Gates' Resolve in Bringing Spammers to Justice

An anonymous reader writes "It didn't seem to me like any single company had the stomach to keep after the scum that are ruining the Net for the rest of us. Unless that company is Microsoft. Since the beginning of 2003, Microsoft has filed 96 lawsuits against spammers, and 119 lawsuits against phishers. By any measure, 215 lawsuits constitutes a legal juggernaut. "

Referrer Log Spammers should be sued too

[xmas2003]

Wow - Microsoft/Gates usually gets a bad rap on /., but kudos to them for going after the scumbags of the Internet. Another group I find annoying is the folks who do referrer log spamming. Even though I don't publish those log stats (so their efforts are to naught), they continue to send their stupid traffic and it's a bit annoying to see in the web log analysis.

Re:Referrer Log Spammers should be sued too

[Simon+(S2)]

Even though I don't publish those log stats (so their efforts are to naught), they continue to send their stupid traffic and it's a bit annoying to see in the web log analysis.

I put whatever I want in my Referer header. If you don't like it in your logs, don't log it.
Actually I don't do referer spamming, but I don't like people looking at the page I was visiting before, so sometimes I fill in just random junk, or diable it completely.

Anyway, my point remains: nobody is forcing you to look at my referer string. It's not like junk mail. If you don't like it, don't look at it.

Re:Referrer Log Spammers should be sued too

[usv]

I put whatever I want in my Referer header. If you don't like it in your logs, don't log it.

I don't mind actual users spoofing their Referers, but the situation is IMHO a bit different when there are multiple machines doing automated referer spamming at a rate of, say 400 requests per minute. Even though it is not likely to be illegal to spoof Referer headers, the aforementioned situation could be easily interpreted as a criminal offence, at least where I live.

Re:Referrer Log Spammers should be sued too

Set a cron job running that automatically scans your referrers, retrieves the pages, and checks to see if there's a link to your website in there. It has the downside of purging the pages that aren't publically accessible, but the bonus of wasting the bandwidth of spammers.

Re:Referrer Log Spammers should be sued too

[Simon+(S2)]

I don't mind actual users spoofing their Referers, but the situation is IMHO a bit different when there are multiple machines doing automated referer spamming at a rate of, say 400 requests per minute.

Yes, I agree. Thanks for clarifying that.

Re:Referrer Log Spammers should be sued too

[roseblood]

Microsoft/Gates usually gets a bad rap on /., but kudos to them for going after the scumbags of the Internet.

Well, if they'd make an OS that wasn't set up as to be easy to "zombie-fi" then I suspect a lot of spam wouldn't even be a worry as I read in wired(or a slashdot link to wired?) that a large minority of spam is sent from hijacked computers running MS OS.

Fix the security hole and a large % of spam goes away.

Re:Referrer Log Spammers should be sued too

[1ucius]

This strikes me as a publicity stunt. It's hard to see that a civil judgment will make any difference to a spammer. They will simply start a new shell corporation or move off shore. I'd be a far more hopeful if some AG used fraud laws to put some of these folks in jail.

Re:Referrer Log Spammers should be sued too

Well, if they'd make an OS that wasn't set up as to be easy to "zombie-fi" then I suspect a lot of spam wouldn't even be a worry as I read in wired(or a slashdot link to wired?) that a large minority of spam is sent from hijacked computers running MS OS.

Fix the security hole and a large % of spam goes away.

That's like saying if nails on the roads are causing flat tires you want to have road makers get the blame for flats. FUCK THAT, go after the ASSHOLES that dump nails.

Re:Referrer Log Spammers should be sued too

[The+Archon+V2.0]

I don't mind actual users spoofing their Referers,

Neither do I. Hell, I've done it on occasion.

but the situation is IMHO a bit different when there are multiple machines doing automated referer spamming at a rate of, say 400 requests per minute.

And how! Got hit with one of those last week. Made the logs useless until I grumbled and hacked up something to cut them out of the saved logs. And all this on the faint hopes that you have an automated stats program running that will put their crap online, link-back style.

Those slimeballs are just like the ones who hit cgi-bin a hundred times hunting for exploitable message board and e-mail scripts and other spammers. They steal the resources on zombie machines and use them to flood legitimate users with crap, costing others hundreds of dollars to make themselves a few bucks.

If only we could hunt these people down and leave them lynched outside their homes with a placard reading "SPAMMER" attached to their chest. With nails. Before the lynching.:\

Re:Referrer Log Spammers should be sued too

PS: Why mod the GP as flamebait? It is TRUE that MS made a road that accomidates NAILS from my analogy. MS did not put the nails there. Nor did they promote people to put down nails on the road.

Re:Referrer Log Spammers should be sued too

[roseblood]

No, MS did not lay out malware/spyware but, given your road analogy, they did not provide for street sweeping after making the road, no great steps have been taken to make it harder for people to turn a MS box into a zombie to spread spam.

Re:Referrer Log Spammers should be sued too

[david_costanzo]

Well, if [Microsoft would] make an OS that wasn't set up as to be easy to "zombie-fi" then I suspect a lot of spam wouldn't even be a worry as I read in wired(or a slashdot link to wired?) that a large minority of spam is sent from hijacked computers running MS OS.

A poorly maintained GNU/Linux box is just as easy to compromise as a poorly maintained Windows box.

The #1 security risk is not the OS, it's the user. There are the users that execute email attachments, run any piece of software they download from the Internet, choose weak passwords, and disable their firewall because its annoying. A lot of these users happen to run an MS OS.

There's also another class of sophisticated, but uninformed users that puts the Internet at risk. These are the Linux admins that think that they don't have to worry about security just because they run Linux. They leave their system untouched (unmonitored and unpatched) for months or years. They may also set up a test account (username=test, password=test) just to see if everything's working. Or they may set up a low privilege guest account (username=guest, no password), forgetting that even a guest can open an outgoing socket. A machine like this will be compromised within a month.

The SSH daemon on my Linux box gets probed by 2-3 different IP addresses every day. I expect that most of these attackers are zombies. And I doubt that any one of them are running an MS OS.

Re:Referrer Log Spammers should be sued too

[capoccia]

For all those who are not intimately familiar with cron, how would such a job be created?

Re:Referrer Log Spammers should be sued too

[B3ryllium]

Teehee ... in the road analogy, MS left giant potholes in the road when they built it, and it causes the Nail Trucks (tm) to spill nails all over the road whenever they hit one.

It doesn't help that the Nail Truck Drivers (tm) are intentionally trying to hit the potholes for fun and profit, of course.

Re:Referrer Log Spammers should be sued too

no great steps have been taken to make it harder for people to turn a MS box into a zombie to spread spam.

come on, I'm critical of MS too, but XP SP2 is certainly a big step forward in out of box security, with among other things firewall and autoupdate on as default, settings at better security, etc. AFAIK the tests showing "windows' boxes owned in xx minutes after connection" show no such ownage for SP2 boxes. One such test in a Slashdot story some days ago showed that neither SP2 nor OSX was owned, but the 4 year (?) old XP was (but only the OSX and XP-without-SP2 bit made it into the summary..)

Re:Referrer Log Spammers should be sued too

[Profane+MuthaFucka]

Goddammit moderators, this guy isn't a troll, he posted something that moves the conversation along. It's an INTERESTING point, and I'm glad he asked the question.

Now, to put my two cents in: What bothers me about referral spammers is that I'll have 100 entries with small variations, so my logs are filled with:

abc.viagraslut.com
abd.viagraslut.com
abe.viag raslut.com

and so on. I block the string 'viagra' all the time with a 403, and filter it from my logs. Same goes for other medicines and penis enlargement pills, sexhounds, sextrackers, incest sites, ad nausium.

If you spoof your referrer and put something like that in there, you might get blocked. A good thing to do would be to spoof yourself as www.google.com, which nobody would block.

Re:Referrer Log Spammers should be sued too

[SealBeater]

For all those who are not intimately familiar with cron, how would such
a job be created?

At a guess, echo "cat /usr/local/apache/logs/*referrer* | curl -" > scan
and run scan from a cronjob.

Probably a better way to do it, but it can be done.

SealBeater

Re:Referrer Log Spammers should be sued too

Microsoft figures it's easier to go after spammers, phishers, etc., than it is to plug the holes in IE, MSN and Hotmail to make it harder to do these things.

Didn't AOL and HotMail execs testify before congress that they have indeed sold subscriber lists to spammers in the past?

Re:Referrer Log Spammers should be sued too

[MysteriousPreacher]

I think that guestbook/forum/wiki spam is the most annoying that at the moment.

My site's guestbook was being spammed in to oblivion with referalls from dimattic.com (and a number of links to sites to the umax pay per click sites). I'm in the middle of complaining to their host (Everyone's Internet) to try to stop it.

Luckilly I know enough PHP to be able to add spam protection to my guestbook but judging by the results of a google search for umax guestbook, many others are not so lucky.

My site has a fairly low volume of visitors and I'm finding that I'm getting more hits from the spammers then I am from real visitors. In two days along, there were nearly 60 attempts to spam the guestbook.

Re:Signs?

These are the end times.

REPENT!

No, you fools, don't be taken in!

[sam_handelman]

Don't you realize that every time you say something nice about Microsoft, Bill and Melinda dine on one of those Indian babies they've "saved" from HIV? How to serve man, indeed!

In all seriousness, the spam epidemic is actually caused by a relatively tiny number of people, so it would seem that this is a workable strategy - but the cause will just be taken up by people outside of our jurisdiction (Russians, mostly.)

Re:No, you fools, don't be taken in!

[Anne+Thwacks]

So long as 99% of the spam I get is advertising services supplied from America, Microsoft acting is GOOD News. I am almost tempted to buy a copy of WinXP Euro Edition with missing bits.

However, while WinXP is so insecure that BargainBuddies and istBar can hijack my family's browsers, I shall not switch from FreeBSD, and I shall continue recommending switching to Macs as the only reliable cure for spyware for non-geeks.

Re:No, you fools, don't be taken in!

[FidelCatsro]

This is the point , Gates is throwing Millions to stop these spammers yet what is MS doing to plug the holes that are creating these zombie nets.Sure they are patching , but when the average windows user is running as an Admin with a browser with holes the size of a small country ,disaster is soon to follow .
I have infact (due to these people not having the funds to buy a new computer or the will, familly mainly) installed a rather nice custom debian install on several peoples computers , a bit of tweaking to KDE and it can be incredibly easy to use if all you require is Email , HTML , small time office work .auto mounting CDs and DVDs playing with a single click large button on the desktop .

Re:No, you fools, don't be taken in!

[rpozz]

Unfortunately, it is almost impossible to stop absolutely all zombie nets. Even with a 'secure' OS, there's always going to be some idiot who'll happily type his/her root password into a trojan. The zombie problem really lies with the ISPs cutting them off, not Microsoft.

Re:No, you fools, don't be taken in!

[Timesprout]

You must be new here. According to /. spam is caused by a bazillion compromied windows boxes, not a tiny number of people.

Re:No, you fools, don't be taken in!

[FidelCatsro]

I prefer to see it laying in education . I do agree though that ISPs taking some action is perhaps the best short term soloution , But the only real long term soloution is Educating the masses about some basics .
!: dont run root/admin unless you need to
!: dont buy from spam
!: Dont click yes without reading

Now one of the many reason Unix bases OSs are more secure is that as i see it the average users will have more education in the IT field(before or after , as it will always require some reading) so are less likely to fall for daft emails with attachments or stupid pops ups with "click yes" from odd websites.

Re:No, you fools, don't be taken in!

[jonbryce]

Spam is caused by the people who buy the spammed stuff.

If there was no money in it, they wouldn't bother doing it.

Re:No, you fools, don't be taken in!

[koko775]

It should be pointed out that a power user is much less likely to get hijacked, as one would more than likely use Firefox, firewalls, Windows Update, and a properly configured antivirus program.

Re:No, you fools, don't be taken in!

[blanks]

Im guessing the 600,000 people who have received Vaccines from his foundation wouldn't find that joke too funny. Gates foundation

Re:No, you fools, don't be taken in!

[sam_handelman]

People who've received vaccines, or had a family member in a coma, or lost relatives to ethnic cleansing, etc. never find *anything* funny. At least, not any of my jokes.

So that can't be a consideration, can it?

That said, it was humor by double inversion - the only way a cool, cynical person such as myself can offer praise of any sort to someone for doing something decent. So obviously, you don't think the Gates' foundation deserves acclamation for their humanitarian works.

blanks, why do you hate the poor suffering people of the world *so much*? Bono is gonna kick your ass, man.

Re:No, you fools, don't be taken in!

[Wordsmith]

That's like saying burglary is caused by unlocked doors.

Spam is caused by spammers. The fools who buy the products provide the needed motivation, but ultimately, spam is caused by the guy writing and sending the mail.

Re:No, you fools, don't be taken in!

[Anne+Thwacks]

only real long term soloution is Educating the masses

If thats the only solution, then I can understand the urgency in rearranging the seats on the sun deck of the Titanic.

Have you ever tried educating the masses?

I personally have met users who are barely litterate in English, and have only attended school for three years in their life. However, they can still afford a PC, and believe they can get rich using it. Not only that, they are quite likely to believe that if I tell them "No, Don't buy that, its a scam!" Its because I want to buy it and sell it to whoever they intended to sell it to!

If 25% of Americans are too illiterate to read a childrens story, imagine what its like in 3rd world countries that constitute 75% of the worlds population.

In simple terms - You sir, ARE apart of the problem. and your solution is the least workable on the planet.

Re:No, you fools, don't be taken in!

[Artifakt]

My comatose, vaccinated relative on the Gates foundation board was just ethnicly cleansed, you insensitive clod!

Re:No, you fools, don't be taken in!

[Anne+Thwacks]

A power user will probably use Linux, BSD or a Mac.

The problem is the terminally stupid, and the fact that there are more terminally stupid people in the world than anyone can imagine. In the next ten years, most of them will be Windows users unless we are struck by an asteroid.

Panic now, before its too late...

Re:No, you fools, don't be taken in!

[FidelCatsro]

Have a little more faith ,I do not know what its like in America , however over here all it ussualy requires is sitting down with people and explaining things to them , the vast majority of people will learn if taught in the right way.
In 3rd world countrys its far eassier , as spam is not a problem because the internet is not as wide spread and 99% of the spam is from american companys unless your a nigerian prince that is.
First of all , education is the only real long term soloution, that does not mean that short term soloutions such as securing software , sueing spammers and blocking abusive conections will not help , but it is only short term as it is an arms race and both sides develop more complex evasion and attack techniques.
The only true way to demolish spam is to kill the profit by stoping sales dead.
We do this by persuading people not to buy and to be more carefull .

Re:No, you fools, don't be taken in!

[rramdin]

It's more like saying that burglary is caused by keeping a million dollars behind unlocked doors, and then telling that to the guy on the corner selling gold watches, who then turns around and tells his thief friends that 31% of people keep a million dollars behind unlocked doors in their houses.

Re:No, you fools, don't be taken in!

[miu]

Not only that, they are quite likely to believe that if I tell them "No, Don't buy that, its a scam!" Its because I want to buy it and sell it to whoever they intended to sell it to!

I would think you were joking had I not run into this sort of "crafty peasant" mentality myself. I'm sure some such persons could be educated - but I don't want to waste my time doing so.

Re:No, you fools, don't be taken in!

[rpozz]

The only true way to demolish spam is to kill the profit by stoping sales dead.

That would certainly be the best option. The problem is however, that it probably won't work. There are too many selfish people out there who will happily purchase from spam and not give a shit that they are paying to a company that causes problems for a large amount of other people. They will also have no idea how much spamming can be bought from the profit of one transaction (ie a lot).

That, and the Internet is a very good way for people with any sort of sexual problem to buy a 'solution' for it without the embarassment of going to a shop.

Re:No, you fools, don't be taken in!

[FidelCatsro]

Well an easy soloution would be to have an online shop with a high level of anonimity for the power pills , it works for sex shops and all manners of strange shops alot of people are too embaresed to walk into (*Whistles*) hee.
This is why i would like to see an education program initiated maybe a series of TV comericals in the vain of those anti-drug or condom ads/anti-STD(those did work).Its getting the message out which is important , make it a war cry . I loath to compare this to aids but i do so only in the lightest of comparisons.
We need to make spam and buying from it a taboo in the same-way that unprotected sex is in todays society, or rather during the heyday of the anti-STD comercials (numbers were cut down immensly).
Everyone knows about Aids and the dangerous , but how many people know the problems that spam cause beyond annoyance

Re:No, you fools, don't be taken in!

[Sephiriz]

There's a difference between spamming and finding security flaws. Any email account can receive spam I believe, not just an email account thats checked on Windows XP (which would really make no sense at all, now would it).

Re:No, you fools, don't be taken in!

[koko775]

I disagree. Windows is an excellent web development environment and makes it much easier to install stuff (non-free). As a production environment, carefully setting up Linux server is great, but for fast and dirty development without detailed setup questions, Windows takes the cake. Power Users are typically advanced enough to use each OS for its strengths.

Re:No, you fools, don't be taken in!

[Coneasfast]

your comparison is flawed. the difference is if everyone locked their doors, burglary would still happen, but if nobody replied to spam, them spam would (eventually) stop.

Re:No, you fools, don't be taken in!

There is no such thing as invulnerable software. Anything that becomes as ubiquitous as MS OS is going to be subject to similar problems. MS has put forth a more than reasonable effort to balance security with ease of use.

They have the resources, so...

[Elranzer]

...how long until they use this legal and financial power against their "patent infringments"?

don't-care-about-justice

Indeed.

Legal Juggernaut?

By any measure, 215 lawsuits constitutes a legal juggernaut.

Yet I'm still getting more and more spam as time goes on. These lawsuits might buy Microsoft some goodwill, and they might situate injunctions against spammers who are spamming Microsoft. But what are they doing for the anti-spam movement in general? Not a damned thing.

Re:Legal Juggernaut?

[LighthouseJ]

Why don't we rewind time and tell Microsoft "don't sue spammers/phishers because we just want to see how much spam we'd get" and then compare? The point is that you can't qualitatively determine how successful Microsoft is. If there's one company that has the capital to chase spammers/phishers and one that's in their best interest, it's Microsoft. They're doing more about it than you are so stop being a moron.

Re:Legal Juggernaut?

[Kierthos]

And I'm getting less and less. One e-mail address (my main one) gets almost none. (Although, in all honesty, I have a decent ISP and a damn fine filter.)

The other e-mail, the yahoo one, gets maybe 10 spam e-mails a day. This is the e-mail address I use at any site that says it needs an e-mail address for verification purposes. And it gets 10 a day. This is down from the 40-50 a day I was getting there this time last year.

Kierthos

Re:Legal Juggernaut?

If nothing else it should drive more of them offshore, which will simplify blocking them somewhat.

But what worries me are the long term precidents. Microsoft isn't going to abandon the lawyer's sophist traditions to win their cases. They're, quite understandably, going to go for the jugular. Some of the arguments they make will eventually serve as precident for other courts trying to sort our who owns what across a monsterous web of computer networks. And Microsoft might even be a good cuddly company and not move to exploit the new landscape that rises out of the murky legal waters, but someone will. "So sue me!" might be bold now, but after these cases are legal milestones, tempting Apple like that might be plain stupid. At which point, even though Microsoft did do something of a good deed, we've all lost something very real, if intangible. Something very difficult to get back.

Re:Legal Juggernaut?

i think you mean "quantitatively"

Re:Legal Juggernaut?

One e-mail address (my main one) gets almost none.

If you give it to me, I can fix that.

Re:Legal Juggernaut?

[C0vardeAn0nim0]

it does wonders for the global anti-spam movement.

one of the reasons why spam exists is that it's _cheap_

with hundreds of suits on them the economics of spam turns backwards. it'll become more expensive to the spammers than what's worth.

of course, this is just one aspect. if MS adds decent filters to hotmail, outlook, exchange and such, it'll make even more dificult for spammers to get their way.

filters are simpler to implement without big $$$, but to launch 200+ law suits as a reinforcement on the war against spam... well it takes microsoft.

Re:Lawsuits, the last refuge of the incompetent

[turnstyle]

"It's just SO like Microsoft to go with lawsuits rather than, you know, improving their software."

How exactly would you suggest that they improve their software to prevent spam and phishing?

Sometimes a little stick can be a good thing...

Come off it

[DrXym]

All the big ISPs have been after spammers for quite a while now. I believe that AOL is owed a few million by that bankrupt spammer who featured in another /. story quite recently.

Re:Come off it

Federal and State Law FAILURES.
All those anti-spam laws and not one successful prosecution. Govt. needs to set an example. Given what they spend processing/blocking spam, cost/benefit says they should have made a move well before this.

Re:Come off it

[vidarlo]

Spammers need bandwith for sending out spam. So, what if we slashdot 'em? Just post a link on top of page saying "Get a spammer today". I bet it would be a huge success...

Re:Come off it

[Pig+Hogger]

All the big ISPs have been after spammers for quite a while now.

Absolutely not. UUNET, the LARGEST ISP is a spamhaus and is considered a cesspool in anti-spamming circles and it is therefore thoroughly blacklisted by many antispam blacklists.

Re:Come off it

"So, what if we slashdot 'em?"

Re:Come off it

[jonbryce]

Lycos tried that with their "make love not spam" thing.

Re:Come off it

UUNET, the LARGEST ISP is a spamhaus and is considered a cesspool in anti-spamming circles and it is therefore thoroughly blacklisted by many antispam blacklists.

And blacklisted by personal ones as well. Our family mailserver (serves four) rejects inbound SMTP connections from all uunet IP space that I'm aware of. I'm probably much more forgiving than other blacklists though - I'd remove uunet from my list in an instant if the CEO of uunet sent me a handwritten request.

Lawsuits vs. building a better product?

[Stiletto]

Strange: If any one company out there has the install base to actually do something technical about spam, it's Microsoft, yet they'd rather sue than improve their product.

I'm surprised ISP's aren't filing hundreds of lawsuits. They claim their servers are so overworked by all the spam, but they aren't doing anything effective about it (legally or technically).

Re:Lawsuits vs. building a better product?

If any one company out there has the install base to actually do something technical about spam, it's Microsoft

What is it you suggest they do? This is not a troll - I am sincerely interested in hearing your proposal, as all I can think of would be prohibiting users from sending more than x emails per minute, or blocking email that looks like spam.

I can't accept this as a legitimate function of an OS.

Re:Lawsuits vs. building a better product?

[ozmanjusri]

What is it you suggest they do?

Make their OS secure, so that spammers can't control massive botnets to spam from.

Re:Lawsuits vs. building a better product?

Sure... but let's take XP SP2. How do they get everyone to update to SP2 which solves a great deal of the problems? Suggestions? (Not including mandatory updates which the Slashdot crowd would rip them a new one for too.)

Life's not quite a simple as you make out. (Yes, it is MS's fault for the insecure OS in the first place)

Re:Lawsuits vs. building a better product?

[Matt2k]

Don't run Windows under an administrative context and that wouldn't happen. It'd be the same thing as letting your kids go browsing for a couple hours under root and when you come back you find you have dancing bonzai buddies all over your desktop and some mysterious new daemon called "Keyword search helper"-- and if Linux ever achieves a large desktop share, don't think that those type of programs won't be created.

Re:Lawsuits vs. building a better product?

I'm surprised ISP's aren't filing hundreds of lawsuits. They claim their servers are so overworked by all the spam, but they aren't doing anything effective about it (legally or technically).

They're all slashdot readers, and just sit around whining about it, hoping for a +5 mod. Umm, kinda like you...

Re:Lawsuits vs. building a better product?

[caeled]

Guess you get your news from the cartoons then. Lots of ISP's are doing.

Re:Lawsuits vs. building a better product?

[Tim+C]

How do you propose to prevent me from installing a trojan that covertly turns my PC into a spam zombie?

In other words, how do you intend to stop me from installing something (a porn dialer, screensaver, shareware app, or whatever) that, as well as its legitimate function, makes my PC part of a botnet, without preventing me from installing software at all?

Re:Lawsuits vs. building a better product?

[Eric604]

So you would rather have a secure OS and have those spam basterds conducting another kind of shady business unpunished than have a unsecure OS and a world with less evil?

Re:Lawsuits vs. building a better product?

[dioscaido]

If any one company out there has the install base to actually do something technical about spam, it's Microsoft, yet they'd rather sue than improve their product.

Do you mean they should implement a new SMTP standard on their servers? Break from current standards in the way Outlook handles e-mail? I'm sure the slashdot crowd would just love that! :}

Re:Lawsuits vs. building a better product?

This is precisely correct. Rather than feature-fill their software with stupid auto-activate tools that encourage viruses, and auto-load tools that promote such abusive advertisiing, and wasting their time on amazingly silly patented XML-based header modifications that cannot be used by others such as their SenderID system, they could instead fix the way their mailer software and operating systems cncourage this behavior.

Or they could put some lobbying effort directly into changing the laws. The law in question is US Criminal Code, Section 18, paragraph 2701, the junk fax law. A simple extension of this law to include email would pass the First Amendment challenges the junk fax law already has passed, and would give ISP's and victims of spam the leverage to get the spammer's network feeds and accounts canceled. Of course, it would put a big spike in the sales of junk email software and the Windows systems to run it on, but that seems acceptable given the huge price spam imposes on people.

Re:Lawsuits vs. building a better product?

[jbolden]

If the standard were published and fully documented in a way that was reasonable to implement across mail platforms I'm not sure the /. crowd would have a problem. /. has debated SMTP vs. other systems for a long time and Microsoft would be a good choice for updating the standards.

People don't have Microsoft being involved in standards, rather they dislike Microsoft using standards as a way to sell their products.

Re:Lawsuits vs. building a better product?

yet they'd rather sue than improve their product

They've been taking lessons from Hollywood.

Re:Lawsuits vs. building a better product?

they'd rather sue than improve their product

It turns out that the guys who file lawsuits aren't the guys who write the code. So they can do both!

Re:Lawsuits vs. building a better product?

[tokabola]

Or maybe if they had fewer laweyrs to pay they could afford to hire more coders.

Re:Lawsuits vs. building a better product?

[erroneus]

This is *not* insightful. It's quite the opposite. "Users" don't want to run anything as inconvenient as "user-level" access at home. They want to turn it on and run it. That's the way they get set up. Besides that, the users who are guilty of that sin don't read Slashdot. So whatever measures that should be taken should be taken on behalf of the users instead. For most users, auto-updates from MS is a really good idea as is MS installing anti-spyware tools. Fact is, that's about the only hope that it would work and frankly, even that's not working.

Re:Lawsuits vs. building a better product?

[Dormann]

As Slashdot mentioned earlier, a high percentage of Windows software is designed to only run as root.

I used to preach the same "Don't run as admin" line, but eventualy I had to face the reality that the only other choice is a broken machine. See for yourself how many programs try to modify a file in the "Program Files" directory branch through normal usage.

The only way to run Windows is as a god user. Anything else is expecting the software users to be more responsible then the software designers.

Re:Lawsuits vs. building a better product?

[HiThere]

And how trustworthy they are. We should be ashamed that we distrusted them just because the patented their proposed standard and refused to dedicate the patent.

Sorry. That's NOT an example of MS acting in a socially responsible manner. (You can find examples, but if you search out all the tie-ins the examples are few and far between. And charitable donations of MS software that they take a tax write-off for at list price don't count. And neither do chairitable donations to countries that then immediately conclude a MS contract with lock-in provisions. Not even if the donation is managed by a separate foundation and doesn't consist of software.)

Re:Lawsuits vs. building a better product?

[HiThere]

You may not be able to prevent that, but you could prevent it being installed by accident. Apple showed an excellent way to manage this.

When you restrict the user account so strongly that the users can't perform normal activities, then you must expect the users to log in as administrators. (Worse, my understanding is that by default the machines are set up with only an administrator account.) There is an easy way around this, as Apple clearly showed. (The Apple user base is no more technically sophisticated than the MS one, so it's a fair test.)

Personally I perfer the approach used by Linux systems (blot Lindows...), but I can see good points to the Apple approach.

Re:Lawsuits vs. building a better product?

[emrysk]

Lawsuits are omni-platform.

Re:Lawsuits vs. building a better product?

[omicronish]

I used to preach the same "Don't run as admin" line, but eventualy I had to face the reality that the only other choice is a broken machine. See for yourself how many programs try to modify a file in the "Program Files" directory branch through normal usage.

Yeah, there are a bunch of crappy programs out there that require write access to Program Files, but I've found that treating them as a special case and allowing Users write-access to their directories is sufficient most of the time in letting them run as normal users. So give that a try before you run as Administrator and have write access to the entire system.

FYI, I've been running as a regular User (not even Power User) for a couple years now, and can do everything from homework to games to programming and debugging. I'm not saying I haven't had problems, but when I did they were solvable, either by allowing write access like I said or using something else.

Re:Lawsuits vs. building a better product?

[Matt2k]

That really speaks more to crappy application authors than the underlying operating system, doesn't it.

Running as a non-administrative account is _supposed_ to break the applications that are shitty enough to require it.

None of my 30-some users on the network I maintain run as Administrator, local or otherwise, and they run everything just fine. I run non-administrative at home, too. Works just great for everything I need.

Marginal Return on Investment

[mark99]

Reducing Spam makes people use MS computers (and Exchange) more (as opposed to the alternatives).

- Investing in spam filter technology reduces spam.
- Sueing spammers also reduces spam.

The optimal strategy will be to persue both strategies till they yield the same rate of spam reduction.

And that rate should be determined by whatever they think they earn on spam reduction.

My bet is that someone at MS has done the math.

And it keeps their lawyers sharp, who knows how and when that will come in handy :)

Re:Marginal Return on Investment

[ect5150]

Go ahead and mod me down for Trol or Offtopic, but the economist in me likes to point out the following correction to the parent.

The optimal strategy will be to persue both strategies till they yield the same rate of additional spam reduction per cost in each pursuit.

Otherwise, mod parent up!

Re:Marginal Return on Investment

[Whyte]

If Microsoft is smart, they will use this as an intelligence gathering tool as well.

Once they are found, a big advantage to these lawsuits is the opportunity to actually question these spammers. Under threat of a financially debilitating lawsuit by a powerful company, I'd imagine at least a couple of these spammers will be willing to spill their guts about how they do business and who they learned the trade from.

This is a learned skillset and relatively complicated in terms of number of steps to completion. This kind of intelligence should be a boon for driving security procedures.

Re:Marginal Return on Investment

[cgenman]

Exactly. If people are forced to a different mail system, there is a good chance that it will either be a non-MS system, or at least a battle ground that OE/etc doesn't have as strong a foothold in.

Generally, the thing that seems to be replacing
E-mail is I.M.. You can communicate instantaneously and informally, even if the person is not there. And, unfortunatly for Microsoft the king of IM is AIM, despite their Frick'in required copy of MS Messenger which they should be sent to hell for which pops up every few seconds like it's posessed by a deranged clippy and which you can't get rid of without hacking the system and if you use MS's listed and tenuous uninstall procedure it will just reinstall it's bloody self when you update... Ahem, where was I? Oh yes, people get driven to Instant Messenging services, an area where Microsoft has traditionally not done very well.

I do applaud them for their efforts in stopping SPAM though. We could all definitely use their help in the matter.

Re:Marginal Return on Investment

> spill their guts about how they do business and
> who they learned the trade from.

"where'd ya learn your trade! you studid f***ing c**t, you idiot!"

Re:Marginal Return on Investment

[mark99]

I read something that said that young people esp. in Korea, prefer IM to e-mail.

Having said that, e-mail is an easier medium to deal with a large amount of people. IM is just that, Instant, and if you need to manage
contacts with more than 10 people daily (and I deal with more like 30 a day, in all timezones), IM just doesn't cut it.

Bill

[0x461FAB0BD7D2]

...probably just got tired of getting spam and 419ers in his Hotmail inbox / Outlook Express. So instead of developing better filters, he decided to take them out.

Someone might as well invite BillG to Gmail already.

Re:Bill

[Chess_the_cat]

What good is a filter really? Filters don't prevent the spam from clogging the network. Then you've got to waste cycles analyzing all the mail. And of course there are the problems associated with false positives. Seems to me a better solution is to try to discourage people from sending it in the first place.

Re:Bill

[The+Amazing+Fish+Boy]

To: billg@microsoft.com
From: billg@microsoft.com

Hi,

This is Bill Gates, founder of Microsoft. We're testing a new email system. If you forward this message, you'll get $100 for every person that opens it.

I appreciate your help in testing this new system.

Lovingly,
Bill Gates
CEO Microsoft

Re:Bill

[AndroidCat]

And he probably got tired of all the people asking him for cash for "Send email and Bill Gates will give you money" chain-letter.

Re:Bill

[256byteram]

What good is a filter really? Filters don't prevent the spam from clogging the network.

Spam persists because people read it and respond to it. If you can get people to stop reading, the spam count should start falling. That's the theory at least.

Re:Bill

it does make me wonder why bill has the right to sue spammers. he does not own a network. he only can sue for the spam HE gets in HIS email. i dont want him sueing for the rest of us. first he gets the money from the lawsuit when it is me that is reciving all the spam. seccond he assumes that i want money for the troubles the spammers are causeing me. i can say that spam does not bother me much, and given the chance if i saw something that i wanted in a spam then i would buy it. spammers are in the job of informing you about products you may want but dont know about. same as any other advertiser. i and have no problem with that. the only problem with spam is that there are very few rules and no limit on your range from where you can spam from so the rules that there are can easily be ignored. so this attracts the kinds of business that cant advertise on any other medium. and for the bandwith issues? well i am sure that there is more bandwith spent on bittorrent. but you wont ever hear that bt is wasting our bandwith. microsoft going after spammers is as stupid as sco going after linux users. if you find a spammer that does break the rules and he is in the u.s. (or what ever country has spam laws) get together a class action suit, that way the people "hurt" by spam are the ones profiting. filters are fine you are welcome to stop what ever comes onto YOUR network. but we dont need gates getting rich off of our spam problem.

Re:Bill

[Godwin+O'Hitler]

I activate filters on the remote mail server so at least the final part of the journey is eliminated. I know that doesn't eliminate the spam completely from network traffic but surely it reduces the load. And most important for me, it doesn't eat up MY bandwidth.

Re:Bill

I received spam at my highly unguessable Gmail address even though I never actually used the address or publicized it in any manner. Gmail is not a golden calf. (I created the account to check out Gmail, then logged in a second time several months later and found spam. Sorry, I'll stick with my own personal domain name where I don't receive any spam whatsoever.)

Re:Bill

[khallow]

What good is a filter really?

Cycles and network bandwidth are a lot cheaper than a human's time.

Re:Bill

[imuffin]

Someone might as well invite BillG to Gmail already.

You can't. GMail wont' freaking let me create an account name with less than six letters. ARGGH!

---
watch funny commercials

Re:Bill

[AaronW]

It depends on the filter... I use numerous RBL databases in addition to blocking various countries (i.e. China, Russia, Nigeria, etc.). Just this step alone blocks most spam. In fact, it might be working too well since there's not enough left to effectively run the Bayes filters.

RBL filters consume very little in terms of CPU since it's all basically DNS lookups. It also prevents the spam payload from ever entering the mail server. There's other things I do with Postfix that turns my mail server into a tarpit for spammers. It also makes dictionary attacks of user names impossible while consuming very little bandwidth. Basically it holds onto the connection to the mail server and waits a predetermined amount of time before responding with an error code (i.e. 45 seconds). Note that some RBL filters are better than others, and some block legitimate sites.

Since I run my own mail server and don't know anyone in Russia or China, I can effectively block the entire countries (see blackhole.us).

Re:Bill

[HiThere]

Is that thing still around? Or did you just ressurect it? I notice it still has his old title.

Re:Lawsuits, the last refuge of the incompetent

[DaHat]

In any battle, technology is only a small bit of it. Policy is an area that is far more important than technology in most situations, even when you don't know it. Would you rather they sit on their hands and let the spammers continue to ruin the internet?

I don't see you taking an active step to stop spammers other than maybe a little filtering and deletion here and there.

Re:Signs?

[smr2x]

Can Slashdot ever accept the fact that Microsoft can do some good? I'd be willing to bet that 30% of the comments on this article will be "OMG MICRO$OFT IS GOOD?!". Accept the fact that they really can do good things and shut with the Microsoft bashing.

So what you're saying is...

[The+Amazing+Fish+Boy]

Sure, there will be spammers who think they can evade folks like Kornblum, Spitzer, and Abbott. But for every one of them, there will be others who--when they see what happened to Scott Richter as a result of Gates' resolve--hopefully will realize that spamming and phishing are bad career choices.

So the 'script kiddie spammers' drop out and the smart spammers take over, making even more money. It's supply and demand, and apparently there is demand for SPAM from this small-penised, high-mortgage, porn-searching world.

Re:So what you're saying is...

supply and demand, and apparently there is demand for SPAM from this small-penised, high-mortgage, porn-searching world.

Oi! That is a gross slander upon my person.

My mortgage is not *that* high.

Re:So what you're saying is...

[Tibe]

I would say that it would benifit Microsofts approach. 'Script kiddie' spammers are much harder to target. 'Smart' spammers are fewer and father between and are much easier to build a case against. Their high profits (and high profile) will make them targets for MS lawyers. If anything, I think the demand would cause a rise in supply of 'script kiddie' spamers as they will not be so easily tracked down.

Re:So what you're saying is...

[jimicus]

Funny you say that, I've started responding to so-called spam recently.

I now have a 14" long penis, a £500,000 mortgage (on income of a twentieth of that!), more software than I know what to do with and some very nice pictures of Brintey Spears (well, that's who they said she was, but I'm sure she doesn't spell her name like that...).

I get medicines at exceptionally low prices (though I'm a bit concerned about the side effects I've been having from that the last batch of aspirin), and my printer is unlikely to run out of ink until 2009. Provided it doesn't explode like my last one did when I put those special chinese cartridges in. Damn cheap printers.

Of course, none of this comes cheap. But when a nice man in Nigeria has promised you 25% of $20,000,000, you can afford to splash out now and then...

Re:So what you're saying is...

14" long penis, a £500,000 mortgage... promised you 25% of $20,000,000

Keyrist, what country do you live in? The US or Europe?!?

Re:So what you're saying is...

[PsiPsiStar]

>I now have a 14" long penis

>(though >I'm a bit concerned about the side effects I've been >having from that the last batch of aspirin)


Perhaps there's a connection?

Good Step

[bostonsoxfan]

Well this is a step in the right direction at least make them pay something. Drown them in court costs even if you lose because unlike Microsoft their bankroll is not so massive.

The next step is improving their software and improving the security on their platform. Just keeping regular security updates is good. Hopefully they will continue with their Anti-Spyware tool which isn't bad.

Well it makes sense. . .

[Sialagogue]

If there's one place Microsoft should feel right at home, it's in court. . .

I know it's very hard for some of you people..

[AdityaG]

I know it's very hard for some of you people to get over your silly fanboy-ish attitude, but when MS does something good, why not praise them. Yes, they have bad business practices. Doesn't mean you have have crap on their image every single time.

This is somewhat like P2P. They might not be able to get whomever is joining these spamming companies for work, but it would certainly discourage people from getting jobs in these places. I think just that would prove a significant blow to these places.

My two cents.

Re:I know it's very hard for some of you people..

[26199]

I can't see anything in the article which says that they're going after spammers in general... just spammers or phishers who hit their sites.

That's still a good thing, but it seems to me that all a spammer has to do to be safe is not spam hotmail addresses. And all a phisher has to do is not impersonate Microsoft.

So, on the whole... not a huge win for internet users. A step in the right direction, nothing more.

Re:I know it's very hard for some of you people..

What legal standing would they have to go after spammers who DIDN'T hit their site?

It's a rhetorical question. The answer is 'none'.

That said, MSN and hotmail are both pretty big targets for spammers, I doubt there are many spammer out there who don't hit at least one hotmail address...

Re:Lawsuits, the last refuge of the incompetent

[Flounder]

But, this is /., we have to blame MS for it, regardless if they actually have any responsibility.

Do notice that MS isn't suing virus writers. In fact, didn't they just forgive a huge amount against a virus writer in exchange of community service??

Ha-ha!

"It didn't seem to me like any single company had the stomach to keep after the scum that are ruining the Net for the rest of us. Unless that company is Microsoft."

For your information, the scum that is ruining the Net for the rest of us is... Microsoft!

I'd rather see twice as much spam in my inbox as I'd see Microsoft to continue abusing it's monopolistic powers to break every computer related standard known to man...

Re:Ha-ha!

I think you're slightly wrong here. The issue at hand is at a much lower level than software security or whether Microsoft are a good or bad company.

Plain and simple; it's malice on the part of spammers.

Remove Microsoft, spam would still exist.
Remove spammers, spam would cease to exist.

It's wrong to take your sights of the real target here; spammers. Microsoft are certainly exacerbating the problem, but they're not the root cause, and you cannot deny that they have improved their software recently to counter security compromises, and by going after spammers and phishers via legal channels, they are certainly making an effort on all fronts. While they do have dubious practices, I certainly wouldn't say that they're ruining the net for the rest of us.

Re:Ha-ha!

"I'd rather see twice as much spam in my inbox as I'd see Microsoft to continue abusing it's monopolistic powers to break every computer related standard known to man..."

When there is finanial incentive to suing spammers, MS might go for some. However, as you say, MS isn't entirely losing from increased spam and viruses...they get people to "BUY" quite literally, into their monopolistic solutions to them.

Re:Ha-ha!

[PixelScuba]

You forgot Maddox.

Re:Ha-ha!

[LucBorg]

What the hell is up with you? Since when has M$ ruined the net for us? Are you some spammer who got sued by them?

Re:Ha-ha!

"MS isn't entirely losing from increased spam and viruses...they get people to "BUY" quite literally, into their monopolistic solutions to them."

I'd wager that other companies make much more out of spam and viruses than Microsoft, namely McAfee, Symantec et al, and Lavasoft etc. etc. Microsoft isn't the first name that springs to mind when I want AV or anti-spam software and in that range currently, they only have one product - a beta version of their Anti-Spyware program. So I'm not sure how you could buy into their monopolistic solutions in this respect.

In this case spam and viruses are causing them a problem - not as vendors, but more likely as users.

Re:Signs?

[Flounder]

Accept the fact that they really can do good things and shut with the Microsoft bashing.

But.... what will we talk about then?? Star Wars isn't out yet, and Linus can't release a new kernel every few hours. We NEED MS bashing to keep our over-active/over-worked minds finely-tuned.

Re:Signs?

[kpwoodr]

All joking aside, we have long considered Micro$oft an evil corporation. Sure on the side Bill Gate$ donates a lot of money, mostly to create little Micro$oft $chools that will plaster the logo all over the place and burn it into little growing consumers heads.

With all the evil they have done, is there any way that they could do enough good for the evil to be forgotten, or at least to break even thus making them a "Corporation" not an "Evil Corporation"?

Sure this is a start, but it is done more to protect themselves and their products than it is to better the lives of consumers. Suing spammers is just a way to hopefully get hotmail back to a point where you can actually use it.

Didn't...

[sandstorming]

Didn't Bill Gates vow to rid the world of spam entirely within 2 years at some stage? I am sure I read that somewhere. Can anyone find a link to such a quote?

Re:Didn't...

[The+Amazing+Fish+Boy]

Didn't Bill Gates vow to rid the world of spam entirely within 2 years at some stage? I am sure I read that somewhere. Can anyone find a link to such a quote?

You may be talking about this:

(AP) A spam-free world by 2006? That's what Microsoft Corp. chairman Bill Gates is promising.

"Two years from now, spam will be solved," he told a select group of World Economic Forum participants at this Alpine ski resort....

He's still got time, then.

Re:Didn't...

[sandstorming]

Yep... Because we all know it is sure to happen! **Rolls eyes.

Re:Didn't...

[AndroidCat]

Okay, that's an action item added to the schedule for January 24th, 2006. Current status is outstanding and assigned to BillG, and I've set an alarm with five minutes lead time. It's already been a year, can I mark that task as 50% completed? Yes/No?

Re:Didn't...

[AaronLawrence]

Your project management skills are highly advanced! :)

Re:Didn't...

[AndroidCat]

Shoot, everybody knows that unless you at least get it down on the schedule, assign it to someone and get them to commit to it, it's never going to get done!

0\/\/N3D

[a_greer2005]

Why does no one (big company or university) sue the ISPs that let own3d boxez and zombies connect and stay connected? if the ISPs looked for the zombis and told those users how to be good "netizens", and offered a CD of EASY TO USE removal software, the spam problem would disappear over night, without bots, no one could send 100,000,000 emails per day.

Re:0\/\/N3D

Because they've got the smarts to realise that they would be putting the rock on both sides for the ISP - sued by big corps or universites (and end up bankrupt from court costs) or sued for breach of contract by customers (and bankrupt because they have to pay compensation).

ISP's should try to throttle the supply of spam from people simply as good practise (any chance of simply turning spam filters around to grab outgoing stuff? How good is it now? Will it keep blocking legitimate email?) but that shouldn't leave them open to be sued by people when the blocking fails.

People pay them to carry data from their computer to 'the internet', they should have no liability whatsoever for what that data actually is - it's no more their fault if the data that they carry is generated by some malicious software that's got onto the customers computer than if the data were a customer maliciously emailing people by hand.

However, I do agree that if ISP's find hacked boxes then they should be providing easy-to-use (but not HD-nuking) tools to clean them up (it makes sense for them too as they don't have to pay the backbone providers for the volumes of data that their customers obviously wouldn't have chosen to send).

Ok, maybe they do need legally enforced 'good practise' regulations, but these should be enforced by 'the powers that be' not large businesses or universities grabbing the sue stick on small ISP's who they believe that they can settle out of court with. By 'legally enforced' I mean enforced end of employment for whoever's responsible - people are far more likely to stick to the rules if the thing on the chopping block is their job rather than the company's profits.

Maybe the government firing people from private businesses is somewhat far-fetched, but it would work.

Re:0\/\/N3D

I'm pretty sure most ISPs these days have clauses that allow them to terminate service if you are causing harm to the network, have a worm, etc. It would be pretty dumb not to.

Re:0\/\/N3D

[tokabola]

SBC will cut you off if you're infected. I used to work a store that sells software and once had a guy come in for Anti-Virus. He was all pissed off because SBC cut him off. They had given him a five day warning but "he was to busy" to fix his box.

He couln't understand why it mattered to SBC if he was infected or not. Most people (/. users are the obvious exception) have no clue what viruses do. They have no idea that their computer can be pwned and turned into a spambot. They think all viruses are written by mal-adjusted teenagers who are only out to vandalize the e-world, not by people with an actual profit motive.

After I explained how his computer was now sending massive amounts of spam he started to realise why SBC cut him off, and why it was important for him to use AV. He had thought he was only hurting himself and had no idea that he was hurting everyone.

I largely blame MS (and also Apple to a lesser extent) for this. They have convinced people that computers are easy to use and you don't actually need to know what you are doing. That has helped them sell computers to all the l-users and those are the people who allow themselves to get infected, simply because of what they don't know (and have been told they don't need to know). At least Apple has a better default security policy (although my Mom's mac came with the main account (a root account) set to auto login with no password, and not much of an obvious warning that that wasn't such a good idea. There was a warning in the help files, but who reads those unless they have a problem?)

Tommy

Re:0\/\/N3D

[king-manic]

Why does no one (big company or university) sue the ISPs that let own3d boxez and zombies connect and stay connected? if the ISPs looked for the zombis and told those users how to be good "netizens", and offered a CD of EASY TO USE removal software, the spam problem would disappear over night, without bots, no one could send 100,000,000 emails per day.

ISP's aren't responsible for the content. Their sort of like common couriers.

Re:0\/\/N3D

[fluffy99]

Exactly. ISPs are trying very hard to distance themselves from the content they carry. They do not want to assume or admit any responsibility for the content they carry. Otherwise, they can be sued for allowing illegal content.

If the ISPs start monitoring traffic to identify owned boxes, they open themselves to lawsuits. Individuals would sue if the ISP didn't notice their box had been hacked. The govt would start demanding they filter to determine who is downloading child prn.

ISPs are starting to provide tools to the end users to protect themselves, but I think more needs to be done at the carrier level. I think commonly abused network ports should be blocked. No-one in their right might should be running exposed netbios or NFS ports for example. I don't think this would qualify as content filtering, but just limiting the service provided. Some cable-modem providers block inbound port-80 to enforce their eula which bans setting up servers, but they don't block netbios!

Re:0\/\/N3D

my Mom's mac came with the main account (a root account) set to auto login with no password, and not much of an obvious warning that that wasn't such a good idea.

Unlikely, unless she bought it off of ebay.

Usually, you get an "admin" account, which is not root. That is, it can't modify any systemwide preferences. The root account under OS X shold be disabled.

As for auto-logiin...exploiting that requires physical access to the machine. I'm guessing your Mom keeps her computer in a locked house?

Re:0\/\/N3D

[stry_cat]

b/c it isn't the ISP's problem. Their customers have paid for Internet access and they're providing it. You need to place blame where it really belongs, the spammers. They have illegally hacked the boxes. They are illegally sending spam.

Going after anyone else is like going after the murder victem's family for letting the victem's corpse litter the street.

Sue-happy much?

Referer log spam is a scourge, but as best as I can tell, it doesn't violate any laws.

Re:Lawsuits, the last refuge of the incompetent

[WolfWithoutAClause]

Actually, Microsoft tied up the technology to implement cryptographically signed email headers in patents, so that others; noteably open source email servers, couldn't use it.

That means that spammers have continued to be able to fake the headers out, and it makes it harder to filter off the spam (particularly on the send side of email- in other words, stopping spam enter the internet in the first place).

So, Microsoft have taken the decision to fund lawyers, rather than fund technology that is likely to massively reduce spam; Microsoft have sided with a bunch of lawyers.

Re:Lawsuits, the last refuge of the incompetent

Moron.

MS did try to improve the email-scape with their SPF, but this failed because of people like you who had to look a gift horse in the mouth. Now they go out and sue people on your behalf and you diss them for it.

Re:Signs?

"Linus can't release a new kernel every few hours"

Sounds like a wager to me.

-Linus.

Filing is BS

if they are not served.

Here's to a Spam free world.

[Puchku]

While it may be de rigueur here on /. to bash Microsoft, sometimes one has to put the tinfoil hat away and commend them for doing something good. Sure, you can pull out some commercial motive behind this act, but hey, so what? When they annouce their fantastic new anti spam OS, we can bash them here, but if these lawsuits do help in reducing Spam, then hooray for MS! Apropos, I remember reading that billg@microsoft.com gets one million messages every day, 98% of which is Spam. I suppose he just got plain old PISSED OFF!!

Re:Here's to a Spam free world.

[neosar82]

Must suck to have to deal with 20,000 legitimate e-mails every day ;)

Re:Signs?

[MisanthropicProgram]

I'm just wondering why there's been so many MS-fighting-spam stories. Has there been such a dramatic decrease in technology stories that this has to be mentioned everyday now?

Re:Lawsuits, the last refuge of the incompetent

[bhalo05]

Preventing zombie machines, maybe?

Re:Signs?

[CSMastermind]

What can we talk about? Oh crazy things like the state of world politics, the cure for AIDS, and the way to make an AI that's truly able to think, et al.

Its an obvious ploy...

[JustNiz]

If they become the unofficial police of the internet, they will be first in line to be the official ones, when government (with a little help from microsoft) decides that such a body should exist.

Spamming with anti-spam

I think it's meant to be a form of irony.

Now I feel really bad

This makes me so sad that I've been running FreeBSD, Linux, and various Solaris versions instead of paying Microsoft outrageous sums of money all these years so they can us it to go after SPAMMERS. Of the shame of it all........

Let's get this straight

Open Source servers don't implement crypto-signed email headers, so spammers continue to use those servers to send spam.

And you manage to blame this Open Source failure on Microsoft?

I didn't know the /. culture was that anti-MS.

Re:Let's get this straight

[WolfWithoutAClause]

Open Source servers don't implement crypto-signed email headers, so spammers continue to use those servers to send spam.

The IETF standard for crypto-signed email headers was substantially derailed by Microsoft not wanting to 'play nicely' with the extremely large proportion of the email servers out there that run on open source.

So, Microsoft imposed licensing requirements that the open source community couldn't meet. Yeah, to that extent, I blame Microsoft. That's not an Open Source failure, it's a deliberate licensing decision by Microsoft to write the license that way; even after it was clear what the effect would be- ultimately to help spammers.

MSN "new update available" spam.

[todu]

It is good that those annoying spammers and immoral phishers are getting some negative consequences for their misbehaviour. However, it would be in the same spirit for Micro$oft to stop annoying me with their "There is a new MSN update available" spam. When I click on the popup spam, I get an option "to not receive this update message for a week." But there is no option to turn it off permanently. Very annoying.

Re:MSN "new update available" spam.

[iONiUM]

God you people piss me off. First, and foremost, everyone always claims in the battle as to whether an XP machine is secure on the net or not that the pivotal factor is updates. Windows sucks unless you get the updates, and you see all over /. people saying sysadmins should tell users to update, to stay updated.

So they come out with a solution, autoupdating, and programs telling you to update. And now you bitch and moan about the updates? They got rid of "never remind me again" for idiots who will just click it to get it to shut up. Granted MSN isn't probably all that important to be updated, but what if this was a major security patch? Stop being so hypocritical.

Re:MSN "new update available" spam.

try trillian. it's free, 100% MSN/Yahoo compatible and doesnt spam

That's what I get for not..

[MisanthropicProgram]

taking enough literature classes years ago when I was in College!

Just wondering...

[bredk]

What evil purpose is behind the M$-scene?

Re:Lawsuits, the last refuge of the incompetent

[caeled]

there is a way... they could prevent stupid people (who think spam and phishing) have the slightest to do with Microsoft software and more to do with personal stupidity from being able to log on.

Re:Signs?

You can give away all your money to charity, you can help system administrators cross the street and you can do all sorts of good things. But if you continue to kill small children or brake open standards, you will continue to be evil.

So..

[Turn-X+Alphonse]

They sue spammer, they win, they get awarded money.

Yea Bills in this to improve the net like he sent money to the AIDs victims because he wanted to help. It's called PR people, I suggest you think about it.

Re:So..

[Yaotzin]

But nonetheless, whatever his intentions may be it helps. Right?

Re:So..

[Utopia]

Usually the damages awarded are beyond the paying capacity of the spammers and phishers.
Microsoft will never see any money from this Scum bags.
With the legal costs involved Microsoft is losing money.
And leave it to some people to term all good actions as PR moves.

Re:So..

"Swedish fish are the Devil's candy!"

Are you talking about surströmming?

Re:So..

sent money to the AIDs victims because he wanted to help

And how much money as Turn-X sent to help out AIDS victims? Well beyond some $500 raised at a bake sale (or gay themed fashion show).

Re:So..

So Bill Gates gave 28.8 billion dollars -- see link at http://www.gatesfoundation.org/AboutUs/ -- for a bit of cheap publicity and PR?

That's a charitable donation to be applauded, regardless of your opinion of Microsoft's policies. But then again, mindless vehemence and flaming is so much easier, isn't it?

Re:So..

[Afty0r]

I don't know how the tax system in the US works, but at least in the UK if you have some "bad debtors" who owe you money but do not pay up, you can claim this back from your corporation tax at the end of a year.

So, essentially, tax payers end up footing the bill - but this isn't a bad thing, it helps to keep companies solvent who might otherwise go under through no fault of their own, and as long as the debts are legitimate (and the size of them realistic) it's not great burden on the taxpayer.

So... all the slashbots celebrating how massive the fines were supposed to be (5k per item?) may now suddenly be wondering if it was set at5k per item so MS and other lawyer-heavy organisations could go out there get enormous tax cuts, at the cost of having a few lawyers issue procedings against some spammers who probably don't even show in court.

Re:So..

[dont_think_twice]

And leave it to some people to term all good actions as PR moves.

Microsoft is a public company. As such, they are liable to be sued by their shareholders if they are not maximizing shareholder value. In other words, Microsoft can not legally take "good actions" unless it is in the financial interests of the company and it's shareholders. In this case, the financial interest is probably mostly due to the PR value of the action.

Of course, this isn't Microsoft's fault. It is the way our corporate laws are set up. But it still makes you wrong.

Finally!

[pmontra]

It looks like a way of benefitting customers with some of the money they gain thanks to their unlegal OS monopoly.

It's probably the first good thing they did since they started the company and sincerely wish them to succeed. However I bet that it will require a years-long legal campaign.

Re:Finally!

Well, you're assuming this is altrustic. It's not. They are only suing spammers that send mail to HotMail/MSN. Their goal is not to stop spam, but to encourage spammers to target other mail hosting companies -- like Google.

Where's Redhat?

[BenJeremy]

Where are the supposed "good guys"?

I realize the OSS community is doing things with their software to try and defeat spammers and phishers, but let's face it, legal action is the only real course of action to stop these guys (or at least whittle down their numbers).

Phishers and spammers will always find ways around filters, no matter what intelligence is brought to bear with new algorithms. New mail protocols would help, but we are hopelessly mired in a standard that will take a miracle to topple at this point (perhaps some new multi-media e-mail standard?). People won't buy into an e-mail system other than SMTP/POP unless it brings something significant to the table, and is as simple and easy to use.

The OSS community has for-profit companies out there... why aren't they flexing their muscle to help stop these scammers? Microsoft is at least doing something... and it demonstrates exactly what a big corporation like that can do when that lkind of capital is directed at doing something worthwhile.

I think in the fervor to attack the supposed "evil monolith" people here tag as "Micro$oft", they forget exactly how much Gates, his company, and his employees donate to good causes around the world.

Re:Where's Redhat?

[daeley]

legal action is the only real course of action to stop these guys

I don't know, attacking them with pointy sticks seems reasonable to me, and much less expensive and time consuming than legal efforts.

Re:Where's Redhat?

[Archimboldo]

I don't know, attacking them with pointy sticks seems reasonable to me, and much less expensive and time consuming than legal efforts.

Mutilation is better yet.

It could be done with half-sharp sticks if you insist.

The best way to get rid of spam is...

1. Change your email address.

2. Never give it away except to established websites (Amazon, etc) that require it and to friends/family.

I abandoned my old college 20-spam-a-day email address after graduating. Since switching and then following these two policies, I have received only 1 spam message in the past 7 months.

Re:The best way to get rid of spam is...

[Yaotzin]

I don't type my e-mail everwhere which does some good but I make use of SpamAssassin and some potent spam filters aswell. Works great for me.

Re:The best way to get rid of spam is...

That's total B.S.

I've tried opening several email accounts like that and never give them out to anyone (with my ISP, gmail, hotmail, yahoo, ...) and every single time I still had lots of spam - and no, the email wasn't anything easy to guess or anything. The hotmail one was the funniest case. I'd log into it every week and have over 300 spam emails to delete every single time.

So, no, that clearly doesn't work.

Re:The best way to get rid of spam is...

[evilmousse]

experience has helped me refine this attack on getting spam--here is my comprehensive attack:

1. use two email addresses, one private/friendonly/yourbank/etc and one public email you EXPECT to get spam on. maybe one more for special circumstances like putting an email on your resume on a jobsite.
2. for ALL the above emails, use some kind of forwarding service to send each to another address, which you NEVER use. whether accomplished through aliases or autoforwarding or whatever, make sure your mail is sent from the forwarder's address and not the back-end one. i have my own domain's email autoforwarded to gmail by zoneedit.com for instance.

via this extra layer, you can smoothly and relatively transition either your publicly available address without changing the back-end (ie, switch what your public spamdump addy is and start that fresh again), or vice versa (i got tired of hotmail and jumped to gmail without having to sweat it's lack of forwarding options)

Re:The best way to get rid of spam is...

[fleener]

When I share my address with established, "respectable" web sites, they spam me. It seems that if I buy something from a store, the store feels it can spam me whenever it wants. Sometimes "respectable" corporations (car manufacturers, movie companies, etc.) buy my address from another "respectable" corporation and then spam me.

I've learned to NEVER give any dot-com my permanent address no matter how much I trust them or how much stuff I'm buying from them.

1) Get your own domain name.
2) Use three addresses - one for business, one for friends and one for listservs.
3) Set up a forwarding address for blogs and web retailers.
4) When the first spam arrives, delete the forwarding address or the listserv address and create a new one.
5) Put a comment form on your web site. Anyone who has your defunct forwarding address can visit your web site to track you down. Anyone looking for you on a listserv can grab your new address from a recent posting.
6) Accept that you'll still receive some worm e-mails from infected fools. Thankfully, these are easily deleted by a filter.
This system has worked for me for four years. I don't use a spam filter. I only need anti-virus software to detect and delete worms as they arrive.

Re:Lawsuits, the last refuge of the incompetent

[FidelCatsro]

no argument its a good start , however it would be nice if they would

1: make sure active X is patched to make it far more secure.(killing it would be nice , but wont hapen for a while due to a hell of alot of websites using controlls)
2: make sure each user knows that they should not be running as an admin all the time and allow them an easy way to become and admin for installs etc
3: a large list of phising techniques and how they spoof browsers is easily avaliable and could be use to create a few fixes (all browser makers should do this). ..
In my mind the only way to stop spam properly is education , people need to learn to not accept it and not to buy from it .couples this with some basic computer security knowlidge(dont open LOVEYOU.jpg.VIRUS.WORM) and i assure you it would reduce spam far more in one year than 10 years of legal action

Re:Signs?

...Bill Gate$ donates a lot of money, mostly to create little Micro$oft $chools...

Dude, how old are you? About 12 or 13? Just curious.

Re:Lawsuits, the last refuge of the incompetent

[airjrdn]

They're damned if they do, and damned if they don't.

If they sued them, people would yell David and Goliath. If they let them go, people say they're not helping the community.

This is /. where no Microsoft action (good or bad) goes unpunished.

Interesting link

I didn't know that the Pope had named a secret cardinal.

My guess is the he is Chinese and, knowing the history of John Paul II, it would make a lot of sense to have a Chinese cardinal elected as the Pope.

John Paul II brought down the Communism in Europe, this guy will bring down Communism in Asia.

Re:Interesting link

[The+Ultimate+Fartkno]

Troll? It might be off-topic but wtf were you thinking, mod? Did you even read the link? Try +1 Informative, you simpleton.

Re:Interesting link

Chinese?

You're ignorant. I'd bet my first-born against yours that the next pontiff will be a Russian. JP2 has been trying to mend ties with the Greek Orthodox church for decades; unification would be a great boon for Christianity.

Microsoft is doing what it does best!

[smileaf]

At least we could say that Microsoft is doing what they do best for the good of all :) Funny how what we'd normally consider bad suddenly turns for the good.

Re:Signs?

[Zedrick]

But.... what will we talk about then?? Star Wars isn't out yet, and Linus can't release a new kernel every few hours.

How about the latest Gentoo install disk?

Spam is never going to stop ...

[Get+Behind+the+Mule]

... as long as spammers believe that there is money to be made by spamming. And that means that spamming will continue as long as email is so cheap to send and as long as there are sufficiently many dimwits who respond to spam. And there doesn't have to be very many such dimwits. You can sue as many spammers as you like; as long as there is money to be made, new spammers will appear in their place. The only irreplaceable part of the equation is the low cost of email compared to the money to be made even from a very low response rate.

I don't know what the typical response rates for spam are, but even if one in a thousand or ten thousand recipients is an idiot who answers the spam and sends money, or even one in a million, then it's worth it to spam, because the cost of sending a thousand or ten thousand or even a million emails is nearly nothing. At any rate, it can easily be much less than what spammers charge for their product.

One conceivable alternative is to make it more expensive to send email. If there were some way to establish "postage" for email, then even infintesimal costs for sending email, say 1/100th of a cent per email, would probably be effective, because then spammers would lose money by sending a million spams. But I can't see how such a system could be enforced, and I doubt that most people would go along with it, even if the costs for normal email use is very low.

I also doubt that any amount of education or cajoling could reduce that rate of idiots in the general public to less than one in a thousand, certainly not less than one in a million. Putting all these thoughts together, I come to the depressing conclusion that we will never, ever be able to make spam go away, no matter what we do.

Re:Spam is never going to stop ...

[McDutchie]

Putting all these thoughts together, I come to the depressing conclusion that we will never, ever be able to make spam go away, no matter what we do.

True enough, but that doesn't mean that taking out spammers by legal means is useless. It does somewhat limit the problem, and is one of many kinds of defenses against spam. All of them combined will hopefully keep our e-mail usable./p

Re:Please..

I don't know about the rest of you

Umm, kinda out of touch with the rest of the world, are we?

but spam doesn't trouble me in the slightest.

LMAO! Dude, you're brilliant! Back to your cave now...

Juggernaut?

[Seumas]

By any measure, 215 lawsuits constitutes a legal juggernaut.

I guess you've never heard of a little group known as the RIAA.

Re:In other news

[Derkec]

It's not even a competition. Microsoft has filed 215 lawsuits over a couple years. The music industry is holding steady at something like 700 a month.

That said, MS is targetting corporations who might try to defend themselves. The Music industry is targetting grandma.

Re:Lawsuits, the last refuge of the incompetent

Yeah sure. I like then doing this, but I still don't like them.
A bit like Bush: good thing the asshole took care of the asshole Saddam.

Your new here right?

Or are you brown nosing again?

Simple logic, spammers use zombied machines to hide their tracks and spew millions of copies of garbage on the internet.

Thus, if Windows wasn't so exploitable and innocents duped, the spammers could be tracked and those ISP's responsible shut off from contacting the internet.

Make sense moron?

Re:Your new here right?

[jacksonj04]

How to Make Things Slightly Better(tm) for Windows users:

1. RTFM.
2. RTFM Again.
3. Read that dialog box.
4. Click 'Windows Update'.
5. RTFM for Windows Update.
6. Click 'Install Updates'.
7. Rinse, Repeat.

Although with a bit of luck, step 7 will be unnecessary because Windows Update will start automating itself. It's really very clever, and does a lot for patching aforementioned holes.

There's still one problem. People don't RTFM. And until they RTFM, you're definately not going to get them onto a different OS (Except possibly a Mac). Microsoft is doing a hell of a lot to make things easy to use and still trying to secure things.

Don't forget, many of the original programmers for Windows may have moved departments, so the current devs are trying to patch old code they don't know what was doing in the first place.

Longhorn *should* (key word) be an improvement since it's a major rewrite, so wait and see. In the meantime, teach people to use updates instead of going "Windows sucks, use Linux it rox!" and walking into the sunset with your nose in the air for being 'technically superior' and leaving someone going "WTF is Linux? The hell with it, instead of spending 3 seconds Googling I'll use this nice toolbar to look for pr0n".

in case it's lost on anyone

[sacrilicious]

It didn't seem to me like any single company had the stomach to keep after the scum that are ruining the Net for the rest of us. Unless that company is Microsoft.

Oh the irony.

Re:Lawsuits, the last refuge of the incompetent

[penix1]

"3: a large list of phising techniques and how they spoof browsers is easily avaliable and could be use to create a few fixes (all browser makers should do this). .."

A better way would be to turn OFF HTML in email by default. Most of the phishing scams as well as spams I have recieved have goofy lines of trash text to fool the spam checkers. I always thought it was stupid to use HTML email anyway.

B.

Re:Lawsuits, the last refuge of the incompetent

[geohump]

How exactly would you suggest that they improve their software to prevent spam and phishing?"

Easy:

Build a PGP based site identity verification infrastructure deployed in the DNS distributed style with trusted root servers.

Add an automatic PGP site identity verifaction to web browsing (IE) and email (Outlook,Exchange) which uses that infrastructure.

Make all the IP needed to implement same F/OSS and pay for the hardware and web connections of the root servers, which would be serving mostly tier 1 and 2 internet carriers. MS could even use the existing DNS and PGP code bases.

Improve the security of MS-Win software so that its at least as difficult to zombie a Win system as it is a Linux system.

Ahem, for those who think that Win systems are zombied more frequently simply because there are more of them, please do some googling and look at all the articles describing how Microsoft's design decisions are the actual reasons why MS systems are the chief virii carriers and propagators on the net.

Here is one:

http://linuxmafia.com/~rick/faq/index.php?page=vir us#virus4/

And an excellent overview of the design/architectural differences beween OSes is here:

http://www.faqs.org/docs/artu/ch03s02.html

Re:Lawsuits, the last refuge of the incompetent

[Antique+Geekmeister]

First, I'd make the actual email headers more available and legible, to see if email is from where it claims. Second, I'd implement SPF by default on all Microsoft DNS servers, mail servers, and the clients. (Note, I mean SPF, not the SenderID software that Microsoft tried to turn it into and broke badly.) Third, I'd discourage the sending of HTML email by making it no longer a default in all Microsoft mail clients. TXT should be the default, not HTML, it's too easy to hide cruft and phishing based links in the email. Fourth, I'd fix all those stupid mail client that auto-diaplay URL-looking words in email as clickable links, since their common use is part of how many phishers work their schemes. Fifth, I'd simplify the auto-clicking and wackiness and web browser hiding-of-what-you-typed that allows Internet Explorer to hide the first part of the actual URL, leaving only the last part displayed and looking like what the phisher wants it to look like.

Shall I go on?

And remember, Microsoft is not just a software company. They run a quite large set of email services at hotmail.com and msn.com, and they need to protect themselves from incoming spam, and they need to protect themselves from outgoing spam forged to look like it's from those domains, as it so often is, lest people say "block all email from those domains". In fact, I find that blocking all email from hotmail.com and msn.com and aol.com helps cut quite a bit of email that I don't want, from spammers and clueless people who mistype my name.

Good

[dmarx]

I'm glad to see that somebody is going after these theives. Now, if only law enforcement agencies would press criminal charges against them, and help ordinary people out the way they do for corporations, we'd be all set.

Re:Good

[Tesla+Tank]

Now, if only law enforcement agencies would press criminal charges against them, and help ordinary people out the way they do for corporations, we'd be all set.

Hmm... when people were charged criminally with copyright infringement, slashdotters (rightly) argued that the sentence doesn't fit the crime. Now that we are talking about spammers, it has suddenly changed? I know spams are annoying and all, but it should not be a criminal offense. You can't pick your principle on each individual issue. Punishment should fit the crime, period.

Re:Good

[dmarx]

I can't speak for every slashdotter, but I was thinking of phishers in this post. These people cheat others out of their life savings. Copyright infringers, on the other hand, make some exec buy the $20,000 yacht instead of the $25,000 one. Phishers are deserving of a more severe punishment.

Re:Lawsuits, the last refuge of the incompetent

[dodobh]

1> Load a _secure_ version of Windows. No RPC, no running services, default firewall with both inbound and outbound traffic blocked, proper ACLs applied to the filesystem.

2> Disable HTML email completely. Remove the ability to send/recieve HTML email from Outlook and Outlook Express.

3> Secure IE and make it standards complaint. Securing IE includes removing ActiveX.

Do this in the next SP for Win2K and XP as well.

That will remove a lot of the holes exploited by spammers to get zombies from which to spam/phish.

If they really want to ratchet up things...

There's a large Utah-based law firm that is about to be very underemployed. Perhaps Microsoft should just hire them directly instead of using SCO as a proxy? 8-)

In Russia, fight spam the Russian way

[derkaas]

In all seriousness, the spam epidemic is actually caused by a relatively tiny number of people, so it would seem that this is a workable strategy - but the cause will just be taken up by people outside of our jurisdiction (Russians, mostly.)

Surely Microsoft has the resources to enlist the (admittedly unscrupulous) help of the Russia mafia in the solution of this problem.

Re:Lawsuits, the last refuge of the incompetent

[Antique+Geekmeister]

Excuse me, but what in the hell are you talking about? Are you perchance referring to their SenderID system? If so, you need to head over to spf.pobox.com and read the archives on what happened there. SenderID was not a solution to spam and forgers, it was a poorly implemented layer on top of SPF to block joe jobs, forgery of MAIL FROM addresses. This is not the header: it's not even in the header people normally see, it's the email address the bounces go to and is useful for tracking forgeries. Given the trivial ease of purchasing SenderID keys from Microsoft and their lack of association with an actual From: header line, and the ease of breaking into many thousands of zombied Windows machines worldwide and sending spam from them now, it's a trivial matter to simply steal SenderID keys from small corporate Windows servers. The SenderID key only proves that the IP address sending the email is authorized to use that "MAIL FROM" line, not the "From:" line which is entirely different. Now, if Microsoft wants to get out of the way of real SPF and encourage its corporate clients to use the DNS TXT record authorization of "MAIL FROM" senders that SPF actually uses, then that would be a very helpful step in blocking a lot of the current phishers. Email from "mybank.com" could be checked against what the DNS for "mybank.com" claims, which is considerably tougher to steal, and mail filter software could even compare the "MAIL FROM" information against the "From:" line to get some additional spam or fraud testing information.

Re:Lawsuits, the last refuge of the incompetent

[AaronLawrence]

ActiveX is insecure by design. They have done about all they can do, without remaking it in a different language (like Java) with a real security model.

Perhaps I should consult my lawyer...

[BitwizeGHC]

Mr. Irving R. POINTYSTICK!!!

i would like to nominate...

so i would like to nominate microsoft for most litigious organisation. along with sco and church of scientology.

The people with the filters don't buy the spam.

[khasim]

Spam persists because people read it and respond to it. If you can get people to stop reading, the spam count should start falling. That's the theory at least.

But the people most likely to use filters are also the people least likely to buy from spam ads.

So unless the ISP's start filtering, nothing will stop the spam from getting to the people who will buy from it.

Re:Lawsuits, the last refuge of the incompetent

[Tim+C]

for those who think that Win systems are zombied more frequently simply because there are more of them

Any OS can be zombied if it allows users to

a) install software
b) run software
c) run software that communicates on the network

It happens to Windows more frequently because

a) it's less secure (that's getting better)
b) there are more users, and hence more users who don't know better than to run untrusted code
c) due to a) and b) there are more people writing malware for it
d) users of other OSes, on the whole, are less likely to fall for trojans and social engineering (as it requires effort and reasonably advanced knowledge of computers to even be using an other OS)

Re:Lawsuits, the last refuge of the incompetent

[badriram]

1. Yess they did lock down ActiveX in SP2. And it seems to be doing a much better job.

\ 2. Yes/No/Maybe. Longhorn has lesat priviledge thing, but i dont think that iwlll happen in XP. Although technically possible, it is too much effort to convert everyone.

3. Training does not solve this issue, people trust email, and the web way to much. If training solved these problems, we still would not most of the mass mailing viruses still. Technology solutions are the best way to go, and sadly we have to wait until longhorn for regular people. Tech people i am sure can be smart enough to create a user account, and use runas if they need apecial priviledges.

Microsoft: our white knight

[base_chakra]

Suing spammers is just a way to hopefully get hotmail back to a point where you can actually use it.

More like, they'll jump at the chance to appear to be a champion of the people (you know... users), and to offload the evil factor somewhat onto another entity.

Re:Uh...

[thinkliberty]

Use this php code on your website ;)

?php if(strstr($HTTP_USER_AGENT,"MSIE")) { ?> echo "Your Web Browser Is junk download firefox free at: http://www.mozilla.org/products/firefox/";

More interesting for them

[houghi]

1. To the general public it looks as if they are solving the issue, where we know here that most spam is send by proxy on Wintendo machines.
2. By solving it this way they do not have to solve the technical unsafety.
3. If they win they make money out of the spammers.

Now if I were Microsoft, I would just start suing everybody. As long as you see that the case will be more expensive then what they can afford, people will settle out of court. Where you took Joe "the bonecracker" Seipacchetti to meetings to 'convince' people of the advantages of insurence, you now just take a lawer with you, take their money and don't even bother about delivering anything.

As long as 'suing till they are broke' is possible, I fail to see justice. Sorry. No matter how much I hate spam, I hate justice by money even more.

Finally a use for all their lawyers on retainer !

[denis-The-menace]

I don't know for you but for some reason
MS suing the spammers reminds me of
that MS vs. the Borg skit.

Difference it that I don't know if I should cheer for either side. (both are still evil)

You believe that this will work.

[khasim]

Where are the supposed "good guys"?

Working on systems that cannot be cracked so easily and fighting to ensure that any standards remain free from proprietary restraints.

Why do you ask?

I realize the OSS community is doing things with their software to try and defeat spammers and phishers, but let's face it, legal action is the only real course of action to stop these guys (or at least whittle down their numbers).

Okkkaaaaayyyyyy.... Do you have ANY evidence that such has resulted in ANY reduction of spam?

From what I've seen, spam levels haven't dropped at all.

So why do you believe that this approach is effective?

The OSS community has for-profit companies out there... why aren't they flexing their muscle to help stop these scammers?

How many cracked Linux boxes do you think the spammers use? None? Well, it would seem that the OSS community is dealing with the problem at the technological root.

Microsoft is at least doing something... and it demonstrates exactly what a big corporation like that can do when that lkind of capital is directed at doing something worthwhile.

Again you go with your ASSUMPTION that lawsuits will result in less spam.

That's the THIRD time you've hit that ASSUMPTION yet you have not provided any EVIDENCE that supports it.

I think in the fervor to attack the supposed "evil monolith" people here tag as "Micro$oft", they forget exactly how much Gates, his company, and his employees donate to good causes around the world.

Why do you Microsofties hang out here?

If the best you can do is, "Bill does some good things with the money he made from illegally leveraging his monopoly", then you've lost from the beginning.

When you're worth $50Billion, it's easy to put a few million on some pet causes. And the gullible hero-worshipers will eat it up.

Yay! Bill is taking some spammers to COURT!

But Bill is NOT working with the Open Source community to implement PATENT-FREE systems to improve email.

And THAT is the deciding factor. Bill makes a LOT of money from illegally leveraging the desktop monopoly.

Bill sells a LOT of crap software that is completely insecure by default (and makes a LOT of money from it).

But you think that other people don't understand because they still dislike him even though he is willing to take a tiny percentage of his money to do some nice things (as long as those nice things in no way, shape or form could ever harm his illegally leveraged monopoly).

So, would YOU feel sorry for those spammers if THEY were giving hundreds of thousands of dollars to fight hunger or disease?

Would you support their continued spamming efforts?

If you say "no", then you're a hypocrite.

Well done

[EvilNutSack]

I can't bring myself to cheer wildly for Microsoft but I can do a muted golf-clap.

*clap*
*clap*
*clap*

You're confusing the incentive with the tech.

[khasim]

Robbing banks is VERY lucrative.

Yet your corner bank isn't robbed every day (or week or month or year).

There might be strong incentive to send spam and make lots of money, but the spam still has to go out on technological avenues. All you have to do is to identify those and limit their effectiveness.

#1. Zombies.

#2. Open Relays.

#3. Individual email accounts (30 day AOL free!)

#4. Sites owned by the spammer.

If you look at it that way, you'll see why MULTIPLE measures are needed. What will work against zombies will NOT work against Individual email accounts.

If you deal with the tech, then the incentive won't matter because there won't be any way to implement it.

Since this is about Microsoft's involvment, I'll focus on what they could do.

#1. Zombies. Microsoft announces a partnership with the ISP's and those ISP's block outgoing port 25 on their home connections. Microsoft offsets the cost of this with a couple $$Million$$ to each ISP for hardware upgrades and support calls. Anyone who needs port 25 access (people who work from home and don't have systems setup to handle it) can call and have enabled for their address.

#2. Open Relays. Microsoft forms a partnership with spamhaus, spamcop, etc to mirror the open relay databases of those people. Since Microsoft also has Hotmail and MSN, Microsoft is in a great position to identify new open relays and add them to the list as they are abused.

#3. Individual email accounts. Not much that Microsoft needs to do here. All the ISP's need to do is to limit the outgoing email to 10 unique connections per minute.

#4. Spammer sites. Again, Microsoft helps by hosting a mirror of the blacklists.

There, the spam problem is down to a tiny fraction of what it was. The spammers might still WANT to send spam, but HOW are they going to do it?

Re:You're confusing the incentive with the tech.

[canadian_right]

Robbing banks is NOT very lucrative.

The average bank robbery nets less than a thousand dollars, and over 80% of bank robbies are solved due to excellent security and survveilance in the average bank. Unless your bank is poorly run you will notice that there is NO cash up front with the tellers. They have to get cash from a machine designed to dispense cash slowly. Pretty much the only people robbing banks are desperate drug addicts these days.

It is very difficult to steal a large amount of cash these days. Smart jewlery stores only display fake jewlry and store the real goods securely offsite.

Fun with selective quoting

this php code

Is junk

Re:Uh...

I dont know how this got moderated to insightful. Its a fairly ignorant comment -

Is the poster trying to equate the presence of IE only sites to the types of problems caused by phishing, spam and the other assorted BS that goes on?

Its this type of moral ambiguety that is causing the
types of problems MS is suing people for.

Re:Lawsuits, the last refuge of the incompetent

[WolfWithoutAClause]

Given the trivial ease of purchasing SenderID keys from Microsoft and their lack of association with an actual From: header line, and the ease of breaking into many thousands of zombied Windows machines worldwide and sending spam from them now, it's a trivial matter to simply steal SenderID keys from small corporate Windows servers.

I don't agree with this. The senderId keys wouldn't be on most machines, only the email servers, which presumably would be better protected, and atleast in principle they can be repudiated in real time if a particular key owner starts spamming, or if a spammer makes it look like that. So spammers would soon run out of useable senderIds.

So, stealing serverIds doesn't help as much as you seem to think it does. serverIds aren't like from or Mail FROM addresses, there's a finite number, and they can be managed. That matters.

Also, serverId implementation implies that all the mail from a domain has to go through a mail server, hence prefiltering of the mail for spam can be performed at the same time (as in when a server gets dodgy looking email, the server goes- yep, sent it, but sticks it in a file for the admin to authorise/ditch). Prefiltering of email before it goes onto the internet has got to be a good idea (my ISP blocks email, unless it routes through their servers already, presumably for these kinds of reasons).

Mail with a particular serverId can be correlated against spam; and atleast nobody else has to accept mail from a serverId with a high spam ratio.

Re:Please..

[tokabola]

My 8 month old Hotmail account has never had any spam. I have made no adjustments to any filters but assume MS is filtering some.

My main account, over two years old and served by myself, has absolutely no filters, yet I have never recieved any spam.

I achieved this by using a non standard name for the account - one that's not in the spammer's dictionaries, and by not EVER entering it into an online form (I have yet another temporary hotmail account for that - when it starts getting to much spam I simply ditch it and get another)

If you get a lot of spam, it's because you did something foolish, like let your E-mail address out to the world at large or used a common name for your address, like "bob@somemail.com". Spammers use dictionaries and "brute force" techniques to get these addresses.

Tommy

Re:Lawsuits, the last refuge of the incompetent

"Windows - the first refuge of incompetent fans"

Gee Tim C- I guess you are either very lazy or you can't read, or if you can read you can't comprehend.

In your second block, reasons b,c, and d all follow from the "Windows is more popular" argument and are invalid. It is "a" that is true. please read below and read all the rest of the pointers in the parent.

Stolen without permission from:

http://linuxmafia.com/~rick/faq/index.php?page=vir us#virus4

Isn't Microsoft Corporation's market dominance, making Linux an insignificant target, the only reason it doesn't have a virus problem?

Not at all. This question is virus pundits' pons asinorum: If they can't think past this fallacy, don't even try to reason with them, as they're hopelessly mired in rationalisation.

( The fifth proposition, book i., of Euclid?the first difficult theorem, which dunces rarely get over for the first time without stumbling. It is anything but a ?bridge;? it is really "pedica asinorum", the ?dolt?s stumbling-block.? )

The speaker's supposition is that virus writers will (like himself/herself) ignore anything the least bit unfamiliar, and attack only the most-common user software and operating systems, thus explaining why Unix viruses are essentially unknown in the field. This is doubly fallacious:

1. It ignores Unix's dominance in a number of non-desktop specialties, including Web servers and scientific workstations. A virus/trojan/worm author who successfully targeted specifically Apache httpd Linux/x86 Web servers would both have an extremely target-rich environment and instantly earn lasting fame, and yet it doesn't happen.

2. Even aside from that, it completely fails to account for observed fact: Assume that only 1% of Internet-reachable hosts run x86 Linux (a conservative figure). Assume that only one virus writer out of 1000 targets Unixes. Then, given the near-instant communication across the Net that at this writing is blitzing my Linux Web server with dozens of futile probes for the Microsoft "Nimda" vulnerability per second, the product of that one virus writer's work should be a nagging problem on Linux machines everywhere ? and he/she will be working very hard to achieve that, given the bragging rights he/she would gain. Yet, it's not there. Where is it?

The answer is that, for various reasons discussed in prior essays, such code is very easy to write, but ? given minimally competent system maintenance (including the automated kind, cited below) ? completely impractical to propagate. And likely to remain so.

Submittors Note: For those actually interested in and capable really thinking, please read the rest of the essay. (follow the URL above)

You forgot something

[houghi]

#5. The chance of getting caught. Just try this little experiment. Call you local police station (not via 911 or any emergency number) and do the following test:
1. Tell them you are a bank and are being robbed
2. Tell them you are an individual and are being robbed
3. tell them you are a person and are being scammed
4. Tell them you are a person and are being spammed

I am sure that with the last one most of the time you are asked to get lost. When number 3 and 4 come together, it mostly ends with "Sorry, they are in another city/state/country/mindset.

It should be governement who should be going after the spammers, not companies or individuals, Now in the worst case what can happen is that they say: OK, we will not spam hotmail/msn anymore. Settle out of count and go on with business.

Re:You forgot something

[ConceptJunkie]

OK, I called them and told them I am being robbed. Now what?

When do I do step 3?

Why are there sirens?

Also a diversionary tactic

[rhizome]

The more they howl about spammers, the less attention will be paid to the fundamentally broken qualities of Microsoft email clients. Security holes in Outlook? LOOK OVER THERE, IT'S A DIRTY SPAMMER.

Re:Also a diversionary tactic

Furthermore, their goal is not to eliminate spam; but to limit spam on their services -- they'd be more than happy if the spammers stay active, but spamming HotMail competitors, such as Google.

Microsoft isn't trying to be the good guy

[Nybble's+Byte]

Microsoft NEVER does anything without a motive to line their pockets and force their monopolistic practices on everyone. Microsoft has proven this time after time, so don't be so quick to applaud their actions.

End Spam by Ending Email

[guaigean]

They key to solving spam is to move away from it. Email has been out quite a long time, and has greatly helped to increase communication in the world. But as many, including Don Knuth, have stated, it's time for email to die its timely death. There are many more capable tools out there, which serve for faster and more reliable communication, without being subject to the extreme abuse of email. I realize that the odds of people quitting email is low, but all legacy systems fade eventually.

Re:End Spam by Ending Email

[praetis]

And starting to use IM more, perhaps? There's nothing two consenting parties can't communicate with IM that they could with email, and yet it's faster and more functional overall. Jabber requires a handshake, meaning spam as it currently exists is impossible.

I don't even get much spam, but I still want to move away from email because it feels like driving a rattling old car around.

Forget Spammers, Bill

[Mad+Ogre]

Go after the farkheads making the spyware!

Re:Lawsuits, the last refuge of the incompetent

How exactly would you suggest that they improve their software to prevent spam and phishing?

I suggest installing rocket propelled grenades up the Spammer's soft posteriors.

For the cost of an American law suit, you could pay a huge number of ex-Mafia/KGB hit-men, and spammers would be a thing of the past.

Perhaps you could hire some suicide bombers to handle locations outside the USA.

You dont need to kill them all - just get a lot of publicity for those you do kill.

Re:Please..

[kf4lne]

Why doesnt someone put forth the effort to educate people about the internet? we teach our kids to stay away from crime, dark alleys and generally bad people and places in the real world so why not teach people the same things about the internet?

If Firefox Had 95% of the Market...

[reallocate]

You know, if Firefox had 95% of the browser market, those folks would prbably add some goodies and people would start writing Firefox-only sites.

In general, the only people who care about standards are the people who watch while almost everyone else goes off and does what they want to do.

Re:If Firefox Had 95% of the Market...

[FurryFeet]

Yep. That's why, effective immediatly, I will no longer use the metric system. Hell, I'm not goint to just watch, I'm going off to do what I want to do.
So, kindly refer all measures to me in my new units. All lenghts will be measures in snirfevlins, and all weight should be expressed in wombats. Oh, and force will be measured in nilbogs, okay?

(Point being, in case you are really that dense, that standards are GOOD as a starting point for understanding each other. They're not an artistic medium of expression where "everyones does what one wants to do").

Re:If Firefox Had 95% of the Market...

[reallocate]

...standards are GOOD as a starting point for understanding each other...

Right, and the standards that people pay attention to are usually determined by what those people actually use, not by some pseudo-academic committee.

It's silly to complain about IE-specific capabilities as being non-standard when almost every browser on the planet is IE. Firefox, et al, might arguably be better bowsers, but they won't be standard until they succeed IE as the majority browser.

Re:If Firefox Had 95% of the Market...

[FurryFeet]

You're missing the point.
The whole point of having standards is as a starting ground to grow products on. You have your TV standards, and hundreds of companies can build TV sets that just work.
That's what we need for browsers. A set of standards so that, whatever browser you use, any site will work.
Admittedly, IE has most of the market and can blatantly refuse to submit to standards. That is wrong. So, even if they can do it in practice, they deserve to be despised for it.
And before you say it, no, IE is not a standard. You cannot have a standard defined by --and changed at the whims of-- one of the players. Imagine if Sony could alter the TV standards at its own convenience...

Re:If Firefox Had 95% of the Market...

[reallocate]

I agree that standards are important. But, it seems to me that IE's almost total market dominance allows it to establish de facto standards -- the way most people do something (whether they think that's the best way or not). Rather than seeing IE as something that "can blatantly refuse to submit to standards" I see it something that creates standards. Describing that as "wrong" is to bring ethics into an arena where they don't have applicability. It is neither wrong nor right that IE sets standards. It simply is reality.

You cannot have a standard defined by --and changed at the whims of-- one of the players.

Sure you can, if that single player dominates and everyone else is a neglible pipsqueak. Sony can't change TV standards because no one dominates that market. But, if 98 out of 100 TV's in the world were Sony's, then, yes, they could change standards and everyone else in the business would follow obediently or go out of business.

Re:If Firefox Had 95% of the Market...

[iminplaya]

But, it seems to me that IE's almost total market dominance allows it to establish de facto standards...

That's precisely why we shouldn't let the market determine the standards, only to let them change the standards at the slightest whim(like the IM standards constantly changing to break the OS chat programs). AM stereo is another example of this failure of the market to set adequate standards. We are supposed set up a scientific(pseudo-academic committee to you) comission to set standards, not marketing beancounters that we use now. That's what the real purpose of the FCC was supposed to be. This could provide some stability. It assures that the best standards are used, not necessarily the most profitable for any one company exclusively. If the W3C is supposed to set browser standards, then we must discourage people from using programs that don't adhere to them. The market should set the price, not the standard. We have real technicians available that should be setting the standard. Let's use them. The market is destroying the whole concept of standards... for profit. Again, only because we let it. Standards are what allows me to use a 70 year old telephone on brand new lines with brand new switching equipment that must adhere. I can use that same telephone almost anywhere in the whole wide world. Standards are what keeps the trains running. Imagine if your train had to stop to change the trucks everytime it crosses state lines. That's how it would be if the market decided.

Sony can't change TV standards because no one dominates that market.

Sony can't change TV standards because the FCC(or your gov't equivilent) set the standard, not the market. The brodcast signal is determined by law, and in this case, that's a good thing.

But, if 98 out of 100 TV's in the world were Sony's, then, yes, they could change standards

Again, in this case the gov't set the standard. Even if Sony had all the market, they still have to go through the FCC in the US. It would take a very large "contribution" to change that.

Re:If Firefox Had 95% of the Market...

[iminplaya]

Imagine if Sony could alter the TV standards at its own convenience...

It certainly proves that the FCC is good for something. It makes it worthwhile to keep that 35 year old Magnavox running. There are some here who believe the market should rule the world. The rest of us are trying(rather feeblely(?)) to prevent that. Planned obsolescence doesn't work too well when you have scientifically determined standards. Sometimes the standards need the rule of law to give them teeth. When something significantly better comes along, then we can take another look and revise it, but it needs to be determined by technicians, not the marketers. There is nothing wrong with using the community(gov't) to set up commissions for this purpose. I, for one, prefer it be done that way.

Re:If Firefox Had 95% of the Market...

[reallocate]

>> ...That's precisely why we shouldn't let the market determine the standards...

The market is precisely the only thing that can establish meaningful standards. Standards amount to what most people do most of the time. What good are products that adhere to "standards" if no one uses those products?

And, just who is this "we" that "should let the market" set standards? The market is everyone, so are you suggesting some government agency with the power to enforce standards against the people's will?

>> AM stereo is another example of this failure of the market...

Huh? AM radio is talk radio. That's where the money is. Who needs to listen to Rush in stereo? He's all mono, even in person.

>> It assures that the best standards are used, not necessarily the most profitable...

No. It would assure that the "best" standards are ignored if no one could make money following them.

>> If the W3C is supposed to set browser standards...

Who sez? The only people who said the W3C is supposed to set browser standards is the W3C.

>> The market should set the price, not the standard. We have real technicians available that should be setting the standard. Let's use them. The market is destroying the whole concept of standards... for profit.

Why shouldn't the market set standards? Why should we let "technicians" with little stake in the game and no interest in the behavior or interests of real people have dictatorial powers over anyone using a browser? If someone markets a browser that allows me to do something I want to do, why should I care if that browser make the standards technicians happy?

>> Sony can't change TV standards because the FCC...

If Sony dominated the TV market and found a new and more profitable way to deliver sound and images to people's homes and offices, it could bring that to market with no concern about the FCC. No FCC regulations would apply to Sony's new products.

It would take a very large "contribution" to change that.

You show that combination of naivete and inexperienced cynicism that so many people put on like a pair of jeans.

Re:If Firefox Had 95% of the Market...

[iminplaya]

It has already been spelled out why we shouldn't let the market decide. The market is too fickle. We need technical standards set by disinterested technicians without any stake in the market to assure that the standards are technical in nature and not political as the case would be with the market deciding. Stability is the name of the game here. That is what can bring real progress. With the fickle market deciding, I wouldn't be able to keep my tv or telephone or computer for more than a year or two before I would need an upgrade to conform to the new standard(microsoft office and coreldraw are good examples. Office98 is more than good enough for almost all users, but it must be constantly upgraded to keep up with people who buy new computers). Imagine if we let the market decide how to deliver electricity everytime a "new" concept comes up. We would constantly have to re-invent every appliance we own. That's very profitable for some, but it doesn't benefit the general population. That seems to be the main difference between you and me. You seem to have a desire to let a few profit at the expense of the rest. I'm more interested in the maximum benefit for the most people possible. Exclusivity is not a good thing. I will always work against it.

If Sony dominated the TV market and found a new and more profitable way to deliver sound and images to people's homes and offices, it could bring that to market with no concern about the FCC. No FCC regulations would apply to Sony's new products.

There would be no profit for Sony if they made tv's that can't recieve the gov't mandated signal. Why would anybody buy such a tv? Despite all the FCC's problems, I'm glad they are here to make sure the signal is standardized so that I can buy any brand of tv. It also helps to assure that it remains patent or copyright free so that nobody can claim sole rights to such a technology that I would have to buy a license for if I were to manufacture tv's. Unlike what you see with CD's and DVD's and their respective players and certain computer filesystems. If you are against anarchy, then I guarantee you that you would not like it if the markets were the ones setting the standards, because that is what you would get. It would be the proverbial Tower of Babel. We have common standards to prevent just exactly that. That's why we asked the gov't to do it in the first place. It's one of the few things we learned from history. However, if the majority decides to vote it all away, you will get your wish. No sir, This is one of the things that a gov't is very useful for. I hope they hang on to that power as long as they can keep it from becoming political(Now, that would be bizarre, and it's already too late for that) Oh, and my cynicism comes from much experience. And like that pair of jeans, it becomes more comfortable every year...or every election as the case may be.

Re:If Firefox Had 95% of the Market...

[reallocate]

>> It has already been spelled out why we shouldn't let the market decide

Ok, where? Who says I'm supposed to agree with that line of reasoning?

>> . We need technical standards set by disinterested technicians...

Again, why? Why are standards set by technicans any more valid than standards established by the people that buy and use the products?

And why are you so certain all those "technicians" are disinterested? Standards committees are no more immune from politics than any other kind of committee.

>> ...without any stake in the market to assure that the standards are technical in nature and not political as the case would be with the market deciding.

I really doubt technicians working in an industry lack a stake in the success of that industry. More importantly, when markets set standards it isn't political, it is economic decision making, by the people with the right to make those decisions -- consumers.

>> With the fickle market deciding, I wouldn't be able to keep my tv or telephone or computer for more than a year or two before I would need an upgrade to conform to the new standard...

It isn't the market that creates upgrades or new kind of TV's or telepones. It is manufacturers who hope to make a profit selling them. The market determines if they're successful or not. If people want, for example, that new kind of TV, they'll by it. If people don't want, for example, the latest Microsoft upgrade, they won't buy it. Manufacturers follow what the hope are the desires of the marketplace, not the other way around.

>> Office98 is more than good enough for almost all users, but it must be constantly upgraded...

That's you're opinion. Whether it is accurate or whether it has any bearing on the purchasing decisions of people is irrelevant. People have every right to buy what they want. If they want to buy a new product because they like the color of the box, then they will. Nothing wrong with that. Ut's their money.

>> Imagine if we let the market decide how to deliver electricity everytime a "new" concept comes up. We would constantly have to re-invent every appliance...

That almost certainly wouldn't happen because we all have so much invested in appliances that work with the "old" concept. If someone tried to sell something else, no one would buy it.

>> You seem to have a desire to let a few profit at the expense of the rest.

No, I don't, and I've not said or implied anything like that. I've only said that real standards -- what most people want and do most of the time -- are set by the people who buy the products that do those things, which is simply another way of talking about the market.

You, on the other hand, seem to be talking about a tiny clique of self-annointed experts deciding what everyone else should do and then focing us all to adhere to their wishes. Even if a body like the W3C is composed of angels making the very best technical decisions, why should I pay any attention to the W3C? If 98 percent of the world buys my product anyway, who cares what the W3C says?

>> There would be no profit for Sony if they made tv's that can't recieve the gov't mandated signal...

But,that's not what I said, is it? I said a new way to deliver sound and images, i.e., something that doesn't come within the FCC's purview.

I'm glad, too, that the FCC regulates frequency use. But, if no one wanted to buy the boxes that receive the signals broadcast on those frequencies, that standard would be moot. The standard exists and works only because the market supports it.

>> ...and my cynicism comes from much experience.

Somehow I doubt that. Sounds more like a lot of misunderstanding of how people really work.

The cynical person asks...

[Guppy06]

Is Gates going after spammers per se, or going after competition They still sell out their Hotmail and MSN mailing lists to interested advertisers, don't they?

Re:Please..

[Anne+Thwacks]

You may use e-mail only for playing, but in the real world, people actually conduct legitimate business, and need to have e-mail addresses like "sales@mybusiness.com" visible on their web site.

This applies to one-man businesses run by teenagers and grannies as much as IBM and M$.

I have news for you: Having to spend twenty times as much time on deleteing penis enlarger ads as responding to sales leads does not appeal to the average grannie.

These people are legitimate and constructive e-mail users, and not geeks. There is no reason why they should be showered with shit just because the US legal authorities fails to lock up the perpetrators of scams within its jurisdiction.

If you tell me Canada is better,I'll whack you round the head with a 512MB ST506 hard disk filled with spam from some Canadian pharmacy that can't tell the difference between the USA and Europe, and appears to have purchased an "Op-in" mainling list consisting of 10,000 copies of my e-mail address spelt wrong.

The cash/jewelery is SOMEWHERE.

[khasim]

Robbing banks is NOT very lucrative.

I want you to think about that for a moment. The place with lots of money is NOT very lucrative to rob.

What did I say in my original post?
Yet your corner bank isn't robbed every day (or week or month or year).

The average bank robbery nets less than a thousand dollars, and over 80% of bank robbies are solved due to excellent security and survveilance in the average bank.

Gee, do you suppose that SECURITY can counter INCENTIVE?

Which was the ENTIRE point of my original post.

Unless your bank is poorly run you will notice that there is NO cash up front with the tellers. They have to get cash from a machine designed to dispense cash slowly.

So TECHNOLOGICAL solutions (the machine that dispenses the cash) are implemented to counteract the INCENTIVE.

Again, that was the entire point of my original post.

It is very difficult to steal a large amount of cash these days. Smart jewlery stores only display fake jewlry and store the real goods securely offsite.

It doesn't matter WHERE it is stored.

What matters is the SECURITY.

If a jewelery thief has to rob the storage site instead of the store, so what? The INCENTIVE is still there.

But the SECURITY measures mean that almost every attempt will fail, no matter what the INCENTIVE is.

Now, to bring this back around to the ORIGINAL article, filing LAWSUITS will NOT stop spammers the same way jail time does NOT stop robbers.

Lawsuits and jail time are not enough to counter the incentive of lots of easy money.

It takes well-designed and well-implemented SECURITY measures.

I think you stopped at the first line of my original post.

Re:Signs?

[mrterrysilver]

i know right? i love slashdot but people need to stop obessesing about hating microsoft. The whole "create software to stop spam" idea sounds awfully familiar to microsoft's initiative to get Sender ID accepted across major ISP, which could help stop spam at the software level. unfortunately they haven't had the best support with it from other ISPs.

in case you couldn't figure it out its not as simple as writing some software and flipping a switch to start protecting everyone's email inbox. it takes a very long time to convert all the ISPs and millions of email users to a new type of email authentication.

seems to me like microsoft is taking steps on the legal front and the software front to stop spam. no one else is really doing much, or at least not close to what microsoft is doing. stop being so biased and accept the fact that the company you might hate is doing you and the world a big favor by spending a lot of money it doesn't have to.

And why shouldn't they?

[blair1q]

90% of security problems on the net today are due to Microsoft's inability to produce systems that don't have massive security holes.

Re:Signs?

Dude? Who's your daddy? Just curious.

FUD and Obfuscate

[spectrm]

This is just another PR move by MS. It makes them look good to non-geeks while all of us techies know what's really going on. A bunch of lawsuits aren't going to stop the spread of spam of virii. Sure they may punish the big-bad-wolves of the industry, which is a good thing. But the money won from the defendants (if any) of a lawsuit should go to something like the w3c or the ieee for research and implementation of standards that will serve to prevent spam and the like from being the norm anymore.

I would only agree with MS taking the money if it meant that they were going to put it DIRECTLY into security R&D to patch up their holes.

That being said...DAMN THE MAN!!!!

Spamlord

[Doc+Ruby]

Microsoft's legal juggernaut vs. spambot Windows installs and Hotmail accounts. Either way, Microsoft wins, with Gates looking like our benevolent protector! That guy really is a genius.

literacy

[Doc+Ruby]

"barely literate in English"

Re:literacy

Want to know why Neil Diamond is so great? It is because he realized that a guitar hums. So pack up the babies and grab the old ladies.

Re:literacy

hahaha this reminds me why i added you to my freinds list hahah

--FidelCatsro

Good Guys you say?

[BancBoy]

Everybody knows they wear white hats, not red ones.

DId that fix the problem?

[jotaeleemeese]

i.e. all the owned Windows machines that are used to send the spam?

No. We remain as vulnerable as before, MS is going to pass the bill of their lawyers to the people foolish enough to buy stuff from them for the "favour" (ok, wake me up when we see the dent in their profits due to litigation costs).

So instead of providing a technical solution to the problem (like sitting down in a comitee to create a new, secure, email standard) they fo in SCO mode (i.e. legal battling).

Give all the kudos you wish. The problem is still there, MS is wasting its money, the bill will be duly passed to MS customers.

default security and responsibility

[screwthemoderators]

I think ISPs should share more of the blame. A computer that doesn't connect to a network, and only one user doesn't really need that security. M$ started and grew in the personal computer industry with MSDOS- not networked, multiuser computers. AOL (which is getting better at security awareness) Earthlink and other ISP should be more involved

It does make a difference.

[www.sorehands.com]

If you write a complaint properly, you can go after the individuals in addition to the corporation.

If you write the complaint properly, you can avoid the money from the case being discharged in bankruptcy.

Re:Finally a use for all their lawyers on retainer

[lew3004]

Those types of battles are usually short lived, especially in the corporate world but in the meantime; "The enemy of my enemy is my friend."

Only on /.

[khasim]

will a post stating that security can defeat an attacker be mod'ed as "flamebait".

Another anti-trust case

[tchernobog]

Where are the news? We already knew that Microsoft doesn't like competition.

(i'm just kidding, not trolling. laugh.)

I'm confused...

It mentions Microsoft, and then mentions "the scum that are ruining the Net for the rest of us", as if those were two separate entities. Huh?

(In analyzing their motivations, please keep in mind that Gates does not have a warm feeling for your inbox. He has a big ol' stiff one for your WALLET. This War On Spam shit wouldn't even come up if it weren't part of the larger World Domination program.)

Artists Against 419 Slashdots Spammers

[billstewart]

Artists Against 419 has a few projects to do things to Nigerian 419 scammers, including the Lad Vampire, which displays a set of graphics from scammer's fake bank sites and keeps reloading them to burn their bandwidth. ("The Lads" are the lads from Nigeria running the 419 scams.) There are a few other anti-spammer sites using similar code. They've closed a number of fake bank sites this way.

There are two different mechanisms that this approach uses. One is that many of the scammers run on free or cheap web pages with monthly traffic quotas, so if you burn their quota they're out of business. Another is that many sites charge for bandwidth based on 95th percentile usage, so if everybody gangs up on them for 5% of a month (about a day and a half) you can jack up their bill and then move on to the next target. It's especially effective for the few scammers who are actually running their websites in Nigeria, since that's mostly expensive satellite bandwidth, but they're more likely to be in some random European or Chinese web hosting farm.

Obviously it's only useful to run if you've got a network connection that doesn't have monthly bandwidth quotas of your own, because you don't want to slashdot yourself, but most US cable modem and DSL services don't. (Now if we could only get the Koreans to run this stuff :-)

A technical comment on AA419 - it's not very efficient, because it's simply using a browser to display the illustrations. That's fun to watch, but burns a lot of CPU, so if you're running the various SETI@Home types of CPU sinks, they won't get any work done. It would be really simple to build a shell script that loops wget>/dev/null requests (with caching turned off) which doesn't waste time displaying the targets. On the other hand, using the current site is a no-brainer for times that you're not busy.

Stomach? What stomach?

[value_added]

All you need is a few lawyers to file these lawsuits and one or two supervise them all. It's anyone's guess how large Microsoft's legal department is, but between in-house counsel/staff and the all attorneys working for law firms hired by Microsoft to represent them in their never ending litigation, I doubt anyone is working overtime.

As for the cost, most likely it's a drop in the bucket when compared to what's already been spent or is being spent on antitrust cases. Whatever the cost, the bankers are used to it, the shareholders are used to it, as so is everyone else. And when one considers the PR value of these lawsuits, I doubt anyone would raise an eyebrow if real money was at stake.

Detecting Referer Log Spamming?

[billstewart]

Do most of the log files have a sufficiently standard format that Google could detect and ignore? That would cut down on the effectiveness of that spamming.

Also, do the spammers pound a site with multiple requests from the same referrer, or do they do requests for lots of sites (e.g. Search Engine Optimizer scammers doing this as a business?

Re:Detecting Referer Log Spamming?

[dustmite]

The referrer spammers have become increasingly sophisticated, it's gotten a lot harder to automatically detect. For one thing they now use 'farms' of infected Windows systems all over the world, so it's impossible to pin down any IP or range of IPs from which the requests come. Also, they've become more organized as 'advertisers' (or e.g. "search engine optimizers") for multiple clients, so the referrer field itself is often for something totally new and different - as you say, they do requests for lots of sites. And of course they fake the user agent string. So there is actually basically no explicit information left anymore to the webserver that could be used to detect that it's a spammer.

If it weren't for Windows and IE being so insecure, this might have been easier to fight, as it would be a lot harder for them to use basically "random" IP addresses of the millions of infected machines .. if they had to use a limited number of systems to do the spamming it would be a 'simple' matter of finding out and blocking their IP ranges each time they moved. SP2 may help in future, but it's too late, the damage is done.

Another note..

[EvilStein]

I tried to contact Spamhaus about one of their ROKSO listings. I've been trying to give them *correct* and *up to date* information that they do not have on file, but I cannot seem to get anyone to respond to me.

If people are going to use SPEWS/Spamhaus/etc to dunk spammers, shouldn't the RBL maintainers take some responsibility to make sure that the information is accurate?

Lawsuits are one thing, but making sure you're nailing the *right* people is another thing.

Re:Another note..

and HOW am I supposed to trust *YOU* and your so-called up-to-date informations ?

the very first thing a spammer does is telling Spamhaus they are wrong and he is innocent (then he insult them and stuff)

Re:Another note..

[EvilStein]

*shrug* You don't have to trust it, but it'd be nice if you'd at listen to it.

I'm not trying to tell Spamhaus that they're wrong and someone is innocent. I'm trying to tell them that some of the information they have about someone on their ROKSO list is very outdated. How do I know this?
I worked for the organization that is *on* the ROKSO list and believe me, I have NO love for them at all.

Why Gates hates spammers

[rice_burners_suck]

In other news, a man named Gates was last seen dressed like Rambo and shooting into a crowd of spammers with a Gatling 134 minigun. "Electronic damages caused by spammers cost business billions of dollars each year in lost revenue. I was simply trying to help," stated Gates in a later interview.

Reports show that Gates began his all-out assault after receiving 10,000 emails advertising enlargement of certain organs found in male humans. This reportedly outraged Gates, who believes that his organs are already the maximum size allowed under Washington law.

ISPs can certainly do more

[PapayaSF]

In other words, how do you intend to stop me from installing something (a porn dialer, screensaver, shareware app, or whatever) that, as well as its legitimate function, makes my PC part of a botnet, without preventing me from installing software at all?

True, 100% prevention is probably impossible, but ISPs do monitor their customer's net usage. It shouldn't be too difficult to detect zombie machines. They should then cut the machine off the net, call the owner, tell them that starting N hours ago their machine became a zombie, and help them fix it. Do that often enough, and publicize it, and perhaps the average user will be more careful in the future.

Re:ISPs can certainly do more

[Tim+C]

Yes, the ISPs could theoretically monitor net usage (which I can imagine would have the privacy people up in arms) and take action against anything that starts to look like it could be a problem.

However, the post I replied to said that MS should make their OS secure. You can't have an OS with zero exploitable holes, as there's nothing you can do to prevent there being one sat at the machine's keyboard.

Re:Lawsuits, the last refuge of the incompetent

They dropped the fine because the guy never would have been able to pay it. Instead they at least got the guy doing something useful, Didn't the guy still get jail time?

Hotmail/MSN ISP does it, not Windows/Office

[billstewart]

This isn't the Windows and Office side of Microsoft going after them. This is the ISP side of Microsoft, including MSN and Hotmail, who have the same kinds of problems with spam that other ISPs do. Spam costs them money, annoys their customers, and encourages annoyed customers to find ISPs with better spam prevention, so they have to do anything within reason to reduce the spam.

Filters and Lawsuits hit different ends of the spammer market. Lawsuits aren't very useful against the little spammers - it's a whack-a-mole game, where any spammer you bankrupt has two or three more following in his footsteps. They're much more effective against the big spammers - Spamhaus estimates that 200 spammers put out 80% of the spam, and putting any of them out of business can make a big dent - and most of them are based in the US, where you can sue them, even if their infrastructure is mostly in China or Zombieland. The nice thing about whack-a-mole lawsuits is that they're usually easy to win - you don't make any money off of it, because most of them aren't making much money compared to the amount they're costing the Internet as a whole, but if you've got a collection of 200 heads nailed up on your office's front gate, it starts to get their attention.

Exchange, Outlook, and Outlook Express do get spam filter technology added to them - it makes the users happy, and if it implements spam-reporting capabilities well, it can help the ISP side of MS improve their filters. But the main filtering happens at the ISP level, because that's what most customers want.

If they were really committed...

They'd take care of the retards over at http://www.cryptic.net/.

More importantly

What does he do? Just curious.

Spamhaus 200 mostly US-based; Phishers vary

[billstewart]

Spamhaus's list of the top 200 spammers mostly has US-based operations. The spam itself may get sent from Zombieland advertising web sites hosted in China, but the spammer gangs are US based, and most of the products they're selling are shipped from the US. Zapping the big US operations would cut down on that spam significantly, and it's not clear that they'd be rapidly replaced.

Phishers, on the other hand, can operate from anywhere; they're popularly blamed on Russian Mafia, but I haven't seen any real statistics. But until banks start running SPF or similar protocols that make it easy to filter out forgeries, phishing won't go away that fast. Banks and credit card companies also need to start running stings on phishers - things like setting up dummy accounts that instantly flag anyone who accesses them, sending this information to the phisher's traps, and then nailing them when they try to get them money.

Re:Signs?

[marcosdumay]

With all the evil they have done, is there any way that they could do enough good for the evil to be forgotten, or at least to break even thus making them a "Corporation" not an "Evil Corporation"?

They just need to stop beeing evil and start to agregate value for our society. Honest people/corporations have no need for good actions to be accepted (but them sometimes do that anyway). If Microsoft turned not evil, people will start to trust them again. All they need is time.

But good actions also don't make evil people/corporation less evil. Bill Gates donnating money or M$ suing spammers will no make M$ less evil. Not even a bit.

The scum that are ruining the Net

[Daniel+Phillips]

It didn't seem to me like any single company had the stomach to keep after the scum that are ruining the Net for the rest of us.

I thought it was Microsoft that is ruining the net for the rest of is. Isn't it Microsoft that created the spam industry?

It worked!

Back in 2002 I decided to change my email address to [insert real username]@microsoft.com and then post to usenet so that Microsoft employees got spammed. Microsoft gets annoyed and spammers get sued - It's a win-win situation.

Re:It worked!

[suman28]

Oh man. You beat me to the punch! I bet he is ticked that most everyone uses fake email addresses like someone@microsoft.com or billgates@microsoft.com. No wonder, he is leading this campaign personally.

ISPs cleaning up 0\/\/N3D boxes

[billstewart]

If your ISP had to guarantee that they didn't have any infected machines on it, you wouldn't be able to get service for anything like the price you're getting it today, and you can bet that they wouldn't let you install unapproved software on your machine, because that would expose them to too much liability. And you can also be sure that you wouldn't be able to run a Linux mail server natively - they'd definitely block Port 25, probably in both directions, and might very well block some of the SMTP-submission ports except to their own mail servers. Basically, that would suck.

That doesn't mean that most ISPs shouldn't try to detect and reduce most of their zombie and spammer problems - one reason I don't use cable modems is that they're mostly cluelessly fascist about not letting you run arbitrary servers. There are cable and DSL ISPs that have a policy that by default you can't run Port 25 and maybe a couple of popular MS Windows ports unless you fill out a form saying that you want to enable it (with a Turing-Test Captcha on the form so zombies can't enable it for you), and that's really just fine, because you've got a choice if you want it, but you're less of a security risk if you don't.

Got any spare CDs of Easy To Use Removal Software you'd recommend? (Knoppix doesn't count :-) Once a machine gets infected, if it doesn't have a Decent Operating System on it, the malware can infect almost everything, in ways that are often hard to detect. McAfee and Symantec anti-virus software are a good start, and reinstalling your OS and any applications from scratch from CD-ROM helps, but sometimes you just can't tell what's infected. A lot of people could do just fine running Knoppix instead of Windows, which is a lot more secure not only because it's Unix but because the executables are on a read-only medium, but that doesn't support kids who want to run the latest games, and obviously Microsoft doesn't want most people doing that so they'll keep coming out with new Office features or whatever.

Re:Lawsuits, the last refuge of the incompetent

Disable HTML email completely. Remove the ability to send/recieve HTML email from Outlook and Outlook Express.

This is a feature end users expect, and they will get upset if the feature is removed. A lot of people like having real smileys in their email. :) Even Evolution and Thunderbird allow HTML email.

The real solution is to limit the kinds of tags HTML email can have (this is how Evolution handles the problem).

Secure IE and make it standards complaint. Securing IE includes removing ActiveX

Too many legacy applications depend on ActiveX. The real solution, and the one Microsoft implemented for XP SP2, is to severely limit who can run ActiveX.

About standards compliance: I agree that it is a bloddy shame that IE7 isn't going to fully support CSS2.

Re:Lawsuits, the last refuge of the incompetent

Not in the Microsoft usage model. The SenderID keys would be on every single PC, implemented as part of the local email client. The theory is that people who send from desktops that move or laptops that move or VPN'ed machines can still be authenticated at the next SMTP server. SenderID actually breaks SPF, because the SenderID overrides the SPF based domain settings on who is allowed to send email from a domain, and it wastes a bunch of CPU and resource that SPF would have blocked at the originial "MAIL FROM" line. Since the vaguely encrypted key information has to be read out of the header, it means the message has already been transmitted and is already wasting the server's disk and CPU. Requiring the encryption parsing will merely add insult to injury, and gain almost nothing.

Re:Signs?

[grcumb]

"Accept the fact that they really can do good things and shut with the Microsoft bashing."

Memo:

Negative talk is no longer spelled 'criticism'; it is now spelled 'bashing'.

Seriously, how is it 'bashing' when one points out that publicly available information shows a large number of their business strategies are illegal or unethical and accomplished not on merit but through lies, coercion and pay-offs?

Call it 'bashing' if you must, but don't pretend that makes it untrue.

uh, go ahead, make my day... SPAMMER...

Just want to hear Gates standing over some spammer and ask "You've got to ask yourself one question: 'Do I feel lucky?' Well, do ya spammer?"

"You don't assign him to spammer cases, You just turn him loose." "William Henry Gates the Third. He doesn't break spammer cases. He smashes them."

"I know what you're thinking. Did he assign six lawyers or only five? Well, to tell you the truth, in all this excitement, I've kinda lost track myself. But being as this is Microsoft's legal department, the most powerful legal entity in the world, and would sue your head clean off, you've got to ask yourself one question: 'Do I feel lucky?' Well, do ya spammer?"

Doing the Math...

[Nom+du+Keyboard]

By any measure, 215 lawsuits constitutes a legal juggernaut.

And just how many spammers are there out there right now?

What do you have to fear more? Being sued by Bill Gates for spamming, or the **AA for file sharing?

So... where's the benefit?

[edunbar93]

Ever since Microsoft started this campaign against spammers, we haven't seen a reduction in the 100,000+ spam messages we get on our mail server.

This is like the lawsuits they launch against people who pirate Windows. Horribly, horribly ineffective.

Sigh

[PunkOfLinux]

Can you say 'PR fun'? That's exactly why they're doing this. SO that they can say 'we help keep your inbox clean!'

Re:Lawsuits, the last refuge of the incompetent

[mcrbids]

How exactly would you suggest that they improve their software to prevent spam and phishing?

Perhaps you missed the fact that 80% of spam comes from zombied Windows computers?

Nope. Microsoft can't do ANYTHING about this, can they?

Re:Signs?

[I'm+Don+Giovanni]

Yah, sure, Microsoft = teh "evil".
Gates is right up there with Stalin when it comes to "evil", after all, "Micro$oft" did bundle a browser in an OS, right? Can't get much more "evil" than that!

LOL - You guys are hilarious! LOL

Re:Lawsuits, the last refuge of the incompetent

[jcr]

How exactly would you suggest that they improve their software to prevent spam and phishing?

You do realize that the bulk of spam and phishing messages these days are transmitted by zombified Windoze machines, don't you?

-jcr

Re:Signs?

you are fucking gay, troll

It gets rid of spam for *you*

But your college's system still gets hit by 20+ spam messages to your mailbox a day. Not to mention the 20+ per the majority of other addresses on that system, and the 2000+ that the computing center filtered out before it hit your mailboxes, and the 200000+ dictionary attacks, ...

Just because you're not at that address anymore doesn't mean the spammers will stop pounding at the door.

Doesnt work

[TekGoNos]

I did this and :

While it helps alot, it doesnt work.

I now get 5 spam messages a day (and increasingly more) on an account that was strictly "Friends only". I do have this account for over 7 years now, so 5 messages a day is not that bad, but still, and whats really worrying me it that's slowly increasing. (Up from 2 messages/day a year ago.)

Reason : Some non-geek friends that fall for some social network scam (sms.ac, hi5.com, etc) and people who forward every stupid chainmail of the net.

So I guess, whatever I do, eventually the adress will fall into spammers hands.

Having said that, my university's account is still spam-free since 6 years, but I think that they run a spam-filter, so I dont know if it's really spam-free or not. (AND I use my university's account only for university related friends, most of whom are in CS.)

Tin Foil Hat explanation

[Black+Copter+Control]

Wow - Microsoft/Gates usually gets a bad rap on /., but kudos to them for going after the scumbags of the Internet.

Of course, they could just be giving their IP lawyers warm-up practice for when they sue the leaders of the Linux community for sudo, and all of their other random patents.

It's kinda hard to know with Mr. G.

Re:Referrer Log Spammers should be sued t [winhat]

[winhat4]

Referrer log spammers should be obvious from my ability to move, and does not want to do.

Because i decided to have a child, and here you are a part of the internet. Referrer log spammers should be sued too. Cosmology is the long bone in the web log analysis.

spam is still profitable

[frank0618]

the real answer is for people not to respond to spam...if there was no profit, it would not attract so many folks...outlawing drugs hasn't stopped drug use...prosecuting spammers will just make the remaining few more powerful...folks need to be edumacated :-)

Re:spam is still profitable

People always say this but what makes you think it's correct? Supply=demand is not realistic. It's actually more like supply=estimated demand.

Do you think Scott Richter has a basement full of c|@lis? No - he's selling emails for some other clown-shoe, who's paying him in the hope of making sales.

So as long as some idiots out there *think* they can sell via advertising to billions, they will try it. And there will *always* be people who think it will work.

It's an underground industry, there's no reliable stats on the success rates, all the spammers of the world need do is say "you only need to get 0.001% of the recievers to buy and you're a millionaire!" and the marketing managers of these dodgey enterprises will agree to give it a shot. They have no way of checking success rates before trying it out.

Probably no one in the world does buy this crap but as long as theres a few hundred or thousand idiots out there who think it might work, it will not stop.

And bad news, everyone - there's a lot more than a thousand idiots in marketing management worldwide...

Give yourselves a hand gentlemen!

[craXORjack]

You know who really deserves the thanks for this. Yep, its you. All you guys who signed up for all kinds of spam and dubious web based offers using every possible permutation of bill, william, gates, msn, hotmail, and microsoft.com. I heard that he had to hire a staff full time to sift through tens of thousands of emails to try to pick out the actual business communications. And then out of sheer desperation he signed up for an AOL account.

Tilting at windmills

[eddeye]

Yes this is horribly pedantic, but can't the editors at least abide by this one page from Strunk & White?

i.e. Gates's, not Gates'

Re:Tilting at windmills

The reference you sited is from 1918 and only lists Strunk as the author noth Strunk and White. When I was in school I was taught that when the noun being made possessive is plural and ends in an 'es' sound then to only add the apostrophe. This is to avoid awkward sentences such as 'The flying buttresses's stones carried the weight of the church's outer wall.'

So for example:
the witch's malice (as noted by Strunk)
but also
the witches' malice (when speaking of a group of witches)

Also Strunk says to use the apostrophe form when using (ancient?) proper nouns such as Moses. Since this was the usage in the King James bible it is obvious that this is the traditional usage at the time of King James which really wasn't that long ago. So pardon us for being bible readers and for writing English as it always has been written.

Linux spambots: compromised PHP mailform common

[KMSelf]

How many cracked Linux boxes do you think the spammers use? None? Well, it would seem that the OSS community is dealing with the problem at the technological root.

Brandioch, actually, I've got the spams and the admin replies to demonstrate, that Linux (and BSD) systems aren't immune. The big culprit since about November has been PHP mailform scripts, and I've seen quite a few of these sites acknowledged and wiped off systems by their administrators. Many at hosting sites.

Yes, it's apparently proxies or dedicated "bulletproof" hosting systems that are the primary sources. but Linux isn't a silver bullet. Oh, and PHP has its share of problems. awstats p0wned, anywone?

proactive...

[torrents]

or is it just a smokescreen... has actually fixing the vulnerabilities in windows become so difficult that gates/m$ have to go out and make examples of people who harass users...

Admins can break their security.

[khasim]

Linux isn't perfect. And in your example, a stupid admin can install a service such as PHP mailforms without securing it correctly.

But, by default, those aren't installed/enabled.

Re:Signs?

[confused.brit]

oh look, he signed his name....

A juggernaut, or..

[He+Schutze+He+Scores]

"...By any measure, 215 lawsuits constitutes a legal juggernaut."

Or a Typical Monday at SCO.

Ulterior motive?

[Cunjo]

Well, considering that Microsoft's CEO is in fact, the most spammed person on the internet , it would be pertinent to say that eliminating spammers would be in the company's best interest.

That wasn't entirely the point

[KMSelf]

Yes (as I was explaining to the school LAN admin yesterday afternoon), I can deliver a perfectly insecure GNU/Linux box. Yes, GNU/Linux is inherently much more securable than legacy MS Windows.

That wasn't the point. You made an unsubstantiated claim that no spam is being sent from GNU/Linux boxes. I've seen plenty that was. I've seen boxes run by generally paranoid admins hacked. You're far more credible when you stick to the truth, Brandioch. Temper your enthusiasm. It sells better.

The OS alone doesn't guarantee security. GNU/Linux boxes are used in various attacks. Easy-to-find and widely deployed (on fat pipes no less) PHP holes all the moreso. Keep up on your security bulletins and site updates, monitor your logs, run an IDS, scan your perimiter, check your traffic, read your abuse mail. You'll be ahead of the game.

(aptitude|urpmi|yum|yast) install security isn't sufficient by itself. Stop selling that myth.

Read that again.

[khasim]

You made an unsubstantiated claim that no spam is being sent from GNU/Linux boxes.

No. I specifically said "cracked".

If someone sets up a Linux box and installs software that allows an open relay, that box has not been cracked.

I've seen boxes run by generally paranoid admins hacked. You're far more credible when you stick to the truth, Brandioch. Temper your enthusiasm. It sells better.

I think I'll just stick to the facts, if that's all right with you.

So, dispute my claim with a fact. Show me a cracked Linux box spewing spam.

Not one configured by the admin to be an open relay. Not one where the admin installed software that was configured as an open relay. No open relays need be mentioned.

If you handle the mail yourself, that shouldn't be too hard to do. All you have to do is check the spam that didn't come through a relay and find a Linux box that isn't legitimately owned by a spammer.

I'll give you a week.

"cracked"

[KMSelf]

If you can exploit a box without gaining root, why bother gaining root. Matters little to me how a box is being utilized, rather more that it is. The distinction is a red herring. If someone's using your system in an unauthorized manner, it's effectively exploited, root or no root (yes, there are different implications, you and I both know that, stick to the point).

That said, I've seen Linux boxes cracked, and I've seen 'em spamming. I'm generally not tracking which is what, but reporting on spam. If you're so keen on finding 'sploited Linux boxes, you can search news.admin.net-abuse.email on my email address, find my reports, and query the IPs yourself to find out what they're running and whether you think they're cracked. That's your question, I'm not your consulting department. Fresh crop of ~250 hosts posted daily.

And that said, http://www.123stereo.com/ turned up serving a PayPal phish Aprl 6. It's already been cleaned. But that would be a PHP site which was conned into loading and serving pages. Couldn't tell you it was cracked for certain, but it smells like it. No, not spamming, but that's just what I saw. Satisfied?

Anyway, turnabout's fair play: prove to me that no compromised Linux boxes are spewing spam. You've got a week.

And so you lose.

[khasim]

Anyway, turnabout's fair play: prove to me that no compromised Linux boxes are spewing spam. You've got a week.

Since it is impossible to "prove" a negative, your request is not logical.

Therefore, you lose.

Too bad. All you would have had to have done to show that you were right is to reference a Linux box that was cracked and spewing spam.

Proof

[KMSelf]

Since it is impossible to "prove" a negative, your request is not logical.

Bullox, Brandy.

A single counterexampe will suffice. I gave you my datasource. You've got nmap -O. Start tracking. Or pay me for my time.