Slashdot Mirror
Infected Windows PCs Now Source Of 80% Of Spam
twitter writes "The Register is reporting a study by Sandvine.com that blames Microsoft Zombies for 80% of all spam. The study goes on to claim that 90% filtering is not effective given the unprecedented volume and that sophisticated trojans are able to drop spam directly on end user's computers despite current efforts. Just another cost of supporting Microsoft, I suppose."
OK, I'm turning SpamAssassin down to .01 points and letting it all get rejected. I just give up!!!
Was this really actually a surprise to anyone or was this just confirming the obvious?
Hmmm.
When XP Bug patch 2 comes out, this suituation will only get worse, since ppl can't patch their dodgy ( illegal) copy of XP.
90% of all statistics are invented. Especially when they bash Microsoft, but certainly not any ones that indicate anything good about Microsoft.
in filter research, maybe we should be spending it on educating users in basic protections....or converting the unwashed masses. I like the 2nd one better :P :P
Please note the sarcasm in the "unwashed masses" comment before modding me as a troll
Here's an idea to help block spam from these. Don't accept any mail from a block of IPs for residential use. Like all of comcasts home subscribers. Same for ameritech, Road Runner and all those other residential networks. They are under a license agreement to not run a mail server anyway.
I admitt it would be an inconvienamce because I run a mail server like that but it might be worth the pain for less spam.
Evolution or ID?
If computers are going to be a tool used by anybody, I think along with securing OS's real user education must be encouraged.
Today you have to have a license to drive so why not learn how to play safe if your PC is connected to a public network.
Even if Linux or Mac was 80% the of desktops, you would still have people not bothering to patch their computers, and have the same problem. It might be as easy to infect the computers, but the problems would still be there. Stupid users will exist no matter what operating system you give them.
All the ISPs are going to start filtering outbound port 25. If you want to run your own mail server you'll have to route it through their mail server, or use non-standard port number to route thru a 3rd party mail server.
Yes, linux can be more secure than Windows, but the fact is that over 90% of these zombie PCs could have prevented infection by simply having (a) their firewalls enabled and/or (b) having intelligent users. By default, most linux distros don't come with firewalls enabled either (at least, the last time I checked; I think it's becoming more common for firewalling to be enabled though, as with XP SP2) and as for (b), well, we'll always have stupid users.
Which translates into Geekish as "PC's Infected with Windows."
The simpler solution would be for them to get a clue.
I run Windows and there is only a single (known) exploitable security vulnerability - and that's only because Microsoft won't release a patch for it and the workaround is too messy for me to want to bother with it as I'm not stupid enough to fall "cleverly crafted" URLs.
Windows can be almost, if not as secure as Linux or OSX if you just know what you're doing and keep up to date with the patches.
I run Windows and there's no sigh that anyone has ever received a spam message from WOULD YOU LIKE A BIG PENIS?! DOUBLE YOUR LENGTH IN 3 WEEKS!! me.
Schools need to start teaching security. Just the idea and what you do. Kids will go home and teach thier parents. And slowly more people will become educated. How else can you educate the masses?
Evolution or ID?
Seems fairly obvious to me.
Yes, but the other 20% aren't coming from compromised non-windows systems, they're being sent by spammers who know they're sending it. If the other 20% were coming from trojan'ed *nix boxes, then I'd say you're on to something.
Fact is, 4 out of 5 emails that end up in my spam bin are there because (a) some sleaseball wrote a trojan to deliver them, and (b) someone else wrote a trojan-friendly OS to enable it in the first place.
I understand that some ISPs are now cutting off infected folks until they can show they've patched. I think that we'll be seeing more of this, and I can't say I disagree (as long as they understand what a Unix, Linux, or MacOS box is).
Yes it is surprising. Traditionally spam has come from mail servers that were setup as open relays (by accident or design) but nowadays its coming from Windows desktop machines with viruses which setup their own mail servers. Combine that with the growing prevalence of broadband home connections and spam is just getting worse and worse.
"I'm tired of all this 'Aren't humanity great' bullshit. We're a virus with shoes" - Bill Hicks
By "spammers" I mean those people who knowingly and deliberatly distribute spam, and usually make money by doing so.
The hosts and the networks they were connected to became discovered and mail coming from those hosts and networks was treated suspicious by black-list-based filters.
So the spammers use more and more infected zombie PCs. Microsoft Windows is on 80% or more of the desktops. And now these Microsoft Windows-based infected zombie PCs are sending 80% of spam, according to the article
However, this does not mean (which would contradict your "this is obvious" logic) that the x% MacOS X-based, Linux-based and *BSD-based PCs are as easily infected and effectively sending x% of the spam.
This is always the solution that comes up. There are a couple reasons why Microsoft is always picked on for virus/worms.
1. They are the single most popular operating system to date. Therefore they have the most users and giving the spammer/cracker more chances to get personal info or crack their system.
2. Most Microsft users are users that do not always keep up with patches or updates to their system. Most really don't understand why they would have to do it. Not only that, because most new users start with Windows, it's easy for them to fall for most of the phishing attacks as well.
Now, will all of that said above if, hypothetically, everyone switched over to Linux or Mac OS I'm not sure it would change much. You can talk about how secure Linux and Mac are, but they STILL are only as secure as the user wants it to be. I could still see many new users run as root all the time, open unknown files and the rest of the tips that they teach you NOT to do on Windows. Just because you don't see any Linux viruses doesn't mean they don't exist. The fact is that most people who are USING those OSs are a bit smarter and care more about security than your average Windows user that these worms/viruses/spams are being sent to.
Hmmm.
Weather today will be periods of widespread brightness, followed later this evening by periods of widespread darkness. Also, Bill Gates is still in the list of top 10 richest people in the universe.
I can't speak for all geeks out there (we are usually on the front line), but I have seen so many computers running Windows XP out there just getting raped by adware/spyware/worms/trojans lately. One of the primary culprits? Internet Explorer.
The reason I believe it is Internet Explorer is that I have seen a machine that is behind 2 different firewalls (one of which is a very well configured PIX) get molested. It wasn't used for e-mail, no P2P programs for downloading and nothing else was used except the browser. I am SURE some people were browsing dodgy websites on that machine. So far, it is the only PC on that IP segment that has been infected so it wasn't from another machine.
Anyone else see this out there?
Just another cost of supporting Microsoft, I suppose.
Just another cost of supporting users who install the software. Most of these hijacked Windows boxes are a result of a user wanting to see Britney Spears naked.
CLICK HERE--ALL NEW PICTURES OF BRITNEY SPEARS NAKED
This has nothing to do with Windows security other than running an ignorant user as an administrator.
Ah, yes. Because we have all kinds of time to keep up with Windows updates. In fact, I find myself scanning windowsupdate.com, forlornly pining for new patches, because my life is so bitter and empty, and downloading patches is the only bright spot in my dreary existance.
Oh, wait, never mind. I just Firewall-And-Forget(TM). Run my windows box behing three layers of security, and I don't have to worry so much about getting patches the second they come out.
Love your country always, but respect your government only when it deserves it. -- Mark Twain
Imagine if ISPs all started implementing this. This could make a huge difference to the amount of virus/worm generated spam.
Step Two: Follow the money.
Step Three: Follow the money.
Step Four: Take a wild guess.
I'm just going to keep on saying this, year after year, as it becomes more and more clear that those engaging in spam are operating outrageously criminal enterprises: If you want to stop spam, FOLLOW THE MONEY.
Find some Viagra spam. Buy some Viagra. Trace the shipment to you, trace the cash transfer from you, arrest. It's not that hard. It's just not very geeky. People, there's no magic technical solution to this -- there's increasingly illegal stunts being pulled, and the only people out there with the IP-layer mechanisms for tracing the attackers really can't afford to release that data as it would compromise rather more important investigations. But -- we've got a very mature infrastructure for tracing financial and mail fraud. We just need the political will to use it against Spam.
It's just not that hard.
--Dan
... I apologise for the percentage of MS users who are beyond help, and for the admins who allow them to be so.
We keep our corporate networks nice and clean, we stomp on infections fast, we try to educate our users, we run filters and firewalls, we put in place policies and we try our damndest to prevent this stuff.
But if those users go home to an infected PC, then we've failed. failed badly. We don't get paid to keep home machines clean, but how much harder would it be to really educate our users? really?
What can we do? Well, we can impress on our users, as I'm trying to do, that thay can suffer real, genuine harm if they don't practice safe computing.
I have this idea. A user doesn't give a crap if they're not harmed directly by a virus. OK, they have a spamming trojan on their machine, do they notice? no, they don't.
So I make sure I tell my users that there are viruses out there which can log their keystrokes and, by inference, steal their credit card number or online banking details or any other personal information.
That makes them wake up. Once there's a chance they might be directly affected in ways other than a slightly slowed down machine, then they start to take notice.
I'd urge every other techie on a windows network to inform your users in the same way. make sure they know that viruses aren't just something that affects other people. then they'll wake up, and everyone else will be better off. really.
Screw you all! I'm off to the pub
And the next generation of zombie programs will do a simple DNS lookup for the mailserver of the current domain and start sending spam through the ISP's mailserver.
With the side effect that in no time no single customer of that ISP can send mail because the mail server is on every blacklist you can imagine.
Avantslash: low-bandwidth mobile slashdot.
All right, I'll get my coat.
The issue is user education. At least 90% of these exploits are published by Microsoft as resolutions and THEN the scum-sucking-basterds (Yes I do mean you) start using them. I am as educated as any of the linux users out there (I run red hat on a box at home), but I run majorly windows. I have never had a virus or had one of my pcs hijacked in the 24 years I have been doing computers, except for a mac on os 7.1.
The virus writers go for the economy of scale. Mac OS X would be targeted by virus writers more if it was more widely distrubuted. Many of the people I know that use it, have OS X because it is easy and they didn't have to do anything to set it up. Can we say ripe for viruses? Let us start seeing some real statistical indicators. Like Original Virii counts to OS instances ratio.
In God we trust, all others require data.
For the next two weeks until i start a non-crappy job at a linux based company, I still work graveyards at one of the larger aggregate dialup resellers in the US (no, my email address, whois records, etc, are not indicative) and this means i mainly handle abuse complaints.
We get the occasional hit & run spammer who signs up for one of the $9.95/mo services with a prepaid credit card (so we can't effectively fine them) and then spams the heck out of the connection until we cut them off, but 99% of spammer complaints (that aren't due to spamcop being fooled by well crafted headers from brazil, or confused by unpublished relay hosts in our spam filtering cluster) are traced to users who have been with us for some time, who have never given us any trouble, and who have called customer service frequently for fairly basic help with simple internet setup tasks -- usually an account shared by a family with several children, or used by an old lady who just wants to look at pictures of the grandkids on the intarweb gadget. Pretty unlikely spammers.
The accounting department doesn't like it, would prefer to shoot first with a $100 fine and let customers beg for forgiveness later, but i argue constantly that we should give them at least one chance to disinfect their computer. We go ahead and fine 'em if they don't fix their issue within a few days, though, and then accounting makes them prove they are disinfected before giving them their money back.
It's poor customer service, ultimately, but wtf is an isp to do? If we just pestered them with email they'd assume we didn't really mean it, and would never fix their systems.
This is just like television, only you can see much further.
Since this study was published, whenever I receive spam that (according to the Received: headers) appears to have been sent via a broadband IP address, I refer to it in my spam complaints to ISP's. I also suggest closing outgoing port 25 per default, and only opening it for customers who explicitly indicate wanting to run a mail server.
I keep a text file with this message for easy pasting into the spam complaint.
Fortunately, this will not help, because most (bigger) ISPs have separate servers for incoming and outgoing mail, and there are no DNS entries for outgoing mail!
Karma: none (due to not believing in reincarnation)
That argument is based upon the assumption that security == marketshare.
Security is not the same as marketshare.
The vast majority of zombies were infected via Outlook's ability to run executables from email.
In order for Linux to have the same infection rate as Windows, Linux would have to have the same (or similar) flaws. For example, the same email client installed, by default, upon every Linux machine and that email client would have to run executable content.
Windows was designed with "user-friendly" being far more important than security. So important that security would be compromised in order for a feature to be "user-friendly". That is why there are so many problems on Windows machines.
Here's an example. Grab the latest copy of WindowsXP, run it without anti-virus software. Why is WindowsXP still vulnerable to the same viruses that Windows95 was?
``When XP Bug patch 2 comes out, this suituation will only get worse, since ppl can't patch their dodgy ( illegal) copy of XP.''
That won't make it worse - the situation for those user's who can't or won't install SP2 will stay exactly the same as before. Those who do install it will improve. So, it will make life not worse, but better.
It would be interesting if a critical vulnerability were dicscovered that pretty much stops the system from functioning (like Blaster). If only those with licensed installations can get the fix, the rest might realize that you don't get a good OS for free by pirating Windows. Something, though, tells me that Microsoft will make critical fixes available to anyone, though.
Please correct me if I got my facts wrong.
They don't. They will simply lop port 25, and force you to use their smtp servers, or lack thereof. While they are at it, meter you $0.10 a letter. And 50 years from now we will be asking why email costs so damn much.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
But the fact is that it's the *majority* of Windows users, without a clue about the mechanics of their PCs and the Internet that create the problems for those of us who take the time to understand how IP networks & OSes work - whether that's Windows, Linux, UNIX, OS X, etc. etc.
Now is the time for ISPs to start coming down hard on their subscribers and not handing out Internet access to people until they have proven a degree of computer proficiency first - even to have to present a "License to use a computer on the public Intenet". I'm sure ISPs could make some money out of providing training for those licenses also.
I am tired of hearing the same old Windows v Linux arguments - they're *irrelevant* in this case, it's just about the people who don't know what they're doing (yes, 99.9% of them do use Windows) making it bad for those of that do know what we are doing.
The only defence Linux has is that Joe Bloke users who just want to play games and check email have no reason to not use the OS that came with their PC, namely Windows. Those of us that do use Linux do so out of choice and have gone through a high learning curve while using it - therefore, the average Linux user probably knows a lot more about how OSes & networks function than the average Windows user.
Gentoo Linux - another day, another USE flag.
Now that we know top spammers / email marketing firms....
How long would it take for geek population to find the PHYSICAL sites where they are located. And no we wouldn't be interested proofing that they send THE spam we recieved, only fact that they send spam lots of it. Now get AK47 in large quantities, and some explosives and timing based detonators. If 50 or more email marketing sites are attacked at same time all-around the world. With those offices destroyed, and top spammers sleeping with the fishes, how many would think that the email marketing is easy and safe money making business. The punishment maybe on a hard side compared to the crime, but it would simply eliminate Spammers.
Emacs is good operating system, but it has one flaw: Its text editor could be better.
According to Google, the operating systems used to access Google (which I would think correlates fairly well to overall desktop OS use) are:
Win98 21%
WinXP 49%
Win2000 18%
WinNT 3%
Mac 4%
Win95 1%
Linux 1%
Other 3%
So "Windows" accounts for 92%.
My current (modified) strategy is: Only greylist IPs which are
- listed in a DNSBL(***) of your choice or
- contain several digits in their resolving hostname which would indicate a dial-up host.
(***) i use l2.spews.dnsbl.sorbs.net and cbl.abuseat.org. I would never reject any mail with these dnsbls as the false-positives are too high, but for greylisting they work perfect.This keeps the number of false-positives low and is really effective, as only suspicious hosts (dialup, dnsbled) are checked.
I am very satisfied by the results. The number of mails in the deferred queue dropped from ~15k to ~600, the system-load dropped from 2 to 0.5 despite the additional checking and database-lookups done. My system sends ~ 3-5 mails/second and rejects/deferrs 10-15 mails/second.
Greylisting implementations for your favourite MTA are allready available. You only have to use them.
Meme of the day: I browse "Disable Sigs: Checked". So should you.
If you want to run Windows without any knowledge, fine, but its like a black box. You can run your email, browse the web, write your letters. You want to install something, etc, you hire an experienced admin, like you would get an electrician to fix your wiring or a mechanic to fix your car. You want to admin it yourself, also fine but you're actually going to have to learn something about computing and the underlying OS.
You shouldn't have it both ways, because like I said, a netowrked computer just isn't a toy anymore. Its a device capibable of causing harm to others if used wrongly - a view reflected by changes in law and enforcement attitudes. We don't let people drive cars on public routes without testing they have some knowledge of the rules, codes and dangers of the road - if you can't do that you get the bus.
So what's the point? The point is Windows wants to give everyone the best of both worlds (or should I say _has_ to). An interface your Gran can use _and_ the privelages of a super-user. I'm not really sure that Linux, etc, should be trying to follow that lead.
If Windows is so easy to hijack and become a spam relay it must be possible for a Trojan to hijack a Windoze box and install all of the patches? Thereby eliminating most of the problem zombie Windoze boxes.
Unless, of course we start getting anti-anti-spam trojans - that actually patch Windoze to stop the anti-spam trojan working?!
Please don't steal my sig, it's my intellectual property
But if the trojans are sufficiently capable of reading an Outlook mail folder and extracting email addresses, surely they could easily look up the SMTP servers configured?
"Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
With the side effect that in no time no single customer of that ISP can send mail because the mail server is on every blacklist you can imagine.
And guess what --- that's exactly what must happen. It'll serve to teach that ISP that they have to spam-scan outbound mail, too, to avoid being blacklisted by everybody else. Actually, that's the whole point of forcing all their customers' mail through the ISP's outbound mail server in the first place: to be able to scan for spam and worms before they unload them onto the general public.
Dell's customers have the expectation that they would get a properly set up computer when they paid their money. If Dell use a dodgy software supplier with lots of known problems and a legal record as long as your arm, isn;t Dell the place to put the blame?
A pizza of radius z and thickness a has a volume of pi z z a
Mac OS X is a different case, but they have secure email and browser applications. (For the most part. The issues have pretty much been fixed by now.)
I'm in the hole of the broadband donut.
I worked for an ISP that had outbound port 25 blocked. Served both purposes in regards to our users spamming and infected users spamming. If a business client (or residential even), asked to have it open, we'd set their policy to allow outbound port 25 (assuming they had a static ip) with a small extra charge. Therefore this was never a big issue for us. Is it really this hard for ISP's to do this? I know at least in Ontario, Sympatico does this. Reality is, you can't always expect the user to be 100% patched and secured. At least not all of them.
-----
http://home.ica.net/~casino4u - Safe and Secure!
Why not use SPF? check my weblog for some details as to why this is a much better idea then blacklists or some of the other solutions being proposed.
As far as I can figure from the statement in the article:
..it seems to me that the article should say 80% of the service provider's mail traffic was generated by zombies. This is completely different from the statement made in the topic.
"After comparing those data points with the total volume of legitimate messages passing through the service provider's mail system, we are able to arrive at our percentage of 80 per cent",
It's like you'd go to a bar and observe that 80% of women leave with drunken idiots, and thus proclaim that drunken idiots are able to hit 80% of women.
There may be some causality and statistical significance, but it definitely isn't as clear as the article suggests.
http://codeandlife.com
If your IP shows up in the header at the correct place, you're most likely the real sender of the mail. If you find only your address as Return-path: and/or From:, then someone else (virus, spammer) is just abusing your address and you get all the bounces.
Its time the Internet stopped being a slave to the dumb users and put control back in the hands of people who know what they are doing.
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
Did I miss the actual study with actual data? I only saw the one page executive report.
Pretty flimsy but probably true.
Keep the Classic Slashdot.
Speaking from experience, I can tell you that it's not as easy as it seems...
.au where I'm located, the Spam Act 2003 only provides for civil penalty provisions against the spammers (in essence, the .au government will sue you for violating the spam act in civil court.)
Various jurisdiction's spam laws vary, but at least in
Even though the evidential burden in a civil case is much less (balance of probabilities/preponderance of the evidence) than in a criminal case (beyond reasonable doubt,) it still proves difficult to tie a spam purporting to advertise, for example, penis pills, to a purveyor of penis pills.
Penis pill guy sends his spam through a few thousand of 'fresh proxies' (spam guy terminology for freshly rooted or virused machines garnered from crackers or vx people), penis spam ends up in inbox with penis pill guy's contact details.
So far so good, but there's no causal link between A and B of any forensic value whatsofuckingever. Correlation is not causation.
I'd be more inclined to see a system which plugs into the MTA somewhere between RCPT TO and DATA, which performs a basic open proxy scan on the originating MTA (similar to what many EFnet servers are doing ATM,) and if the originating MTA fails the test, mail is refused (preferably with a '550 5.1.1 no such user' error as this may help get you off certain lists) and the originating IP is added to some form of distributed blacklist for X hours (i'd suggest 48... long enough to allow ample time for the machine's owner to find out that they have a virus or spam problem and fix it, not really long enough to cause a major problem.)
I'm actually working on building such a system at the moment... Details will be posted to my website when I have some half decent code that runs (instead of making postfix' smtpd dump core.)
You're doing it wrong.
I must interject here. Albeit I do agree that blocking port 25 will definitely help filter out dumb users sending spam, it has a side effect. My ISP limits outbound attachments to 7 megs and does not allow the sending ot zip files(so I use rar). I work in animation. That really sucks, trying to get my contractor to open up an IRC or MSN client to send files out. "Freedom" has nothing to do with it. It's "functionality".
But the first thing that needs to be done is to prevent machines from connecting directly out to another ISP's SMTP server. Hopefully this is done by one of the proposed IETF standards and not by simply blocking port 25, but we'll see.
The mail program ask you where to save it.
In windows, click-to-infect is the norm.
Ever heard of FTP? How about web hosting your anims somewhere and mailing your clients/contractors a link?
...if Windows users would start using Firefox or something with some real protection on it.
For example back at home my dad and sister both have their own computers. Both of these computers are constantly just clogged with so much ad/spyware that they are a chore to use. After formatting them both and reinstalling Windows XP I decided to install Firefox for them to use as their browser. It's been several months since then and both computers are FAIRLY free of all malware. There is still some but it is a major improvement.
Anybody on a Windows machine plagued with stuff needs to drop Internet Explorer unless they can manage to avoid going to sites that are notorious for infecting your computer with stuff.
the byproduct of years of oppression by the white man
Where I work, we've been using a Barracuda Networks Spam Firewall. Just out of the box it worked pretty well, but I've been very busy with other projects and never bothered to train it. So... within the past two or three months, more spam has been slipping through. Last week, I finally got a small break from the other projects and decided to spend the week training the system. The first thing I learned was that you want to have at least twice the number of messages marked "not spam" as you do the messages marked "spam". Right about now, I have 3000 marked as "not spam" and about 1400 marked as "spam". The change in the amount of messages being blocked increased dramatically after just a few days of training the system. The system provides a graph displaying the number of messages allowed, blocked, tagged (as possible bulkmail), infected, containing an invalid recipient, or just a high rate of messages from one host. Just looking at the blocked portion of the graph, it appears that training the unit has given me almost a multiple of ten times the number of messages blocked. Add to that, the fact that it appears to be very accurate, and I am one happy camper.
With all of that said, I will also say that from what I've seen of the Barracuda, it's probably about 80% customized Linux and other OSS projects and 20% proprietary code. So, I think you can probably achieve this level of accuracy in your own custom built system using Linux and OSS. The main reason we went with the Barracuda is that I've just been too busy to research building our own custom solution. But... if you have the time, inclination and knowledge, it shouldn't be too hard.
The greatest benefit of bayesian filtering combined with whitelists, RBLs and antivirus (as in the Barracuda) at the network level is that you don't have to worry much about your user's PCs. That, and forcing them to use a web based client make for a pretty decent mail environment.
Un-news
From the MBSA site:
"MBSA Version 1.2 includes a graphical and command line interface that can perform local or remote scans of Windows systems."
So Microsoft releases a GUI tool to remotely scan Windows installations for security vulnerabilities, and yet it includes virtually *no way* to automatically exploit those vulnerabilities to provide a remote login?
Typical of them to rush an inferior product out the door and rely on marketing muscle to sell it over superior third party alternatives.
I can offer confirming evidence of the unprecedented volume of spam. Last summer my spam had reached levels of 6,000 per month. During the fall and winter the spam activity dropped by over 50%, but the respite ended about 60 days ago. I am currently looking at just shy of 9,000 spam messages per month in my inbox. Yikes! Fortunately, I have spambayes... so I only have to touch 5-10 messages in my "possible spam" folder each day. It's not as onerous as it sounds, since I only see about 1 non-spam per week in my possible spam folder, so it only takes a couple of seconds to look for something I recognize and nuke the rest.
Of course, that doesn't do anything about all the bandwidth and server resources that are wasted handling all of that spam.
For personal use, I am still a big fan of Tagged Message Delivery Agent which I use mainly for its challenge-response and auto-whitelisting functionality. I don't get any spam, and this on an email address that has been on a popular public website for years.
Of course, TMDA is probably not what you want to use for a business, but for personal use it is great!
I've had spam show up at new accounts that were only registered, never used. I've even had spam arrive at an email account that was sent before I even created the account!
Then theare are the moron spammers who send out group addressed emails (the ones with 20-30 variants on spelling anything at all like your name.)
Anti-spam on the client is not the solution.
Sticking there severed heads on pikes outside ISPs would be far more effective and satisfying.
Or the traffic problem could be justifiably claimed as a result of poor engineering by Microsoft, and make Bill & co. responsible for the resulting expenses.
Or we could just make ISP's responsible for disconnecting any customer who has an infected machine connected. When the machine is cleaned, then they could reconnect, not before.
No, I don't care about people who can't afford to take care of their machine, buy hardware firewalls, virus scanners, etc. I don't care that people driving rust buckets can't afford better cars, either -- get the hazard off the public byways!
I do not fail; I succeed at finding out what does not work.
Ad-aware result: 0 Spyware found.
Spybot result: 0 Spyware found.
The last time either of these found anything: Over 5 months ago. Give you a hint, I only switched to Moz 4 months ago.
The last time I ran an update on both: This morning.
Sounds like FUD spreading to me from both sides. Does it take effort to stop? You bet! Of course, I haven't had to put any effort into it for a long time now, but it is really simple to do as long as you use that squishy stuff between your ears.
--- Ãther SPOON!
If (for example) 80% of PCs run Windows and 80% of spam comes from PCs that run Windows, that's hardly saying anything about Windows, is it.
Two points: (1) the story never mentions Microsoft and (2) it says filters are 90% effective, not ineffective.
:P
As an ISP our biggest OS problem is Linux. Proportionally it causes far more problems than Microsoft. Why? Because Linux users sit around saying "poor MS user" and don't even know they've been hacked. And the majority have been hacked. If you say "Oh, that can't be" then you've just joined the crowd
Yes, spam affects me personally. Money I send my ISP is going into fighting spam that should not exist instead of providing me a real service. My ISP, Cox, blocks outbound port 25, and I have to put up with their crummy SMTP server performance after two years of problem free Exim use.
There are plenty of other evil and nasty things Microsoft does, but the cost of this failure is obvious and deserve mention when the problem is stated.
Friends don't help friends install M$ junk.
You can talk about how secure Linux and Mac are, but they STILL are only as secure as the user wants it to be.
Oh? And which e-mail program on Linux or Mac executes embedded code without user intervention? Maybe if outlook and the crossover plugin combo take off, you'll see a problem. Also, opening unknown files under linux won't cause these files to execute (and infect your computer).
Running as root isn't a security issue, it's a sanity issue. You are no more or less exposed security wise by running as root than you are by running as a user.
I can only think of two or possibly three linux worms. Windows on the other hand provides a worm writing API.
Windows gets picked because it is insecure. It is insecure because it was designed to produce income, not security. Linux is more secure. It is more secure because the code is open and because it is not constrained by market pressures to support legacy (buggy) APIs (it is free).
Seriously. If script kiddies and spammers could root linux boxes (if the two operating systems were comparatively easy to root), they'd be doing it as often as possible.
"Just another cost of supporting Microsoft, I suppose."
Uh, no--how do trojan attachments and viruses that moron users open have anything at all to do with Microsoft?
I forgot, we needed an article that specifically made sure to say "Windows PCs" in the headline as though it being Windows has anything to do with it. If everyone used Macs today, it would be Macs, and if everyone used Linux, it would be Linux boxes. Uninformed users are uninformed users, and short of Microsoft showing up at your house and forcing you at gunpoint not to open attachments or enable viruses, what do you expect them to do?
"Sufferin' succotash."
It also blocks scripts, screensavers, and many other executable formats, by default. This is pure FUD.
The problem has absolutely jack-shit to do with Outlook. It's people not patching or just running random executables they specifically allow into their Inbox.
I know we all spurge on our screens at the chance to bash Microsoft in any way possible, but let's be rational here.
In order for Linux to have the same infection rate as Windows, Linux would have to have the same (or similar) flaws. For example, the same email client installed, by default, upon every Linux machine and that email client would have to run executable content.
No, Mr. Security Expert, it would not. The same e-mail client isn't necessary, all that's necessary is getting enough people to run executables or whatever that exploit something. I'm sorry, but Linux distros aren't without their weekly exploits and buffer overruns either. MPlayer has had executable overflows before. A freaking media player! But you never see that reported on Slashdot, because OSDN has an agenda, and this place is completely biased (and as a result pumps out closed-minded Linux zealots by the pound).
Here's an example. Grab the latest copy of WindowsXP, run it without anti-virus software. Why is WindowsXP still vulnerable to the same viruses that Windows95 was?
Because of backwards-compatible libraries? Think a little.
"Sufferin' succotash."
In Outlook, executable files, scripts, and screensavers are blocked by default.
If you tried deleting everything on your hard drive, you'd get errors from system files that are in use. Windows won't delete them.
In windows, click-to-infect is the norm.
I have a feeling you haven't used a copy of Windows since 1998. Pure FUD.
"Sufferin' succotash."
The problem with front-end client spam filtering is that it does nothing to reduce the backbone traffic volume nor the data volume the email server has to process.
Someone is selling the products. They are illegally using home PC resources via spamnets. I fail to understand why the spammers can't simply be charged with theft, fraud, and locked up accordingly.
Or just shot if they happen to be in a country that permits such penalties. The genepool needs some cleaning...
I do not fail; I succeed at finding out what does not work.
Hate to tell you. OS X automatically checks for updates and asks the user to update out of the box already. It doesn't help much.
This of course does NOT stop the "click the close thingy so this thingy will go away." syndrome. I set up my sisters PC to auto-update when she got a cable modem at her house. She never clicked "OK" on the update once in 3 months. She even understands WHY she should update it.
So why doesn't she? Because when shes on the computer she wants to do something and be done.. So if it asks to update she clicks "NO" because shes busy right now! Then it does not ask again until the next time she uses the computer... Repeat.
Automatic updating wont work very well either. If there is a way to cancel it and the user is smart enough to figure it out they will cancel it or turn the computer off because the computer is running slowly.
A lot of users are on dialup and are very unlikely to leave the computer connected while it downloads for god knows how long..
The list goes on and on...
This is not a problem that is magically going away with a firewall and a auto-update.. Not by a long shot.
Talent hits a target no one else can hit; Genius hits a target no one else can see.
So if you're a victim of Microsoft's negligence in making systems that can easily be converted to attack zombies, click here to contact that law firm. The most effective victims would be those who run Linux, because they're not subject to Microsoft's EULA. For them, it's a pure negligence issue. A Linux-based ISP or hosting service would be the poster child for such an action. They're being hammered on, they didn't sign any Microsoft EULA, and they're clearly suffering sizable damages due to Microsoft's negligence.
It's time for this to become a major legal issue.
Well, that's the beauty of Windows. You don't even have to be a idiot user no more. You see, an unpatched copy of XP and a high speed internet connection can get you a backdoor trojan faster then dropping the soap down at the local penitentary.
You see, unpatched windows has exploits and all the script kiddies with porn sites know this. The most common viruses now scan computers on an IP range, find a computer prone to an exploit, and open up shop on your computer.
'What you say!' They could do that just as easily on Linux or a mac. Not quite true. OS X and Linux are both based on Unix which is considerably more stable and secure then windows (for oen thing they handle file premissions a lot better and more securly). Most importantly though, primarily where linux is concerned, there are constantly people updating and improving the linux kernel. These are often the same kinds of people who would take advantages of exploits back in high school and are now turning their knack for finding system weaknesses towards a constructive goal. Open source finds bugs faster (or so time seems to be telling us)
Last and not least, yes most people use Windows. Therefore most viruses are constructed for Windows and most computer illiterate users (many of whom don't even know what spyware or the like is) use it too. So there is saftey in obscurity.
But i beleive enough of the blame can be pinned on what a mess security in windows is and someone pointing that out isn't just a tinfoil hat wearing commie shouting witch at the Big Guy.
'Course in longhorn security is giong to be better. And everything is going to be fully integrated. Some how those two have never gone hand in hand. Only time will tell. But for now I prefer the Unix ideom of 'do one thing, do it well.'
(It also reaks less of monopoly then do everything and do it noticably)
The Neo-Bohemian Techno-Socialist
This "study" is dubious at best IMO. They don't show any details on how they came up with the statistic of 80% spam originating from zombie PCs. They just declare this as if it were factual. While I agree that the percentage of spam coming from hijacked broadband PCs is definitely increasing, I think their figures are not accurate.
Based on my own statistics, which I've begun compiling over the last year, the source of spam and amount has remained fairly consistent. In terms of the number of spam messages, the lion's share of spam continues to originate from APNIC address space (China, Korea, Etc.) -- now whether or not these systems are zombies, I don't know but I am more inclined to believe that they're not. There are spammers who have made arrangements with some ISPs overseas who seem to be able to rotate their source IP in a very large chunk of address space.
I see at least 40% of spam coming from APNIC blocks and other assorted International spam havens. The second largest chunk of spam sources seem to be: Southwest Bell, TDE, SBC and others -- these likely include a combination of zombie PCs and ISP deals.
Now I'd buy the 80% figure IF you cut out the Chinese and Korean sources, and maybe most ISPs these days are now blocking big chunks of class B space in lieu of the signal-to-noise ratio they're generating. Then it makes sense, but this "study" is no "study" - it's more like a press release without any substance.
It doesn't take a rocket scientist to recognize that zombie PCs are becoming more of a force in the spam industry. And why is that? It's because ISPs are starting to blacklist IP space -- it has NOTHING to do with content-based filtering (which I keep saying is a waste of time). So yea, we can expect more DUL PCs to be compromised, but based on my analysis of my own logs, there has not been the radical shift in spam sources that the article implies.
The problem is when the ISP's SMTP server doesn't behave in the manner you want it to: it's slow, often unreliable, won't accept large attachments, blocks certain file extensions as attachments, and so on. Oh, and it doesn't support SSL/TLS. This isn't just my ISP, nearly every ISP I've used in the last 5 years has had similar limitations. The unfortunate fact seems to be that ISPs provide connections. They're really not very good at providing other services like reliable email servers, webhosts, usenet servers and so on.
Personally I'd be much more comfortable paying the ISP a touch less, not having access to all the "extra" services (50mb webspace, 20 POP3 accounts, usenet, etc.) and get the services I actually need from a professional hosting company. Group a few people together on a user-mode Linux VPS and it only works out at a couple of pounds per person per month.
There's also the whole privacy issue - I don't necessarily want a large corporate entity (my ISP) having access to all the email I sent, when I send it, to whom I send it, etc. etc.. If this article were about anything apart from the unpleasant reality that is junk email, most of the comments here would be bemoaning the invasion of privacy.
is this a case of giving up some freedom (port 25) for some sanity?
My ISP already does this. What I'd encourage (see my earlier post for a fuller explanation) would be a captive portal ISPs could use for customers' machines which are victims of viruses. All it needs to be is a page telling people to sort the mess out, providing a few useful links to online virus scanning sites and so on. The message is more about informing the unsuspecting customer than it is about draconian blocking, etc.
If 80% of all spam is coming from HACKED PC's, there clearly is criminal hacking charges on a federal and/or international level that could be brought against these guys, at some degree, conspiracy to say the least. I'm pessimistic of the DOJ's "promise" to bring the "top 50" spammers to justice this year. Why isn't that alone fueling the relentless takedowns of these guys while they pursue 15 year old virus writers that don't do much beyond pranks? Just because these zombied pc's are probably 99% home computers and not business computers where dollar amounts of damages can be easily calculated. It seems that's always the playing factor in how much the FBI "cares" about computer crimes.
Look, is this any surprise at all when approximately 80% of home computers out there run Windows?
The MS bashing in this thread is ridiculous. Even if you run Windows, you could be running Thunderbird, Eudora, Pegasus, Phoenix, M2, the list goes on, instead of Outlook/Outlook Express. It's not the OS's fault or the mail clients fault, it's the users fault and most dumb people use Windows or Macs because everything else is too difficult. Keeping Windows secure is comparatively easy compared to other Operating Systems, just let Auto-Update take care of it and you don't even notice the patches happen if you don't want to notice them.
I'm quite sure that Windows 2000/XP has become one of the easiest to patch operating systems. It is also fast on route to becoming one of the most secure operating systems for the desktop, and this is controversial, but with the number of holes that have been discovered, made massively public and fixed quickly make it likely to be more secure than other Operating Systems. If every Windows machine suddenly booted up with a different OS one morning, I'm sure that OS would have to go through the same level of patches as Windows has had to go through. Whether those patches would be released quicker or slower than with Windows is impossible to say, but I can say pretty safely that they would not be installed as soon after release on those other OSes as they would be on Windows.
Microsoft has managed to build security and a smooth simple patching system out of the fact that it is the dominant OS for desktops and gets targeted a lot by crackers. I doubt other operating systems would stand up to the same onslaught and keep up with patches (both on the developer side and the user side), especially since they tend not to even have automatic updates.
One last point: It's very easy to say that "open source is more secure", actually it's not necessarilly true. Open source projects (like the kind I work on) tend to have bugs that people searching for exploits can find, but the original programmers do not even look at. Sections of code such as a method that has always worked fine could be an exploitable flaw, but that method would never be studied by the developers until it has been exploited and had attention drawn to it, just like in closed-source. Companies that sell closed source software often also have QA teams who's JOB involves looking at those lesser used functions for security flaws, these guys get paid and their whole employment revolves around checking for holes, but even they miss them. I don't see what the argument is for Open Source software being any less full of holes than closed source software, when open source software groups usually don't even employ those kind of people. Sure with OSS, the bugs are fixed quickly by the whole community, but does that mean the users apply the patches any quicker, or that there are less bugs in the first place? I don't think so.
If the source of 80% of spam is infected PCs could a method of OS finger printing (ala nmap) not be used to identify the offending PC as 95/98/XP and either flag (with an X header) or reject the mail? A test of the source address would do. It's not perfect and firewalls etc would make it a tad unreliable but if you mix this with other tools like spamassassin it just might work.
Just an idea...
Paul
This is a widespread misconception, akin to saying that if everyone drove Volvos, just as many people would die in traffic accidents as they do now. Millions of Americans have purchased large SUVs that tend to roll over three times more frequently than other automobiles. Volvos, on the other hand, are built with safety as a primary goal.
By the same token, would you expect an OpenBSD server to have the same level of default security protection as a Windows 2000 server? OpenBSD is built with the primary intention of being the world's most secure OS. Nowhere on the Windows 2000 product page do we see anything at all relating to security.
You can't assign positive characteristics to an OS on one hand (Windows XP doesn't crash as often as Windows 98) and then dismiss negative comparisons (Windows is less secure by default than Mac OS X or Linux).
Blame users all you want, but there are millions of uninformed Mac users out there. Believe it or not, in spite of their uninformed nature, they don't have to deal with anything like the litany of security and stability issues that confront Windows users.
It's hard to believe when you've been struggling with Windows for years and have grown accustomed to it, but while Linux and Macintosh aren't immune to security problems, the trojan horses and viruses that plague Windows users are a direct result of Microsoft's development philosophy, which emphasizes market dominance over quality.
Read the EFF's Fair Use FAQ
Is when people counter the "I don't use Linux because I'm not that adept concerning computers." argument with "well it wouldn't kill you to learn more about your computer."
This is true, but I am a Windows user for a long time now (still run Linux on my server) and I haven't had a computer virus in AGES (at LEAST 6-7 years).
Because I have a firewall, I don't use IE or Outlook, and I keep stuff patched.
The point? If you learn more about your computer you can make Windows alot safer. and I guarantee you it wont take as much learning/suffering as it takes to get started in Linux on the desktop. Not to mention patching my Windows machine is as simple as running windows update....my linux server? Well, depending on what were talking about it could be as simple as downloading an RPM or, and this is the fun part, updating something from source....either way its nowhere near as easy as updating Windows....hopefully someday it will be!
"The saddest words of mice and men, are not those which were, but should have been."