Slashdot Mirror
Microsoft's Vigilante Investigation of Zombies
Morgalyn writes "According to an article at Information Week, Microsoft has decided to fight zombie-launched spam in their own way. In conjunction with the FTC and consumer rights groups, Microsoft set up a clean computer and then infected it. They monitored the 'zombie' over the course of 20 days - 'In those 20 days, this one computer received 5 million connection requests from spammers, and sent 18 million spam messages'. This whole operation has led to the (partial) identification of 13 different spamming groups, some of which reside in the US and may be prosecuted under the CAN-SPAM act."
How is this fighting this in thier own way? Don't lots of other orgs do this same thing...? Don't they also fight spammers in other ways too? And also, if they're doing this in conjunction with a whole bunch of other people... how is this their own way? :P
There are lives at stake here!
You moderators may think that's funny, but there's more than a grain of truth in there. The current estimate by the ISC's DShield for how long it takes for a random computer to get infected after it's connected to the Internet is 26 minutes.
Think about that for a moment... and then ask yourself why we actually take this for granted instead of suing Microsoft into oblivion. Would a car company get away with cars breaking down on real-life roads an average 26 minutes after they're purchased? The thought is totally ridiculous, yet we accept the same from Microsoft. Why?
quidquid latine dictum sit altum videtur.
Should they be fined for knowingly allowing this machine to send spam?
Paul Grosfield - the quicker picker upper.
Think about that for a moment... and then ask yourself why we actually take this for granted instead of suing Microsoft into oblivion. Would a car company get away with cars breaking down on real-life roads an average 26 minutes after they're purchased? The thought is totally ridiculous, yet we accept the same from Microsoft. Why?
Yeah, but most of us don't steal our cars
Also, it's not a question of breaking down at this point (that was Windows ME's job) It's all about security.
You didn't see car manufacturers issuing major recalls on older cars just because you could unlock them with a coat hanger. Imagine how long you'd own your car if there were thousands of people trying to steal it every minute it was parked.
(If you couldn't figure it out, the answer is: not long)
"The operating system doesn't merely fall apart - it's broken apart by the equivalent of roaming street thugs."
I strongly agree with this. I'm not pro or anti-MS, I just happen to be a SysAdmin that uses their stuff every day, and manages 120 desktops. It's just a fact that there are a lot of shady monkeys that are trying 24/7 to find exploits, holes, and other crap for nefarious deeds.
Call it civic duty, but once a week I spend an hour going thru my spam-logs, and pick a couple (that are obviously being sent from 0wn3d boxen), trace their IP, look up which provider owns the range. I then call their NOC (Which is almost always listed in their WhoIs record), and report the IP (if they're a U.S. provider).
I honestly get a call-back one out of every three times from a provider, saying they've found the hostile traffic coming from that address, and they temporarily block access, or alerted the sysadmin managing the address.
It may be little, but it's sorta civic duty to do something about this from time to time. Kudos to Cavalier and Verizon especially for following up on my calls.
This is one of the worst analogies I've ever seen.
Let's say GM makes a car. You buy it. You drive into a high crime area and don't have your doors locked. You get car jacked 26 minutes later. Should GM be held liable? Of course not.
Microsoft could do a better job, unquestionably, but the car analogy doesn't hold up. When you connect a PC to the internet, it's deluged with attackers almost immediately. When you drive down the road, chances are, you're not going to get car jacked by anyone. Chances are you're never going to get car jacked in your entire life. Do you see the problem of scale at work here? Even ignorning the scale for a minute, if you buy a new car, and some guy comes along and take a baseball bat to the headlights, is that GM's fault? No! It's the guy who broke your headlights! He's the one who broke your property, he's the one that should be liable. So why is it Microsoft's fault when someone else breaks their product?
Everything I've ever learned the hard way was based on a statistically invalid sample.
Two options:
/. conspiracy theory that government is in M$'s pocket (see responses above).
:)
1. Standard
2. Microsoft's promise to sue the people responsable into oblivion. (Admittedly, the 'into oblivion' is implied rather than explicit.) This means that MICROSOFT PAYS FOR THE LITIGATION. The FCC gets Microsoft's honed attack lawyers for free.
Microsoft has opted to do something where the FCC gets credit and Microsoft pays most the costs (litigation is expensive, especially when the people you're suing probably don't have money to pay the judgements). Why would the FCC choose them? It's a conspiracy, I tell you.
Sorry, I'm a law student*, so I tend to believe in the glory and pragmatism of having someone else paying legal fees.
*If I were an actual lawyer, this message would be three times as long and contain the same information. I'm working on it.