Slashdot Mirror
Infected Windows PCs Now Source Of 80% Of Spam
twitter writes "The Register is reporting a study by Sandvine.com that blames Microsoft Zombies for 80% of all spam. The study goes on to claim that 90% filtering is not effective given the unprecedented volume and that sophisticated trojans are able to drop spam directly on end user's computers despite current efforts. Just another cost of supporting Microsoft, I suppose."
Microsoft Windows is on 80% of desktops or thereabouts. Microsoft Windows is responsible for 80% of spam. Seems fairly obvious to me.
Was this really actually a surprise to anyone or was this just confirming the obvious?
Hmmm.
I get 4 or 5 NetSky infected e-mails every day. I wish people would quit using Windows. It's unsanitary. Kinda like using used needles for shooting up.
Windows users: Please learn Linux or buy a Mac. Thanks.
If computers are going to be a tool used by anybody, I think along with securing OS's real user education must be encouraged.
Today you have to have a license to drive so why not learn how to play safe if your PC is connected to a public network.
Microsoft needs to offer an update solution that doesn't require checking if the system is legal first. Not letting people patch isn't motivation for somebody to spend hundreds on software they already have, but blatant disregard of the infastructure of the internet as a whole. They allow these machines to stay online and keep the spam flowing.
Steal This Sig
Yes, linux can be more secure than Windows, but the fact is that over 90% of these zombie PCs could have prevented infection by simply having (a) their firewalls enabled and/or (b) having intelligent users. By default, most linux distros don't come with firewalls enabled either (at least, the last time I checked; I think it's becoming more common for firewalling to be enabled though, as with XP SP2) and as for (b), well, we'll always have stupid users.
Ah, never mind. It's just a way to complain about absolutely anything Microsoft does. If Microsoft discovered a cure for cancer and gave it away free, some /. reader would complain because all the pill bottles have the MS name on them, giving them a cure-for-cancer monopoly.
How is that conclusion tied to the release of SP2?
:-S
The release of Windows XP SP2 will make illegal copies spread more spam?
When XP Bug patch 2 comes out, this suituation will only get worse
No, it'll just fail to get much better. There's no way a bug patch can make it worse...
Come on MS, prove me wrong! I dare you!
Karma: Segmentation fault (tried to dereference a null post)
No, the pirates have a blatant disregard of the infrastructure by keeping running insecure, unpatched software. Microsoft should not be held responsible for pirates who illegally run unlicensed software.
If somebody is naive enough to allow their PC to be used as a zombie, I can't really see them rushing out and installing service pack 2. MS should introduce some commercials or something to tell Joe Average that he should patch his windows.
The problem is that previously everyone (legal or not) _could_ update their PC. Obviously not everyone did so, which is why the vulnerable machines are still out there.
Now that a significant number of machines can't be patched you can expect the percentage of vulnerable machines to increase. This will inevitably increase the load borne by all the legitimate machines. As time goes on and more vulnerabilities are announced it will get worse, since almost all illegal PCs will be ripe for Zombie-hood.
I can see why Microsoft would want to prevent illegal machines from getting "functionality" upgrades, but it makes no sense at all to prevent them from getting security upgrades. Zombie PCs hurt Microsoft's legitimate paying customers.
Well, I tend to agree in some ways an disagree in some. If the problems with Windows security holes and such would only affect the computer in question then I would be all for not allowing the updates to be loaded on a pirated machine but with the current system the legimate users of Windows (and other internet users as well) suffer from the neglicence of the users of pirated software. It doesn't only limit to spam, but also network worms which can be a nuisance with the amount of network traffic they create. I think Microsoft would do a favor to all of the internet with allowing patches to be applied to non-licenses (pirated) versions of Windows.
<bad-analogy> I would compare it to stolen cars. For example, if a car would have a really really serious design flaw that would make it blow up during rush hour taking along with two blocks, would you want the car manufacturer to fix the car even though it was stolen? </bad-analogy>
Nope, the software pirates allow the machines to stay online. Microsoft should make a deal with all software vendors to require them to put in code that checks to make sure all the latest updates are applied to the Windows box before you're allowed to install the software. Make the pirates cry in their beer over their stolen copy. If you're too fscking cheap to buy it legitimately then go use a free operating system! Microsoft has just as much right to profit as anyone else does.
"90% of all statistics are invented."
This should have been moderated "Funny".
My other machine is a lever.
Spam is annoying and all, but how about teaching them to read first.
Many ISP's don't allow you to run a mail "server".
But you're talking about blocking _outbound_ STMP traffic. That has nothing to do with servers.
Outbound SMTP traffic can be generated by any mail server that only listens on internal interfaces, or directly by your favorite mail client.
What you're talking about is breaking the Internet even more than it already is now, turning it into a big client-server network where the servers are operated by the big media companies.
It is also, coincidentally, the lazy sysadmin approach.
Don't do it, don't go blocking big swipes of IP just because some of them do something wrong.
Be smarter, find a way to only block those that do something wrong!
- Erwin
Just another cost of supporting Microsoft, I suppose.
Just another cost of supporting users who install the software. Most of these hijacked Windows boxes are a result of a user wanting to see Britney Spears naked.
CLICK HERE--ALL NEW PICTURES OF BRITNEY SPEARS NAKED
This has nothing to do with Windows security other than running an ignorant user as an administrator.
Why? Did it get worse when SP1 came out? That didn't install on pirated keys either.
It's only the service packs that won't install. Users can still install individual updates, these are still presented by WindowsUpdate and they are still downloaded by the automatic update service. In fact the automatic update service will never download a service pack, just individual security patches.
To further the bad analogy, if a car has faults which make it dangerous to the occupants or third parties, then the police (at least here in the UK) have the power to prevent it being driven until the safety issues are addressed. Similarly any system, whether running legal or pirated software, which has these 'safety' problems should have its internet access privileges removed/revoked until the security holes are fixed.
Step Two: Follow the money.
Step Three: Follow the money.
Step Four: Take a wild guess.
I'm just going to keep on saying this, year after year, as it becomes more and more clear that those engaging in spam are operating outrageously criminal enterprises: If you want to stop spam, FOLLOW THE MONEY.
Find some Viagra spam. Buy some Viagra. Trace the shipment to you, trace the cash transfer from you, arrest. It's not that hard. It's just not very geeky. People, there's no magic technical solution to this -- there's increasingly illegal stunts being pulled, and the only people out there with the IP-layer mechanisms for tracing the attackers really can't afford to release that data as it would compromise rather more important investigations. But -- we've got a very mature infrastructure for tracing financial and mail fraud. We just need the political will to use it against Spam.
It's just not that hard.
--Dan
The issue is user education. At least 90% of these exploits are published by Microsoft as resolutions and THEN the scum-sucking-basterds (Yes I do mean you) start using them. I am as educated as any of the linux users out there (I run red hat on a box at home), but I run majorly windows. I have never had a virus or had one of my pcs hijacked in the 24 years I have been doing computers, except for a mac on os 7.1.
The virus writers go for the economy of scale. Mac OS X would be targeted by virus writers more if it was more widely distrubuted. Many of the people I know that use it, have OS X because it is easy and they didn't have to do anything to set it up. Can we say ripe for viruses? Let us start seeing some real statistical indicators. Like Original Virii counts to OS instances ratio.
In God we trust, all others require data.
Since this study was published, whenever I receive spam that (according to the Received: headers) appears to have been sent via a broadband IP address, I refer to it in my spam complaints to ISP's. I also suggest closing outgoing port 25 per default, and only opening it for customers who explicitly indicate wanting to run a mail server.
I keep a text file with this message for easy pasting into the spam complaint.
That argument is based upon the assumption that security == marketshare.
Security is not the same as marketshare.
The vast majority of zombies were infected via Outlook's ability to run executables from email.
In order for Linux to have the same infection rate as Windows, Linux would have to have the same (or similar) flaws. For example, the same email client installed, by default, upon every Linux machine and that email client would have to run executable content.
Windows was designed with "user-friendly" being far more important than security. So important that security would be compromised in order for a feature to be "user-friendly". That is why there are so many problems on Windows machines.
Here's an example. Grab the latest copy of WindowsXP, run it without anti-virus software. Why is WindowsXP still vulnerable to the same viruses that Windows95 was?
``When XP Bug patch 2 comes out, this suituation will only get worse, since ppl can't patch their dodgy ( illegal) copy of XP.''
That won't make it worse - the situation for those user's who can't or won't install SP2 will stay exactly the same as before. Those who do install it will improve. So, it will make life not worse, but better.
It would be interesting if a critical vulnerability were dicscovered that pretty much stops the system from functioning (like Blaster). If only those with licensed installations can get the fix, the rest might realize that you don't get a good OS for free by pirating Windows. Something, though, tells me that Microsoft will make critical fixes available to anyone, though.
Please correct me if I got my facts wrong.
But the fact is that it's the *majority* of Windows users, without a clue about the mechanics of their PCs and the Internet that create the problems for those of us who take the time to understand how IP networks & OSes work - whether that's Windows, Linux, UNIX, OS X, etc. etc.
Now is the time for ISPs to start coming down hard on their subscribers and not handing out Internet access to people until they have proven a degree of computer proficiency first - even to have to present a "License to use a computer on the public Intenet". I'm sure ISPs could make some money out of providing training for those licenses also.
I am tired of hearing the same old Windows v Linux arguments - they're *irrelevant* in this case, it's just about the people who don't know what they're doing (yes, 99.9% of them do use Windows) making it bad for those of that do know what we are doing.
The only defence Linux has is that Joe Bloke users who just want to play games and check email have no reason to not use the OS that came with their PC, namely Windows. Those of us that do use Linux do so out of choice and have gone through a high learning curve while using it - therefore, the average Linux user probably knows a lot more about how OSes & networks function than the average Windows user.
Gentoo Linux - another day, another USE flag.
Latest word from Redmond is that SP2 will follow a similar rule, except that installations using one of 20 corporate keys will be blocked.
If you used a keygen, SP2 will probably install with no problem. Microsoft have spouted a lot of FUD over their anti-piracy initiatives. For instance, Windows Update shouldn't work unless you are using a legitimately issued key on the MS database, but it obviously does.
To get back vaguely on topic, what SP2 will do to prevent spam is to (a) install a better firewall and turn it on by default and (b) turn on automatic updating. This should protect the most clueless users, but I suspect most of them were using legit copies anyway.
Anyway, to get vaguely back on topic, it's the second Tuesday of the month, so let's see what the MS patch fairy brings us today. Probably another exploit for those nasty spam trojan people.
When I am king, you will be first against the wall.
Dell's customers have the expectation that they would get a properly set up computer when they paid their money. If Dell use a dodgy software supplier with lots of known problems and a legal record as long as your arm, isn;t Dell the place to put the blame?
A pizza of radius z and thickness a has a volume of pi z z a
Not if they received the pirated copy on the computer they bought from Fast Eddy's Discount Computer Emporium.
Mea navis aericumbens anguillis abundat
Why not use SPF? check my weblog for some details as to why this is a much better idea then blacklists or some of the other solutions being proposed.
Did I miss the actual study with actual data? I only saw the one page executive report.
Pretty flimsy but probably true.
Keep the Classic Slashdot.
Anyone else see this out there?
Yes, the majority of inexpert computer owners I'v run into for the last few months have been wondering why their machines are running slow, showing lots of pop-ups and dialing premium rate or international numbers on their own. Small companys as well as home users.
I'v given up trying to educate people. They won't switch from IE and outlook. I don't want to get into a discussion about who used the
family computer to look at a porn site. They lack the basic understanding of what the computer is doing required to make a decision when personal firewall software asks if a connection should be allowed.
Microsoft has just as much right to profit as anyone else does.
Which is to say, none.
Microsoft should make a deal with all software vendors to require them to put in code that checks to make sure all the latest updates are applied to the Windows box before you're allowed to install the software.
That seems like a very unwieldy solution to me. Wouldn't it be simpler for Microsoft to fixtheir system, rather than have every other software vendor on the planet work around the problems with Microsoft software?
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
I use windows and I get 1 or 2 spam per week. It's called "being smart with your email addresses". I'm not sure what is wrong with you people who get overloaded. Open Source in any form won't protect you if you aren't careful with your email addresses.
Thanks for the lack of insight. As I'm sure you're aware, a lot of personal mail goes via work accounts, so it *is* a problem. Arrogantly calling AOL users clueless doesn't help anything either. I'm dealing with guys who like cars here, not computer geeks. When the average computer tool can build a 10 second car, I'll start worrying about car guys getting their IT clues sorted out.
Forget thrust, drag, lift and weight. Airplanes fly because of money.
The mail program ask you where to save it.
In windows, click-to-infect is the norm.
I'm not sure what is wrong with you people who get overloaded.
You can register a new domain, and it will start getting spam within a week to common names such as "bob@, sally@, john@, etc.". Not all spam is because someone actually has a verified address, but because it is a common name used. We get tons of spam hit our mail server that is addressed to people that have never had an account on our domain, but is instead a common name.
Also, I just started getting spam on one biz account because I had been helping a customer, and it appears they got infected, and since I was in their address book, I got hit with them.
Yes, plenty of people are stupid enough to sign up for every newsletter on the web, but blaming someone with a common email name (or inferring that they are stupid, as you did in your post) who DIDN'T sign up for anything, isn't solving anything or adding to the conversation.
Tequila: It's not just for breakfast anymore!
Microsoft can not make life too difficult for the people running unauthorized copies. If they make it impossible to run pirated Windows, there will be mass migrations to Linux, causing mass acceptance of it and an avalanche of legit Windows users and developers switching as well.
This is a difficult choice for Microsoft. They lose either way, and can only think about minimizing the losses.
Then really why do I have an email addy in the first place?
Yeah and my friends of the female persuasion can't help but put my email addy on all of those greeting card sites. I had one put my email addy to my cell phone on one of those sites once and I went nuts. 5 cents/email if I go over my limit....I was gonna have to turn my service off.
Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
Go to the mozilla.org site and post a defect. I'm sure the folks there want to fix that one!
Ad-aware result: 0 Spyware found.
Spybot result: 0 Spyware found.
The last time either of these found anything: Over 5 months ago. Give you a hint, I only switched to Moz 4 months ago.
The last time I ran an update on both: This morning.
Sounds like FUD spreading to me from both sides. Does it take effort to stop? You bet! Of course, I haven't had to put any effort into it for a long time now, but it is really simple to do as long as you use that squishy stuff between your ears.
--- Ãther SPOON!
If (for example) 80% of PCs run Windows and 80% of spam comes from PCs that run Windows, that's hardly saying anything about Windows, is it.
Yes, spam affects me personally. Money I send my ISP is going into fighting spam that should not exist instead of providing me a real service. My ISP, Cox, blocks outbound port 25, and I have to put up with their crummy SMTP server performance after two years of problem free Exim use.
There are plenty of other evil and nasty things Microsoft does, but the cost of this failure is obvious and deserve mention when the problem is stated.
Friends don't help friends install M$ junk.
That works until >99% of your email is spam. I retired an account I've had for over 8 years because of this. You get so much spam that the real messages get lost. Crank up the spam filter levels and the real messages get blocked. 8 years ago, that email address was all over the place including DNS registrations because there WAS no spam - you didn't have to be careful. At this point, it's in every spammers database to the tune of over 10,000 spams per day. Sure, an occasional mosquito bite is annoying, but getting swarmed by thousands is a whole different ballgame.
But this ignores the real issue. Spam is so bad and getting worse at such a fast pace, that servers are dying under the load. ISP's and businesses are installing really bad filters that do more damage than good, blocking lots of legit mail. A couple years from now and you can kiss email goodbye as it won't be functional. The current laws on the books are pathetically weak, the proposals to help (SPF, domainkeys, etc.) are insufficiant (no critical mass, basic design flaws, etc.) and quite clearly filtering can only catch so much before the false positives kick in. About the only thing that really works is challenge / response systems (and I HATE those.)
In addition, protocol enhancements (hashcash) or replacements are 5 - 10 years off due to deployment / critical mass issues.
Nope, I'll stick with my 2 year forcast of the death of email as a viable communications tool.
"Just another cost of supporting Microsoft, I suppose."
Uh, no--how do trojan attachments and viruses that moron users open have anything at all to do with Microsoft?
I forgot, we needed an article that specifically made sure to say "Windows PCs" in the headline as though it being Windows has anything to do with it. If everyone used Macs today, it would be Macs, and if everyone used Linux, it would be Linux boxes. Uninformed users are uninformed users, and short of Microsoft showing up at your house and forcing you at gunpoint not to open attachments or enable viruses, what do you expect them to do?
"Sufferin' succotash."
It also blocks scripts, screensavers, and many other executable formats, by default. This is pure FUD.
The problem has absolutely jack-shit to do with Outlook. It's people not patching or just running random executables they specifically allow into their Inbox.
I know we all spurge on our screens at the chance to bash Microsoft in any way possible, but let's be rational here.
In order for Linux to have the same infection rate as Windows, Linux would have to have the same (or similar) flaws. For example, the same email client installed, by default, upon every Linux machine and that email client would have to run executable content.
No, Mr. Security Expert, it would not. The same e-mail client isn't necessary, all that's necessary is getting enough people to run executables or whatever that exploit something. I'm sorry, but Linux distros aren't without their weekly exploits and buffer overruns either. MPlayer has had executable overflows before. A freaking media player! But you never see that reported on Slashdot, because OSDN has an agenda, and this place is completely biased (and as a result pumps out closed-minded Linux zealots by the pound).
Here's an example. Grab the latest copy of WindowsXP, run it without anti-virus software. Why is WindowsXP still vulnerable to the same viruses that Windows95 was?
Because of backwards-compatible libraries? Think a little.
"Sufferin' succotash."
Well, that's the beauty of Windows. You don't even have to be a idiot user no more. You see, an unpatched copy of XP and a high speed internet connection can get you a backdoor trojan faster then dropping the soap down at the local penitentary.
You see, unpatched windows has exploits and all the script kiddies with porn sites know this. The most common viruses now scan computers on an IP range, find a computer prone to an exploit, and open up shop on your computer.
'What you say!' They could do that just as easily on Linux or a mac. Not quite true. OS X and Linux are both based on Unix which is considerably more stable and secure then windows (for oen thing they handle file premissions a lot better and more securly). Most importantly though, primarily where linux is concerned, there are constantly people updating and improving the linux kernel. These are often the same kinds of people who would take advantages of exploits back in high school and are now turning their knack for finding system weaknesses towards a constructive goal. Open source finds bugs faster (or so time seems to be telling us)
Last and not least, yes most people use Windows. Therefore most viruses are constructed for Windows and most computer illiterate users (many of whom don't even know what spyware or the like is) use it too. So there is saftey in obscurity.
But i beleive enough of the blame can be pinned on what a mess security in windows is and someone pointing that out isn't just a tinfoil hat wearing commie shouting witch at the Big Guy.
'Course in longhorn security is giong to be better. And everything is going to be fully integrated. Some how those two have never gone hand in hand. Only time will tell. But for now I prefer the Unix ideom of 'do one thing, do it well.'
(It also reaks less of monopoly then do everything and do it noticably)
The Neo-Bohemian Techno-Socialist
Anyway the discussion drifted towards whether ISPs should be more proactive in blocking customers who are open relays (usually through viruses). Unfortunately this leads certain ISPs to decide to run a blanket block on port 25, which is a real pain in the ass for those of us who *want* to run our own mailservers, and I'm sure many of us here do.
So, why don't ISPs take a more proactive role in "helping" their customers to realise they've been hacked - I'd suggest a captive portal for hacked machines, kinda like some organizations have for Wi-Fi. i.e. you type any web address and the browser will always show the captive portal page. If ISPs were to use this for hacked/virally infected customers there could be a nice little button at the bottom to say "I've fixed it". Then their net access would be automatically re-opened.
Of course, there are few issues to work out, such as you'd probably need to allow access to a couple of online virus scanners and virus fix tools rather than block net access entirely, but it could work. The idea isn't so much about the blocking, but more a case of informing the unsuspecting victim that they are infected and they need to do something about it pronto.
If 80% of all spam is coming from HACKED PC's, there clearly is criminal hacking charges on a federal and/or international level that could be brought against these guys, at some degree, conspiracy to say the least. I'm pessimistic of the DOJ's "promise" to bring the "top 50" spammers to justice this year. Why isn't that alone fueling the relentless takedowns of these guys while they pursue 15 year old virus writers that don't do much beyond pranks? Just because these zombied pc's are probably 99% home computers and not business computers where dollar amounts of damages can be easily calculated. It seems that's always the playing factor in how much the FBI "cares" about computer crimes.
Look, is this any surprise at all when approximately 80% of home computers out there run Windows?
The MS bashing in this thread is ridiculous. Even if you run Windows, you could be running Thunderbird, Eudora, Pegasus, Phoenix, M2, the list goes on, instead of Outlook/Outlook Express. It's not the OS's fault or the mail clients fault, it's the users fault and most dumb people use Windows or Macs because everything else is too difficult. Keeping Windows secure is comparatively easy compared to other Operating Systems, just let Auto-Update take care of it and you don't even notice the patches happen if you don't want to notice them.
I'm quite sure that Windows 2000/XP has become one of the easiest to patch operating systems. It is also fast on route to becoming one of the most secure operating systems for the desktop, and this is controversial, but with the number of holes that have been discovered, made massively public and fixed quickly make it likely to be more secure than other Operating Systems. If every Windows machine suddenly booted up with a different OS one morning, I'm sure that OS would have to go through the same level of patches as Windows has had to go through. Whether those patches would be released quicker or slower than with Windows is impossible to say, but I can say pretty safely that they would not be installed as soon after release on those other OSes as they would be on Windows.
Microsoft has managed to build security and a smooth simple patching system out of the fact that it is the dominant OS for desktops and gets targeted a lot by crackers. I doubt other operating systems would stand up to the same onslaught and keep up with patches (both on the developer side and the user side), especially since they tend not to even have automatic updates.
One last point: It's very easy to say that "open source is more secure", actually it's not necessarilly true. Open source projects (like the kind I work on) tend to have bugs that people searching for exploits can find, but the original programmers do not even look at. Sections of code such as a method that has always worked fine could be an exploitable flaw, but that method would never be studied by the developers until it has been exploited and had attention drawn to it, just like in closed-source. Companies that sell closed source software often also have QA teams who's JOB involves looking at those lesser used functions for security flaws, these guys get paid and their whole employment revolves around checking for holes, but even they miss them. I don't see what the argument is for Open Source software being any less full of holes than closed source software, when open source software groups usually don't even employ those kind of people. Sure with OSS, the bugs are fixed quickly by the whole community, but does that mean the users apply the patches any quicker, or that there are less bugs in the first place? I don't think so.
This is a widespread misconception, akin to saying that if everyone drove Volvos, just as many people would die in traffic accidents as they do now. Millions of Americans have purchased large SUVs that tend to roll over three times more frequently than other automobiles. Volvos, on the other hand, are built with safety as a primary goal.
By the same token, would you expect an OpenBSD server to have the same level of default security protection as a Windows 2000 server? OpenBSD is built with the primary intention of being the world's most secure OS. Nowhere on the Windows 2000 product page do we see anything at all relating to security.
You can't assign positive characteristics to an OS on one hand (Windows XP doesn't crash as often as Windows 98) and then dismiss negative comparisons (Windows is less secure by default than Mac OS X or Linux).
Blame users all you want, but there are millions of uninformed Mac users out there. Believe it or not, in spite of their uninformed nature, they don't have to deal with anything like the litany of security and stability issues that confront Windows users.
It's hard to believe when you've been struggling with Windows for years and have grown accustomed to it, but while Linux and Macintosh aren't immune to security problems, the trojan horses and viruses that plague Windows users are a direct result of Microsoft's development philosophy, which emphasizes market dominance over quality.
Read the EFF's Fair Use FAQ