help friends install M$ junk.
Use Postfix 2.1 and configure it to use two different smtp daemons on two different ip addresses, one internal and one external. Configure header_checks (and maybe body_checks too) to filter email coming in from the external ip address and discard emails with forged sender addresses purporting to be coming from your own domain(s). Postfix 2.1 allows you to have these filters on the external network interface, but not on the internal one.
See This Postfix HOWTO for more info.
If you don't drop it & rather than just limit it - it WILL be hacked.
It's a bitch that criminals feel they have the right to abuse the system - thus hurting the legit users.
"A lot of people who run their own mail server do it out of convenience."
Exactly - it's a convenience. You want convenience, you pay for it. Just as you would at a hotel that serves breakfast for free. You want Free B&B - you pay a little more. In most cases, you pay a lot more.
If we don't make it expensive to send junk email it will continue its current trend of making the internet a loathsome place.
I think there could be commercial ISPs (NOT COLOCATIONS) that can exempt themselves with an international charter agreement. But still they would not be able to acquire mail server capability from home.
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
"DON'T CLICK THE LINK UNLESS YOU KNOW WHAT YOU ARE DOING!!"
So I clicked on the link. What's supposed to happen? It rendered perfectly in iCab for OS X...
Oh, I get it, none of the pictures of Elle Mcpherson are nude. Dissapointing, perhaps, but not a disaster.
All of those SOHO routers need to be able to do OUTBOUND filtering, too. Duh.
My network has four of those cheap NAT routers; let's not get into that...it's mostly due to upgrading, but they make handy, mindless firewalls in front of the (otherwise) DMZ servers--open the ports for the services offered by the server, leave the rest alone for exploit coverage. Pretty much M$ servers end up behind the DMZ firewalls; also keeps their domain traffic on the high-speed side of the router as the 5 IPs I get with my SOHO service aren't necessarily on the same subnet...wierd.
Only one of the NAT routers has the ability to easily block outbound ports (the Belkin, I think) while all of them can block IPs (forcing a proxy server, I guess?). All of the PCs use this as their default gateway. Very simply block port 25 from machines that shouldn't be sending e-mail. The machiens should use the mail server on the network that does anti-virus and anti-spam checks, and alerts when flooding appears to occur. If the SOHO user doesn't have a mail server, the NAT should allow limiting mail delivery to a specified server, and that server should do the filtering.
Networks (home and office) should have a NAT on it anyway, even if there's only one PC, just to stop the crap the average home user can't figure out. If the $30 is cost prohibitive (why have broadband then...uh, nevermind), drop the free ZoneLabs or similar software firewall in.
Until a better system evolves allowing mail servers to know where it's safe to get mail from, and while it's so simple to create and send e-mail from unwanted or unknown software, just cutting them off should be easy to do. I prefer the NAT manufacturers throw the ability to do that more than I like the idea of my ISP cutting me off.
End the FUD
"Yeah, youve got spyware and trojans, thats why its so slow. I can set you up using somthing other than IE and Outlook, with a basic firewall for free, or its 50$ to clean it and you can keep using this crap all you want. Your choice. And i can guarentee youll need me to do this every month, if not sooner."
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
The golden rule is that you never use an apostrophe to indicate plurals. Ever.
Since there are a few freeware spyware progs running around (that work very well) wouldn't it be possible for the droids at M$ to concoct some sort of Windows Update that would kill spyware and thus eliminate many sources of spam?
I just downloaded some spyware apps on my in-laws PC after they complained about it running VERY slow (and it was). I found well over 130 various spyware goodies running on that thing. Disgusting. It should be punishable by death to create these apps. And considering the in-laws get confused by email, I can't possibly EVER expect them to protect their PC. It shouldn't be this difficult.
Hmmm. Really? The majority of spamdrops throwing traffic my way have proxy ports open on 1080?
Here's an example. Grab the latest copy of WindowsXP, run it without anti-virus software. Why is WindowsXP still vulnerable to the same viruses that Windows95 was?
;). Some exploits are winXP only, some are win95 only.
Actually, you could argue that either way. Windows 95 had no Blaster or Sasser issues. It didn't have any (currently known) issue to mass-infect every PC that runs Win95 just be being online. No, you had to rely on the stupid users to obtain that effect. However, Win2k/XP, all you have to do is turn your computer on and you can enjoy a trojan fest.
Perhaps I'm also arguing security vs. abilties. It's generally (read: most often, most cirumstances, not all) "the more you have, the more exploits that'll surface". It's not like I can take a Win95 box the way I can a 2k/XP box, connect it to a domain, and watch the security policy be applied along with the incredibly nice automated software installation. Win9x/ME is a complete pain in a real networked enviroment.
And at the same time a savior beacuse you don't see patches for it that fix things like Blaster/Sasser. Granted, Win95 isn't really in the limelight at the moment, but hey the point still stands. You could apply the same thing to Mac. To Linux.
Additionaly, I run NO form of anti-virus software or anti-adware/spyware/etc crap on either my home network (2 linux, 3 windows, 1 windows box belonging to the family) or my business network (25 computers, mix of Windows 2k/XP, and Win98SE. (and a 2k server)). Some people call me stupid. If it was much more than just that, I'd install some form of corporate version of an anti-virus, but I believe in an educated userbase when it involves small groups, beacuse even when the person is computer illerate, they actually can think for themselves.. Besides, borderguard firewalls are good things.
Now to address the point where I disagree: "Why is WindowsXP still vulnerable to the same viruses that Windows95 was?".
It's not.
Some viruses are winXP only, some are win95 only. And yes, both types do actually exist
No, security != marketshare, but it's still a massive factor.
"Just another cost of supporting Microsoft, I suppose."
Uh, no--how do trojan attachments and viruses that moron users open have anything at all to do with Microsoft?
I forgot, we needed an article that specifically made sure to say "Windows PCs" in the headline as though it being Windows has anything to do with it. If everyone used Macs today, it would be Macs, and if everyone used Linux, it would be Linux boxes. Uninformed users are uninformed users, and short of Microsoft showing up at your house and forcing you at gunpoint not to open attachments or enable viruses, what do you expect them to do?
"Sufferin' succotash."
We're supposed to be bashing Microsoft in this discussion, not being rational and pointing out that ignorance spans all operating systems (i.e., religions).
Didn't you know these are "Windows PCs," "Microsoft Zombies," and this is "the cost of supporting Microsoft?" Ah, the smell of propaganda in the morning. I fully expect to be modded down for even expressing my opinion. But these kinds of article summaries are full of such spin, it's amazing a lot of the "M$" sheep buy into it.
"Sufferin' succotash."
It also blocks scripts, screensavers, and many other executable formats, by default. This is pure FUD.
The problem has absolutely jack-shit to do with Outlook. It's people not patching or just running random executables they specifically allow into their Inbox.
I know we all spurge on our screens at the chance to bash Microsoft in any way possible, but let's be rational here.
In order for Linux to have the same infection rate as Windows, Linux would have to have the same (or similar) flaws. For example, the same email client installed, by default, upon every Linux machine and that email client would have to run executable content.
No, Mr. Security Expert, it would not. The same e-mail client isn't necessary, all that's necessary is getting enough people to run executables or whatever that exploit something. I'm sorry, but Linux distros aren't without their weekly exploits and buffer overruns either. MPlayer has had executable overflows before. A freaking media player! But you never see that reported on Slashdot, because OSDN has an agenda, and this place is completely biased (and as a result pumps out closed-minded Linux zealots by the pound).
Here's an example. Grab the latest copy of WindowsXP, run it without anti-virus software. Why is WindowsXP still vulnerable to the same viruses that Windows95 was?
Because of backwards-compatible libraries? Think a little.
"Sufferin' succotash."
In Outlook, executable files, scripts, and screensavers are blocked by default.
If you tried deleting everything on your hard drive, you'd get errors from system files that are in use. Windows won't delete them.
In windows, click-to-infect is the norm.
I have a feeling you haven't used a copy of Windows since 1998. Pure FUD.
"Sufferin' succotash."
The problem with front-end client spam filtering is that it does nothing to reduce the backbone traffic volume nor the data volume the email server has to process.
Someone is selling the products. They are illegally using home PC resources via spamnets. I fail to understand why the spammers can't simply be charged with theft, fraud, and locked up accordingly.
Or just shot if they happen to be in a country that permits such penalties. The genepool needs some cleaning...
I do not fail; I succeed at finding out what does not work.
i don't really mind SPAM most of the time, with a few exceptions.
1. why in the **** is my sister getting SPAMs for penis enlargement?
2. no, i don't want to look at jenna's web cam.
and those are about the only ones that annoy me. and those are pretty rare. most of the junk i get is old email newsletters that won't unsubscribe. (walmart sale alert, etc.)
all the stuff is put straight into the spam folder. i check though it daily for anything i want and hit "empty spam". takes me nomore then 2 min. it takes longer for the page to load than it takes me to read the subject lines and delete the junk
upon the advice of my lawyer, i have no sig at this time
Microsoft have spouted a lot of FUD over their anti-piracy initiatives.
Only on Slashdot is it "FUD" for a company to discourage pirates from continuing to use illegal copies of software. Does anyone else find this a little bit of an odd statement?
Anyway, to get vaguely back on topic, it's the second Tuesday of the month, so let's see what the MS patch fairy brings us today. Probably another exploit for those nasty spam trojan people.
Talk about "FUD." I haven't had a new Critical Update in months. But, I don't expect that fact to ever be acknowledged. The false meme that a new patch comes out every week will continue to spread, because this place is a haven for anti-Microsoft zealots, not the pro-Linux community.
"Sufferin' succotash."
I think this demonstrates fairly conclusively
that Windows just isn't ready for Joe
Six Pack, grandman, Aunt Tilly, Newbie,
etc. on the net.
Power users should be much safer of course,
because by definition, they know what they
are doing.
Maybe ISP's could start to provide a discount
for folks who use anything other than Windows
to connect to the internet?
Clearly, you're venting your frustrations over the fact that Microsoft Windows is currently used way, way more than your religion, er operating system known as Linux. Zealots like you turn everything into a penis size debate.
Yes! Because I love it when a patch screws up my system and forces a reinstall!
Cite a single example.
Having automatic update/apply turned on lets me blame MS instead of myself for installing their craptacular patches that eat my registry!
Cite a single example of a patch that will "eat my registry." Oh, I forgot, you're just spewing FUD! That's a term we like around here.
Woohoo!! Go automatic patching!!
First you were bitching because you didn't have time to scan Windows Update, then when your ass was called on your ignorance due to Automatic Updates (which prompts you when you first run XP), now all the sudden patches are magical entities that "eat your registry" and do other vague claims that are never specified.
I've had plenty of Linux "updates" fuck things up. Hell, I've had GNOME crash enough times for me to have to reformat twice. Grow the hell up and spend some time away from Slashdot--it's turned you into a raving, frothing fanboy zealot who lashes out in any way possible to defend the penis size of his religion/operating system.
"Sufferin' succotash."
> trace the cash transfer from you
What a funny world you live in. In mine, cash is anonymous.
After my day IT job I do freelance work at peoples homes. Without fail every single machine I have worked on has some relay program for spam on it. I clean the machines up and tell user how to check things out and keep their machines safe. What usually follows is a blank stare or a polite nod. The average has no clue and needs to be hand guided or automatically protected. Unless this is done I don't see things getting better.
Or, you could just enable Automatic Updates.
Zing! Hooray for anti-"M$" FUD. Wait, didn't Gentoo, GNOME, Debian, GNU, Savannah, and more all get hacked within the last six months? Linux isn't some golden child of security.
Sometimes your security problem is located in front of the keyboard. I know years of conditioning has taught people that everything Microsoft does is evil and flawed, but the late 90s era of frothing Microsoft-bashing is over. It's time to start being more rational about things.
"Sufferin' succotash."
Really? I'd very much like to see you transfer cash anonymously to someone more than a couple hundred miles away. Flights are audited, roads are bottlenecked, trains require ID, there aren't walkways, etc.
Electronic cash transfers are massively monitored. (It's also rather expensive.)
--Dan
Oil changes? Car washes? No.
But if someone steals your car and the faulty brakes you know about result in death or injury to an innocent third party, you probably would be held responsible. Where I live you would, since you are required to maintain a safe care.
I don't care about Microsoft's profits or what happens to pirates, but if Microsoft refuses to fix known product defects just to increase it's bottome line, I think they should be held responsible for the damage caused.
BTW, Microsoft wised up and is going to allow anyone to access the patch.
Was it a trojan that used the java byteverify exploit? If so, then your virus scanner will pick it up, even though Firefox uses Sun's java and is immune to that exploit. As long as the .class files were just in the Firefox cache or Java cache, you weren't really infected, though you would be if you loaded them in an unpatched MSIE.
The study doesn't mention Microsoft once.
Really. It's home PCs. That includes Linux, Macs, OS/2, etc.
I know it's slashdot, but shouldn't you RTFA before you submit the FA?
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
Seriously... all anti-MS FUD aside, I've been running it for years. Seems quite stable. I've yet to get a single piece of spyware or adware.
yes, i'm sure. I keep the process list of the task manager open at all times and periodically check it.
I used to bulls-eye womp-rats in my pants
So if you're a victim of Microsoft's negligence in making systems that can easily be converted to attack zombies, click here to contact that law firm. The most effective victims would be those who run Linux, because they're not subject to Microsoft's EULA. For them, it's a pure negligence issue. A Linux-based ISP or hosting service would be the poster child for such an action. They're being hammered on, they didn't sign any Microsoft EULA, and they're clearly suffering sizable damages due to Microsoft's negligence.
It's time for this to become a major legal issue.
Well, that's the beauty of Windows. You don't even have to be a idiot user no more. You see, an unpatched copy of XP and a high speed internet connection can get you a backdoor trojan faster then dropping the soap down at the local penitentary.
You see, unpatched windows has exploits and all the script kiddies with porn sites know this. The most common viruses now scan computers on an IP range, find a computer prone to an exploit, and open up shop on your computer.
'What you say!' They could do that just as easily on Linux or a mac. Not quite true. OS X and Linux are both based on Unix which is considerably more stable and secure then windows (for oen thing they handle file premissions a lot better and more securly). Most importantly though, primarily where linux is concerned, there are constantly people updating and improving the linux kernel. These are often the same kinds of people who would take advantages of exploits back in high school and are now turning their knack for finding system weaknesses towards a constructive goal. Open source finds bugs faster (or so time seems to be telling us)
Last and not least, yes most people use Windows. Therefore most viruses are constructed for Windows and most computer illiterate users (many of whom don't even know what spyware or the like is) use it too. So there is saftey in obscurity.
But i beleive enough of the blame can be pinned on what a mess security in windows is and someone pointing that out isn't just a tinfoil hat wearing commie shouting witch at the Big Guy.
'Course in longhorn security is giong to be better. And everything is going to be fully integrated. Some how those two have never gone hand in hand. Only time will tell. But for now I prefer the Unix ideom of 'do one thing, do it well.'
(It also reaks less of monopoly then do everything and do it noticably)
The Neo-Bohemian Techno-Socialist
The Article never mentions Microsoft, yet this post mentions Microsoft 3 times.
I know this is an informal forum, but do the editors not at least share some responsiblity in not fabricating stories?
That title should and the post should be edited immediately before Microsoft lawyers wander by, and decide to sue.
Opinions are one thing, the outright fabrication of fact is another.
This "study" is dubious at best IMO. They don't show any details on how they came up with the statistic of 80% spam originating from zombie PCs. They just declare this as if it were factual. While I agree that the percentage of spam coming from hijacked broadband PCs is definitely increasing, I think their figures are not accurate.
Based on my own statistics, which I've begun compiling over the last year, the source of spam and amount has remained fairly consistent. In terms of the number of spam messages, the lion's share of spam continues to originate from APNIC address space (China, Korea, Etc.) -- now whether or not these systems are zombies, I don't know but I am more inclined to believe that they're not. There are spammers who have made arrangements with some ISPs overseas who seem to be able to rotate their source IP in a very large chunk of address space.
I see at least 40% of spam coming from APNIC blocks and other assorted International spam havens. The second largest chunk of spam sources seem to be: Southwest Bell, TDE, SBC and others -- these likely include a combination of zombie PCs and ISP deals.
Now I'd buy the 80% figure IF you cut out the Chinese and Korean sources, and maybe most ISPs these days are now blocking big chunks of class B space in lieu of the signal-to-noise ratio they're generating. Then it makes sense, but this "study" is no "study" - it's more like a press release without any substance.
It doesn't take a rocket scientist to recognize that zombie PCs are becoming more of a force in the spam industry. And why is that? It's because ISPs are starting to blacklist IP space -- it has NOTHING to do with content-based filtering (which I keep saying is a waste of time). So yea, we can expect more DUL PCs to be compromised, but based on my analysis of my own logs, there has not been the radical shift in spam sources that the article implies.
After all, a lot of them give good head.
Mailinator is a great site for disposable e-mail addresses. Whenever i have to sign up for soem or other account i just get them to send my password to averagejoe@mailinator.com
Definatly helps keep your name off of spam lists
The Neo-Bohemian Techno-Socialist
But zombie senders ARE the problem. They don't have to send huge amounts of spam to be effective. As long as there are a large number of machines infected, simple multiplication tells us that there will be a large amount of spam.
The real solution is to change the OS. You shouldn't be able to install programs through one browser click, or if you can, it must be heavily certified by some third party like M$, VeriSign, etc.
Now this won't solve all of our spam problems (governments need to strcitly define spam, and prosecute those that dispurse it), but it will keep John Doe from unwittingly aiding these spammers. I mean, quarantining users or ISPs is overkill and it hurts the wrong people. The reality is that people shouldn't have to fear that clicking a button in their web browser will compromise their systems.
how long would it take for a spamming network to generally remove my email address from their infrastructure, as "a dead email", if I turn it off for a while to let the spam bounce off?
I tried that on-and-off over the years and it's never made even the slightest difference. I used to create temporary e-mail addresses to track the dissemination of mailing lists. I would get flooded, and then turn the e-mail off. I could turn it back on six months later and it would take about ten minutes before I had inbound spam.
Ironically, I believe content-based filtering techniques have contributed to the proliferation of spam and have forced the spammers to abandon the idea of "cleaning" their mailing lists.
So many messages they send are filtered out without giving them any indication the message wasn't delivered that it's simply not practical any more for them to worry about whether or not their messages are properly delivered. They just ramp up the quantity and frequency to compensate.
This is one of the many problems I have with content-based filtering systems. They actually encourage spammers to send out more spam and negate the value of smtp error messages. If you knew that a message accepted for delivery was a relatively safe assumption that it would end up in the user's mailbox, you might have more incentive to clear out bad addresses. In fairness, SMTP servers using RBLs are also using 550 (mailbox unavailable) error messages, which have also forced the spammers to not trust the "user not found" feedback they get. But by far, the biggest problem still seems to be that Spammers have this false sense of security that their messages might be read when mail systems accept their messages and later filter them based on content. In fact, these schemes actually validate the integrity of their mailing lists.
Bzz. Wrong. There are two types of people in the world:
A. Those who want service packs installed
B. Those who have no clue what SP's are, or for some other reason, don't want them.
Among the group that's pirated Windows XP, "A types" already used a keygen, changed their product key to a new, unpredictable value, and installed SP1. Since the SP2 "security" will once again be based on a blacklist of keys (basically, keys posted to the Internet), as far as SP2 is concerned, these people are legal. In the event of people grabbing keygen-generated keys off the Internet instead of running the keygen themselves, they will either obtain the keygen this time, or grab another post-service-pack key off the Internet.
"B types" didn't even install SP1 yet, so it doesn't matter one bit what MS tries to do with SP2. They won't install it anyway, legal or not.
Not only can we blame MS for the rash of Trojans and Worms but now all the spam in my inbox! When will someone get the cahones to sue Microsoft for the amount of lost data, time and money that they have cost us?
I love the term "Microsoft Zombies", it works on so many levels!
Mike, please email me at dan@doxpara.com. I have a working, uber-efficient implementation (I write Internet-scale scanners) and you deserve as much credit for it as I do.
Why don't anti-virus packages use outgoing smtp traffic from unknown programs as an indication of a virus infection? This really should be easy to stop, companies don't because they are making money under the table i suspect.
If 80% of all spam is coming from HACKED PC's, there clearly is criminal hacking charges on a federal and/or international level that could be brought against these guys, at some degree, conspiracy to say the least. I'm pessimistic of the DOJ's "promise" to bring the "top 50" spammers to justice this year. Why isn't that alone fueling the relentless takedowns of these guys while they pursue 15 year old virus writers that don't do much beyond pranks? Just because these zombied pc's are probably 99% home computers and not business computers where dollar amounts of damages can be easily calculated. It seems that's always the playing factor in how much the FBI "cares" about computer crimes.
Yeah, because we all know that remotely exploitable Windows flaws are *exactly* the same as locally exploitable third party linux apps.
Obviously, you're as much a security expert as the parent poster.
This is FUD
So relay your mail from your server through to your ISPs mail server with the SMTP smart host option.
I've seen plenty of other people with the same kinds of problems. Count yourself as 1 in 100 and keep up whatever laborious stuff you do to keep that box from eXPloding.
Friends don't help friends install M$ junk.
"Just another cost of supporting Microsoft, I suppose."
Only because Microsoft is the dominant OS. Linux and MacOS have repeatedly shown themselves to be vulnerable to the same types of attacks. I've personally seen both Sun and Linux boxes at my alma mater hacked.
isn't that the fake news site? The one that makes stuff up or fabricates details to make "news" more interesting?
'd be more inclined to see a system which plugs into the MTA somewhere between RCPT TO and DATA, which performs a basic open proxy scan on the originating MTA (similar to what many EFnet servers are doing ATM,) and if the originating MTA fails the test, mail is refused (preferably with a '550 5.1.1 no such user' error as this may help get you off certain lists) and the originating IP is added to some form of distributed blacklist for X hours (i'd suggest 48... long enough to allow ample time for the machine's owner to find out that they have a virus or spam problem and fix it, not really long enough to cause a major problem.)
So essentially, you're duplicating the open-relay block list (ORBS?).
Don't want to do that. My ISP is notorious for flakey mail servers. The truth is that I have better uptime on my crappy Pentium-133/UPS combo than my ISP.
How about we just leave things as they are, and get the sender address verification text record thingy working. I've got a domain, and it's all set up. One mail server is all I have, and any mail that spoofs my domain should just be dumped at the mail routers.
No need to resort to blacklisting all people with a certain type of service, just to get the bad people. Our justice system is predicated upon a presumption of innocence. Our anti-spam system probably should be too, particularly since we have a better technical solution.
The only thing about my line that indicates that it's DSL is the IP address. Everything else about it is exactly as if I had my own T1 to my house. Don't discriminate against me unfairly!
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
Congratulations, you've re-invented the CBL.
I'm semi-happy to have "from a dynamic IP" as a factor in blocking,
I'd settle for an improved public key augmented SMTP exchange like ... Here's my certificate; digitally signed by Authorities You Might Trust To Various Levels
>>> EHLO spam-candidate.aol.com
250-bigserver.com Hello spam-candidate.aol.com [123.456.789.012], pleased to meet you
HELO
No?
BOUNCE.
"Provided by the management for your protection."
Shouldn't MS be charged for all the network pollution (excess traffic, spam countermeasures, wasted time) and damage (trojans, worms) it causes to the internet community?
After all MS does have the ressources (read: money) to fix all these bugs that are causing us headache daily. They could so so in reasonable time by simply moving to sane testing and developement practices. Most of these bugs that pop up weekly appear to be very stupid programming mistakes. There are various fairly simple methods to generally avoid buffer overflows (or at least make them unexploitable) known for years. What is the excuse at MS to not implement them?
Why can I be held responsible (at least in my country) when my machine is turned into a spam-distributing zombie by some worm without me even noticing while MS gets away with not applying even the lowest common denominator of sane programming practices - over years?
Look, is this any surprise at all when approximately 80% of home computers out there run Windows?
The MS bashing in this thread is ridiculous. Even if you run Windows, you could be running Thunderbird, Eudora, Pegasus, Phoenix, M2, the list goes on, instead of Outlook/Outlook Express. It's not the OS's fault or the mail clients fault, it's the users fault and most dumb people use Windows or Macs because everything else is too difficult. Keeping Windows secure is comparatively easy compared to other Operating Systems, just let Auto-Update take care of it and you don't even notice the patches happen if you don't want to notice them.
I'm quite sure that Windows 2000/XP has become one of the easiest to patch operating systems. It is also fast on route to becoming one of the most secure operating systems for the desktop, and this is controversial, but with the number of holes that have been discovered, made massively public and fixed quickly make it likely to be more secure than other Operating Systems. If every Windows machine suddenly booted up with a different OS one morning, I'm sure that OS would have to go through the same level of patches as Windows has had to go through. Whether those patches would be released quicker or slower than with Windows is impossible to say, but I can say pretty safely that they would not be installed as soon after release on those other OSes as they would be on Windows.
Microsoft has managed to build security and a smooth simple patching system out of the fact that it is the dominant OS for desktops and gets targeted a lot by crackers. I doubt other operating systems would stand up to the same onslaught and keep up with patches (both on the developer side and the user side), especially since they tend not to even have automatic updates.
One last point: It's very easy to say that "open source is more secure", actually it's not necessarilly true. Open source projects (like the kind I work on) tend to have bugs that people searching for exploits can find, but the original programmers do not even look at. Sections of code such as a method that has always worked fine could be an exploitable flaw, but that method would never be studied by the developers until it has been exploited and had attention drawn to it, just like in closed-source. Companies that sell closed source software often also have QA teams who's JOB involves looking at those lesser used functions for security flaws, these guys get paid and their whole employment revolves around checking for holes, but even they miss them. I don't see what the argument is for Open Source software being any less full of holes than closed source software, when open source software groups usually don't even employ those kind of people. Sure with OSS, the bugs are fixed quickly by the whole community, but does that mean the users apply the patches any quicker, or that there are less bugs in the first place? I don't think so.
Microsoft should stop building useless "execute every executable code" features in Windows and Office (the main culpits). They should acknowledge the fact that their older products are hideaousky insecure, and should act to make those products more secure. Microsoft should also take steps to provide update CD's for free to anyone who runs windows... illegal version or not.
Vendors of computer systems should start to sell you a completely patched, up to date system instead of a system loaded with a bare (thus very vulnerable) Windows XP on it. Microsoft should encourage the vendors to do so.
Users should educate themselves, or be educated. I am against governement interference, but this is one of the few cases where I am in favor of legislation requiring a mandatory computer driver's license, given the fact that computers are a part of almost everyone's life nowadays.
Another observation, of the hosts I've spotted that were bounced by the SBL, I've rarely been able to scan them for open proxies. No ports open, nothing. Could be the firewall, or, is it possible that the viren only accept connections from a specific range of address space?
If the source of 80% of spam is infected PCs could a method of OS finger printing (ala nmap) not be used to identify the offending PC as 95/98/XP and either flag (with an X header) or reject the mail? A test of the source address would do. It's not perfect and firewalls etc would make it a tad unreliable but if you mix this with other tools like spamassassin it just might work.
Just an idea...
Paul
Compare email to snail mail for a moment. We have legal rights to prevent junk mail from arriving at our doorstep. The problem with email? It began as something TOO open, completely unregulated, and basically flawed - a house address is far more complicated than an email address. Additionally, it costs money to send junk mail, while email is free. There is no way to charge for email in an effort to prevent spammers because they can just as easily set up their own email server in their basement! Spam has to be stopped by setting an example of the people who create it, and additionally, educating users on the internet on what to click and what not to. There are an awful lot of stupid people (READ: AOL USERS) on the internet...
I'd use Linux instead, but I just found out that its 10 times more expensive than Windows.
It's not just the common names that get blasted out at random. A while back I started seeing spam hiiting on random three-letter combinations-- presumably initials. But lately I've seen large blocks of *four* letter combos.
At work, we're wrapping up a 30 day trial of a Barracuda. Besides the money we're spending on the system and maintenance, I spend a half hour to an hour each day labeling mail as "spam" or "not spam" (or deciding to ignore it), checking on quarantined email, etc. And it's still better than the situation we had. Meanwhile at home, my hand-rolled deliver filter catches about 80% of the 500 to 1000 messages a day I get there.
It's mind-boggling to me that nobody at a governmental level takes this stuff seriously. It's costing everyone, and seriously cutting into productivity at every company that takes email seriously, not just ISPs.
Spam costs the USA billions of dollars last year (I have no idea of the impact other places, feel free to point to a source or drop some numbers). Obviously that diminished the quality of a lot of lives; I'd bet that you could trace deaths to it as well.
I've proposed the "spammer on a stick" approach for quite some time. I don't think it should be pikes outside an ISP, though. Treat them as the economic terrorists they are, and put their heads on poles of the White House (or replace with your country's main building name) fence.
I'd also be OK with licensing spam hunters. I'd be tempted to apply, myself.
Yeah, 'cause we all know that going in and hacking a server is *identical* to a remotely exploitable windows box.
Yeah, you sure know what you're talking about.
This is a widespread misconception, akin to saying that if everyone drove Volvos, just as many people would die in traffic accidents as they do now. Millions of Americans have purchased large SUVs that tend to roll over three times more frequently than other automobiles. Volvos, on the other hand, are built with safety as a primary goal.
By the same token, would you expect an OpenBSD server to have the same level of default security protection as a Windows 2000 server? OpenBSD is built with the primary intention of being the world's most secure OS. Nowhere on the Windows 2000 product page do we see anything at all relating to security.
You can't assign positive characteristics to an OS on one hand (Windows XP doesn't crash as often as Windows 98) and then dismiss negative comparisons (Windows is less secure by default than Mac OS X or Linux).
Blame users all you want, but there are millions of uninformed Mac users out there. Believe it or not, in spite of their uninformed nature, they don't have to deal with anything like the litany of security and stability issues that confront Windows users.
It's hard to believe when you've been struggling with Windows for years and have grown accustomed to it, but while Linux and Macintosh aren't immune to security problems, the trojan horses and viruses that plague Windows users are a direct result of Microsoft's development philosophy, which emphasizes market dominance over quality.
Read the EFF's Fair Use FAQ
I think that depends on whether or not you use the Viagra.
--- A man with a briefcase can steal more money, than any man with a gun. [Don Henley]
Microsoft's market-share on desktops is, to say the least, dominant. That market-share comes with a both a sizeable income and a big responsibility. Responsibility to both users and investors.
I believe Microsoft should do more to protect "our" investment. Whether or not linux, OSX, BSD, Solaris, OS400, PalmOS, etc. are secure and stable isn't Microsoft's concern. That's a subject for a different thread.
What is important is that *most* desktops suffer from security problems. Microsoft is in the best position to fix those problems. I'm not saying any other groups of individuals (Open Source, Apple, IBM, Sun, etc.) could do better. I'm saying that Microsoft must do better than they are currently.
Waiting around for Longhorn as a response to the threats we face today seems a little silly.
.
i am snow. fear me.
You're missing the point. Those eight links all go to pages that have content specifically oriented toward helping the user apply security patches or otherwise deal with the inherent security weaknesses of Microsoft products.
That's vastly different from the primary product page, which is intended to tell customers what they're going to get when they buy a product. Microsoft doesn't make any security claims on the Windows 2000 or Windows 2003 product pages, while the Open BSD and Mac OS X pages specifically discuss how important security is to the foundation of the OS. Microsoft doesn't make security claims because they know they're vulnerable in this area, and because in spite of their new "focus on security" they are still far more interested in milking their primary cash cow than in making it more secure.
Read the EFF's Fair Use FAQ
I thought 71% of all spam was coming from servers in China? Now 80% is coming from infected Windows PCs? Those numbers don't add up. Oh, wait...or is that most spam is coming from infected Windows PCs in China? Hmmm...maybe I should actually read the article.
The Klez virus infected PC's via a MIME exploit in Outlook Express 5.x. Just clicking on the e-mail would infect the computer. It wasn't even necessary to open the attachment.
I am on Windows.
I get plenty of NetSky infected emails.
Emailed malware does not concern me as I use my own program to check my email.
Rendering malware inert by treating it as a 'text file' is sweet revenge against the crackers/pranksters/spammers.
If Linux or Macs were in the majority, they'd be under attack just like Windows is now.
If Microsoft shipped 5000+ packages with every version of MS-Windows and supported them, they'd have at least an order of magnitude more advisories.
Mandrake Linux 10.0 ships with 7460 packages, from 3ddesktop-0.2.5 to zziplib0-static-devel-0.12.82 inclusive, including such non-trivia as the OpenOffice and KOffice suites, a dozen web browsers, who knows how many email clients, IRC and instant messaging clients by the bucketful (and servers for all of the above), several DNSes, FTP servers and all manner of dangerous internet-exposed and user-exposed applications. Try limiting your advisories to Mandrake alone and see what happens to your stats. Think of it as eliminating dupes.
Next, have a look at what is being reported. On one hand we have the Code Reds and MSBlasts of the world - rolling worldwide disasters - on the other hand we have lots of things like possible local privesc exploits. Nothing compares, baby...
Now before any other chucklehead brings up the "but MS-Windows is more common" furphy, consider that about 2/3 of all webservers, 4/5 of all email servers and 3/4 of all name servers are Open Source. We're talking constant Internet exposure here, not Joe Random Dialup. If the popularity argument had anything going for it, we should be seeing over twice as many CodeReddishes for Apache as for IIS, and it ain't so. It really, really ain't so.
Overly Critical Guy, my ass. Not Critical Enough Guy would be more like it.
Got time? Spend some of it coding or testing
Is when people counter the "I don't use Linux because I'm not that adept concerning computers." argument with "well it wouldn't kill you to learn more about your computer."
This is true, but I am a Windows user for a long time now (still run Linux on my server) and I haven't had a computer virus in AGES (at LEAST 6-7 years).
Because I have a firewall, I don't use IE or Outlook, and I keep stuff patched.
The point? If you learn more about your computer you can make Windows alot safer. and I guarantee you it wont take as much learning/suffering as it takes to get started in Linux on the desktop. Not to mention patching my Windows machine is as simple as running windows update....my linux server? Well, depending on what were talking about it could be as simple as downloading an RPM or, and this is the fun part, updating something from source....either way its nowhere near as easy as updating Windows....hopefully someday it will be!
"The saddest words of mice and men, are not those which were, but should have been."
If someone wrote a virus, that really exploited ALL PCS badly to steal everyones money instead of just spam, then you'll see massive global class action lawsuits that would KILL MS or force it to refund everyones stolen money. Imagine of virus's stole 1000 billion dollars, the government will take notice, or if virus's shutdown hospitals causing 1000's of dead patients. MS has a responsibility to make sure it has NEW XP install CDS with everything patched (stupid assholes), they cant expect users to spend 12 hrs downloading patches when they turn on their pc, by then its too late.
ISPs should also to 'find and flag/block' port scanning virus on those dodgy ports that have the exploits and to also BLOCK those dodgy websites that seed them out and all the spywear sites, I WOULD.
Come on someone, write a virus that patches all crap windows installs and attacks the spammers businesses. That is our KILLER APP.
Cant be that hard. Just release it from a safe netcafe in eastern europe.
Liberty freedom are no1, not dicks in suits.
really, it's not.
+&x
But what would really be useful is a sort of personal packet sniffer built into firewall software.
Yes, I know the following is not technically a packet-sniffer ... Anyway, this would offer a behavior-based analysis of outgoing traffic looking for the tell-tale signs of spam broadcasting. The software would block the outgoing broadcast until the user either approved or stopped it entirely.
With virus software increasingly embedded with firewalls, it would be a trivial task to offer a suggestion on the cause of the unauthorized broadcast and to suggest a fix.
This behavior-based system would allow diagnosis and treatment even if a virus definition update had not been developed yet.
Steve Gibson launched a 1-man crusade against MS when they released Win2K+ with the IP_HDRINCL socket option, which gave programs (run by Administrator) access to the IP header. This allows rogue software to impersonate any other hosts and, as Gibson predicts, would lead to a wave of zombies that would destroy the Internet. He was largely dismissed as "Chicken Little" since the new wave of DDOS attacks (apparently) never materialized. Does this use of IP spoofing mean he was right?