Spam Drops 1/3 After Rustock Botnet Gets Crushed

← Back to Stories (view on slashdot.org)

Spam Drops 1/3 After Rustock Botnet Gets Crushed

Posted by CmdrTaco on Tuesday March 29, 2011 @03:45AM from the eggs-bacon-sausage-and dept.

wiredmikey writes "The Rustock Botnet was sending as many as 13.82 billion spam emails each day before being taken down early this month by an effort headed by Microsoft in cooperation with authorities and the legal system. According to Symantec's March 2011 MessageLabs Intelligence Report, the Rustock botnet had been responsible for an average of 28.5% of global spam sent from all botnets in March. Following the takedown, when the Rustock botnet was no longer cranking out spam by the billions, global spam volumes fell by one-third. For reference, toward the end of 2010, Rustock had been responsible for as much as 47.5% of all spam, sending approximately 44.1 billion e-mails per day, according to MessageLabs stats. Since then, Bagle, a botnet that wasn't even on MessageLabs' top ten spam-sending botnets at the end of 2010, has taken over from Rustock as the most active spam-sending botnet this year."

199 comments

Min score:

Reason:

Sort:

Impressive by disopaos · 2011-03-29 03:46 · Score: 5, Insightful

It's really impressive Microsoft was able to do this. They've dropped 33% of the worlds spam and they did it all alone. Microsoft deserves kudos to this. Good job MS!
1. Re:Impressive by Joce640k · 2011-03-29 03:51 · Score: 4, Informative
  
  "Spam will be a thing of the past in two years' time" - Bill Gates, 24 January 2004.
  
  --
  No sig today...
2. Re:Impressive by Evtim · 2011-03-29 03:52 · Score: 3, Insightful
  
  Excellent! So they can drop all attempts to regulate the bandwidth. After all we just got 30% wider pipe, did we not?
  For those oh so bandwidth hungry mobile devices......
3. Re:Impressive by Anonymous Coward · 2011-03-29 03:52 · Score: 0, Insightful
  
  Which unrootable OS do you run?
4. Re:Impressive by GameboyRMH · 2011-03-29 03:57 · Score: 1
  
  Making it worse...
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
5. Re:Impressive by Anonymous Coward · 2011-03-29 04:04 · Score: 0
  
  Yes. Now let them pay a hefty sum for every infected computer out there and then we're even.
6. Re:Impressive by postbigbang · 2011-03-29 04:04 · Score: 4, Insightful
  
  Microsoft's operating system architecture allowed users to have admin privileges, among other architectural mistakes. Defaults were made so that HTML rendering was done by default, as well. Many users were infected because of incompetence-- not by sheer numbers.
  FOSS coders have the same loathing for spam and lack of prosecution that other coders do. That Microsoft has taken down a botnet is laudable. Others ought to join in, too. But first, perhaps online email services ought to acknowledge the role the play in allowing spammers to do their work. Microsoft is one of the good guys here, acknowledging abuse complaints quickly, but others like AOL and Yahoo, don't even acknowledge a complaint, let alone act on them.
  Botnets are one part of the problem, but even users trying to do their very best get infected. It's less so than before XP SP2+ editions, but there are very few non-Microsoft botnet members out there. Think about that.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
7. Re:Impressive by Afty0r · 2011-03-29 04:05 · Score: 0
  
  He was right - it is. For the people who matter.
  He never said what the solution would be, nor that no-one would send spam - just that it would be a thing of the past. And for my users at work, for me, for my family it really is a thing of the past, because someone has solved the problem for me. We almost never SEE spam messages anymore - even one per week is quite alot. Despite the fact one of accounts alone gets a thousand a day.
8. Re:Impressive by rolfwind · 2011-03-29 04:07 · Score: 2
  
  Microsoft didn't create any problem to begin with. All OS's with billions of stupid users will get infected.
  Not all OSes are created equal.
9. Re:Impressive by cpghost · 2011-03-29 04:09 · Score: 3, Insightful
  
  Since most of those botnet machines are running MS, I'd say, it's about time MS became involved in the fight against spam. The delivery mechanism for all this spam wouldn't exist if it weren't for Microsoft's poor record at building a somewhat secure operating system.
  
  --
  cpghost at Cordula's Web.
10. Re:Impressive by vlm · 2011-03-29 04:12 · Score: 1
  
  And for my users at work, for me, for my family it really is a thing of the past, because
  
  All non-corporate communication is done via facebook wall posts now?
  We are rapidly nearing the point where no email will flow unless:
  1) One side is a spammer.
  or
  2) One side is a corporation or an individual acting on the behalf of a corporation.
  I could see a point in a year or two where "email spam" is about as relevant to the general population as "usenet spam".
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
11. Re:Impressive by Anonymous Coward · 2011-03-29 04:18 · Score: 1
  
  Mod parent up - it seems like almost all accounts in the 202XXXX range are MS shills. It's getting annoying.
12. Re:Impressive by Anonymous Coward · 2011-03-29 04:19 · Score: 0
  
  Excellent! So they can drop all attempts to regulate the bandwidth. After all we just got 30% wider pipe, did we not?
  For those oh so bandwidth hungry mobile devices......
  You're confusing percentages. Let's say spam takes up 20% of the bandwidth of the world. We just gained 6% back.
13. Re:Impressive by Anonymous Coward · 2011-03-29 04:19 · Score: 0
  
  I agree in part with this, but saying that there are very few non-Microsoft botnet members out there is misleading. Spam is all about numbers. If Windows users account for the vast majority of online users, then why create botnet software for other operating systems? This takes time and effort and will not likely result in an influx in spam from those systems. How may OSX users actually pay attention to the system when it asks for a username and password to install something. I agree that there are aspects that are more secure of about other OS', but a user can still log in as root/su/admin on any system to make changes, and if a malicious piece of software can convince a person to do so, they can install software that you don't want. Right now, there's just not enough benefit for spammers to do so.
14. Re:Impressive by dmomo · 2011-03-29 04:21 · Score: 1
  
  "Regulation of Bandwidth" and "Having More Available Bandwidth" are two separate concerns. Arguments for or against the prior should stand regardless of the latter. If only this were so.
15. Re:Impressive by jhigh · 2011-03-29 04:24 · Score: 1
  
  It's not about whether or not an OS CAN be rooted. Rather, it is about the degree of difficulty, particularly using a default installation. In that regard, Linux > Windows.
  
  --
  Social Engineering Expert: Because there is no patch for stupidity.
16. Re:Impressive by swanzilla · 2011-03-29 04:26 · Score: 1
  
  He failed to factor in the Hawaiians...they love that stuff.
  
  --
  0 = 1 + e^(Alt something)
17. Re:Impressive by DNS-and-BIND · 2011-03-29 04:27 · Score: 2
  
  Good job! Especially since worm-riddled broadband-connected home computers running Microsoft operating systems were the cause of the spam problem in the first place. An unreasonable man like me would view this as a problem of Microsoft's causing, and by default their responsibility to clean up. Seems as if Microsoft's shoddy programming job allowed the holes to exist in the first place, and they cynically passed the cost on to the rest of us. Sort of like how an amoral oil company should be forced to clean up its oil rig blowout without any special thanks.
  Nah, that's crazy talk. Kudos to Microsoft!
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
18. Re:Impressive by WrongSizeGlass · 2011-03-29 04:28 · Score: 1
  
  Microsoft didn't create any problem to begin with. All OS's with billions of stupid users will get infected.
  So MS (or rather one of their paid shills) is blaming the users for piss poor OS security on Windows?
19. Re:Impressive by aztracker1 · 2011-03-29 04:28 · Score: 2
  
  It doesn't even take rooting an OS.. though it does help to prevent being removed by AV programs later... a trojan can be installed with user permissions and run by the user's desktop when said user is logged in... It doesn't take root, but helps... on non-windows OSes, most users aren't running any kind of AV scans which would make it easier.
  
  1. Build Java(cross-platform) puzzle game/clone
  2. Inject email spamming software into the game.
  3. Send billions of spam...
  4. Profit!
  
  --
  Michael J. Ryan - tracker1.info
20. Re:Impressive by Anonymous Coward · 2011-03-29 04:43 · Score: 0
  
  right :D as well as legendary 640 kB :DDD
21. Re:Impressive by postbigbang · 2011-03-29 04:44 · Score: 1
  
  All of this is about native thru iteratively more difficult hurdles for bot makers. When an OS is inherently more simple to root and bot, the OS seems very likely to have been poorly designed.
  Now that XP SP2+ inhibits this, there have been further exploits through email and browser payloads that have caused innumerable machines to become bot'd.
  If you divide that out, let's look at the iPad phenomenon, where they outsell a lot of stuff, and Apple's total end-user marketshare has climbed through the roof. In the wild, I've seen exactly zero machines that have been bot'd using iOS or MacOS. I've seen all of one Linux machine bot'd-- as an experiment. I've seen rootkits on Linux servers, to my chagrin. I've had one of my critical web Linux servers get rooted, but we killed it as we watched it become injected by changing DNS.
  So it's not misleading. It is what it is. It was really really easy, jaw-dropping easy. Now it's tougher. MacOS has its own foibles as does Linux. Statistics doesn't really account for the problem: bad coding and architecture do.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
22. Re:Impressive by Anonymous Coward · 2011-03-29 04:44 · Score: 1
  
  Uh... why would "open source guys" have a desire or initiative to kill Windows-exclusive botnets? It's Microsoft's problem.
  I did brief development on a popular worm project back in 2000. Compromised *nix machines were as valuable as fucking gold. If found they were far more likely to be used for hosting needed servers. Windows bots had lots of problems: average uptimes of ~2 hours, competing malware infections (which ours attempted to remove), and IP connection count issues (500+ connections either crashed the machine, lagged it so hard the user rebooted, or made IRC servers whimper and die).
  I think it's fair to say that your operating system has a pathetic reputation when even the botnet owners scorn it.
23. Re:Impressive by Anonymous Coward · 2011-03-29 04:47 · Score: 0
  
  Maybe if they didn't have a brown-nosing response ready to go as soon as the post was made, we wouldn't have noticed it so quickly...
24. Re:Impressive by Anonymous Coward · 2011-03-29 04:49 · Score: 0
  
  Yes. Actually I would be ok if all Windows users would be taken off the net.
25. Re:Impressive by AJH16 · 2011-03-29 05:03 · Score: 2
  
  Unfortunately no, since spam didn't take 100% of the pipe.
  
  --
  AJ Henderson
26. Re:Impressive by digitig · 2011-03-29 05:30 · Score: 1
  
  Microsoft's operating system architecture allowed users to have admin privileges, among other architectural mistakes.
  On home systems they have to let potentially inexperienced users have access to admin privileges. Vista took them away by default, but whenever some tempting piece of software says it needs someone to type the admin password most users will do it so it barely slows down the spread of trojans. The same attach would work just as well as any OS with a large home-user userbase. The weakness is not so much the OS, it's PEBKAC.
  
  --
  Quidnam Latine loqui modo coepi?
27. Re:Impressive by postbigbang · 2011-03-29 05:39 · Score: 1
  
  Until XP SP2, which did the same thing as Vista, user was root/admin. A lot of software had to run as root, too, which Microsoft forced a demotion of when they changed this policy.
  It's really the architecture, and irresponsibly bad QA, as well as rush to market problems.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
28. Re:Impressive by Belial6 · 2011-03-29 05:39 · Score: 1
  
  You use sarcasm, but MS really didn't create the problem. If the SMTP protocol had security from the start, spam wouldn't be much of a problem. I'm sure MS could have been more helpful sooner, but the spam problem certainly doesn't fall on their feet.
29. Re:Impressive by Anonymous Coward · 2011-03-29 05:46 · Score: 0
  
  And for my users at work, for me, for my family it really is a thing of the past, because
  All non-corporate communication is done via facebook wall posts now?
  damn he's caught on to a major facebook user hook stategy - migrate from facebook and these will be gone
30. Re:Impressive by Stunky · 2011-03-29 05:51 · Score: 2
  
  He was right. Gmail was launched April 1st, 2004.
31. Re:Impressive by DNS-and-BIND · 2011-03-29 05:52 · Score: 1
  
  The problem is not SMTP, the problem is infected Windows boxes cranking out millions of spams per day.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
32. Re:Impressive by Robert+Zenz · 2011-03-29 05:54 · Score: 1
  
  So it's the problem of the Protocol that it gets billions of emails from millions of hijacked machines?
33. Re:Impressive by Life2Death · 2011-03-29 05:59 · Score: 0
  
  I'm sure a lot of people in 2006 were using gmail, so Bill was right!
34. Re:Impressive by Belial6 · 2011-03-29 06:04 · Score: 1
  
  If Windows were 100% secure, there would still be huge amounts of spam. If Windows disappeared tomorrow, spam would continue and the drop in volume would be temporary. So, Windows is not the problem. SMTP is the problem.
35. Re:Impressive by smelch · 2011-03-29 06:11 · Score: 1
  
  Well most of the spam is sent to linux mail servers. Bitch. Also your post is probably 100% bullshit.
  
  --
  If I can just reach out with my words and touch a butthole, just one, it will all be worth it.
36. Re:Impressive by Belial6 · 2011-03-29 06:13 · Score: 1
  
  Simple answer: Yes.
  
  If there were no windows boxes, spam would continue. SMTP does not identify the sender. The inability to identify the sender is the single biggest vector for spam. That is a protocol problem. Not an OS problem.
37. Re:Impressive by Anonymous Coward · 2011-03-29 06:19 · Score: 0
  
  No, but it is the protocol's problem that it passes them on.
38. Re:Impressive by DriedClexler · 2011-03-29 06:31 · Score: 1
  
  In fairness, he also said that 660 ppm ought to be enough for anyone.
  
  --
  Information theory is life. The rest is just the KL divergence.
39. Re:Impressive by Anonymous Coward · 2011-03-29 06:37 · Score: 0
  
  Microsoft's weak product security created 99% of world's spam, then used the taxpayer-funded law enforcement to clean up 33%. What about the other 66%, Microsoft? Not such a good job afterall, eh?
  BTW, I have reasons to believe that in reality the parent is a paid advertisement for you-know-who.
40. Re:Impressive by Anonymous Coward · 2011-03-29 06:42 · Score: 0
  
  Since most of those botnet machines are running MS...
  Pretty sure Steve Balmer is running MS. Though the botnet would probably be a more creative and visionary leader if it got the chance.
41. Re:Impressive by Anonymous Coward · 2011-03-29 06:46 · Score: 0
  
  MS has been involved in the fight against spam for much, much longer than you think.
  MS has had the ability to kill dozens of botnets. But legally, if they issue the command to a botnet to shut down, they could be found guilty of computer hacking... after all, they didn't have permission to execute commands on the systems that would be affected. This was explained to me as I was in their lab watching MSFT staff monitor botnets.
42. Re:Impressive by Lokitoth · 2011-03-29 07:00 · Score: 1
  
  Actually, XP SP2 did not do anything other that sandbox IE into a low-priviledge process. If the user is in the Administrators group, he is running as Admin all the time. The problem was merging the 9X branch and NT branch of Windows together (in Windows XP) while maintaining backwards compatibility. If they forced the default user to have to provide an additional password (or even worse, log in to another account, or runas) whenever anything needed to be installed, people would have been screaming in frustration - not to mention the problems with poorly written software assuing it can party on the entire partition and registry. In fact, we saw a mini version of that in Vista with all the brouhaha over UAC and application compatibility.
  And before Win98, there really was not as much pressing need for "security features" in the 9x branch simply due to the fact that generally it was already "completely secure" since it was not connected to anything - for the most part. Folks doing the planning were more concerned with feature lists - that was the big issue. *NIX was luckier and savvier in that regard since it came about from multi-tennant systems and had to deal with security from the beginning. In fact, XP SP2 was essentially a big "mea culpa" out of MS - they stopped developing their new operating system (Longhorn) to refocus efforts on making WinXP more secure.
  The architecture of NT actually supported everything you needed to not run the average user as Admin. Claiming it to be an architecture problem is disingenuous. Usability and compatibility is what got in the way of delivering "secure by default"; until users were hit in the face with malware and social engineering attacks, how many of the average consumer would have understood the need for split-priviledge security, and how many would have been willing to put up with it?
43. Re:Impressive by Anonymous Coward · 2011-03-29 07:13 · Score: 0
  
  In all fairness, _effectively_ (i.e. for most end users) it is a thing of the past. Or when was the last time you saw a spam message in your (web-based) inbox last?
44. Re:Impressive by Tom · 2011-03-29 07:18 · Score: 1
  
  If Windows disappeared tomorrow, spam would continue and the drop in volume would be temporary.
  That is a bold claim. Got any supporting evidence? Not guesses, theories, thoughts, I mean evidence.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
45. Re:Impressive by Tom · 2011-03-29 07:22 · Score: 1
  
  The weakness is not so much the OS, it's PEBKAC.
  That is an arrogant assumption of computer nerds.
  No other industry gloats in its own superiority in such a way. Any car maker, toaster maker, supermarket layout designer, literally everyone else doesn't subscribe to the "customer is dumb" mantra, but looks at where his product is at fault by giving confusing feedback, not guiding the customer correctly, not being easy enough to use, etc. etc.
  And yes, that includes security questions.
  Yes, I am a professional in that area. There are a few cases of "human error", but in 99% of the "user is stupid" cases, a better designed software, interface, workflow or whatever would greatly improve upon the problem.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
46. Re:Impressive by Anonymous Coward · 2011-03-29 07:28 · Score: 0
  
  You know, there are only a few of the botnets that use most of the bandwidth. A few bad apples ruin it for the whole barrel. With new initiatives to limit bandwidth allocation to those "data hog" botnets, we will all live happier data lives.
47. Re:Impressive by postbigbang · 2011-03-29 07:31 · Score: 1
  
  I guess you missed all of the demotion in SP2. Wasn't much, but it was a start. And while you're correct in citing that lowly NT3.5x could have users and administrators, no one coded that way. Everyone had to be an administrator to work. SP2 started the chain completed partially in Vista, then a bit better in 7 to allow genuine user functionality in user space with user apps that could talk to the OS and get work and peripherals to work.
  Even now, the use of the registry database is an architectural defect, as once you're inside it, you can screw things up as you please. Want a nice registry hive masquerading as a CSS hack? Using the right stuff, its slips right past every defense. Today. This minute. Even if you're patched-- zero-days waiting on a shelf.
  Consumers were taught that Windows was a playground. Please customize it with all this neat stuff. Move stuff around. Add-on with glee. Don't worry about security. Your username and password will protect you-- even on those old LANMAN hashed passwords.
  This isn't the forum to do a long debate on the merits of OS architecture. There's not a single one of them without fault. But Gate's choice (ultimately it was his) to merge NT with 98 into 2000 left lots of holes open to allow 'legacy' applications to work. Did they sandbox user space? No. Did they allow apps to run as root and things killing those apps to run root/kernel space? Yes. Were there more sins? Yes. Does BSD, MacOS, and Linux have similar sins? Yes-- but not as many, and not as many that makes one slap their forehead in revilement. After 30years of doing this shit, I've seen too much for you to change my mind. The facts are the facts. History is what it is.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
48. Re:Impressive by digitig · 2011-03-29 07:56 · Score: 2
  
  It's not an arrogant assumption of computer nerds -- I make security blunders too. It's a recognition that there's a fundamental mismatch between what the computer is capable of and the fact that it's a consumer durable. If there were no driving test then I bet road fatalities would be higher, but pretty much nothing you could do to the user interface of the automobile whilst still retaining the functionality would fix that. The only solution is to make it so that only those trained and shown to be at least basically competent are allowed behind the wheel. That probably couldn't be enforced for home computers, so the only answers would be to cripple functionality (would work for a lot of users, actually) or take security out of their hands (another current story on /.). The power users wouldn't be happy, though.
  
  --
  Quidnam Latine loqui modo coepi?
49. Re:Impressive by blair1q · 2011-03-29 08:05 · Score: 1
  
  It doesn't need it from the start. MS's inet stack can be watching for connections to SMTP ports and looking for to-addresses that only exist in spam databases. If the OS detects that, it can phone home, or kill the sending task, or pop up a "You are infected by a spam email botnet program." There's no reason anyone should be hosting one of those any more.
50. Re:Impressive by BadPirate · 2011-03-29 08:06 · Score: 1
  
  "Spam will be a thing of the past in two years' time" - Bill Gates, 24 January 2004.
  Yeah, my g-mail spam filter works like a charm.
  
  --
  - Holy crap, I've got MOD points! Who thought that was a good idea.
51. Re:Impressive by Quirkz · 2011-03-29 08:10 · Score: 1
  
  Parts per million? Pages per minute? Parachutes per metronome?
  
  --
  The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
52. Re:Impressive by blair1q · 2011-03-29 08:16 · Score: 1
  
  SMTP is a protocol and has no behaviors. SMTP-formatted email does identify the sender. Unfortunately, such a thing is easily spoofed. So SMTP can be manipulated to hide the true sender and its location on the network. That's the flaw. But fixing that wouldn't be enough. The proximal problem is that people still get trojans on their machines that can act like normal programs, and the server accepting your connection has no way of knowing whether the client sending it data is legitimate or bogus. The way to fix that is for servers to distribute the code that sends data, and only allow that client to do so. But then the trojan would consist of a script to operate that mechanism as though it was being done by a user.
  So the real solution is to track these fuckers down and throw them into a pit with hungry tigers and poisonous snakes. Make their brains part of the malware protection system. And keep doing it, because there's one born every minute.
53. Re:Impressive by Belial6 · 2011-03-29 08:17 · Score: 1
  
  Well, having personally seen spam spewing from an open relay on a linux box, seems like pretty decent evidence. The Linux and MacOS system that spit out spam now are do not disappear if Windows goes away. In fact, there would be more of them. Now, do you have any supporting evidence to the contrary? Not guesses, theories, thoughts, I mean evidence.
54. Re:Impressive by DriedClexler · 2011-03-29 08:28 · Score: 1
  
  Parts per million. "A reduction to 66% [660 parts per million] ought to be enough for anyone."
  my joke = phail
  
  --
  Information theory is life. The rest is just the KL divergence.
55. Re:Impressive by Belial6 · 2011-03-29 08:31 · Score: 1
  
  I'm not sure what definition of "behaviors" you are using, but the definition everyone else uses means that SMTP certainly does have behaviors. SMTP does not identify the sender. It allows the sender to offer up their identity if the so choose. Yes, I am splitting hair by saying that securely identifying the sender isn't the same as just taking their word for it, but that is the crux of the problem.
  
  Stopping spam is a two part problem. The first part is identifying who the mail comes from. Without a secure way of doing that, there is little beyond what we do today that can be done about it. The second part is throwing the spammers into a pit with hungry tigers and poisonous snakes. You can't do part two until you have done part one.
56. Re:Impressive by jdpars · 2011-03-29 08:35 · Score: 2
  
  Have you SEEN email spam lately? It's entirely non-sensical. Anyone who clicks on something in one (assuming it makes it past a spam blocker) is an idiot. Spam might as well be gone.
57. Re:Impressive by Tom · 2011-03-29 09:05 · Score: 1
  
  Hubris
  Users aren't stupid, they just aren't geeks. It is our fucking job to make these machines useable by normal people. If we can't do that, then it's all just ego-stroking and mental masturbation.
  Unless you have done actual research and experiments and have solid evidence to be sure there aren't other causes (bad architecture, bad security design, bad user interface, misleading OS feedback, not to speak of bugs and exploitable faults), "it's the stupid users" is a cop-out, and a cheap one at that.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
58. Re:Impressive by Tom · 2011-03-29 09:16 · Score: 1
  
  It's not an arrogant assumption of computer nerds -- I make security blunders too.
  The problem isn't that. The problem is how easy they are catastrophic. If our cars were designed that way, highways would be slaughterhouses. Sure, there are quite a few deaths every day, month, year - but we feel compelled to improve on safety continually, instead of shrugging, say "dumb drivers" and going on without a change.
  That is what I call arrogance. Even if it was the fault of the driver, maybe you can make an improvement that reduces the likelihood of others making the same mistake?
  
  That probably couldn't be enforced for home computers, so the only answers would be to cripple functionality (would work for a lot of users, actually)
  Actually, I'm all for that. Why not give people locked-down machines for starters, and once they've shown they can handle it, let them have a real one? Most wouldn't even need that last step.
  
  The power users wouldn't be happy, though.
  Who ever said that one size needs to fit all? Apple is on the right track here - most people really want an appliance, not a general-purpose computer. 90% of computer users do probably less than 10 different tasks on their machine. Websurfing, E-Mail, word processing, managing their photo and music library, gaming, and after that there probably are a bunch of specialized tasks and that's it.
  But still, some of us want a full-blown computer. Nobody said that one excludes the other.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
59. Re:Impressive by Tom · 2011-03-29 09:24 · Score: 1
  
  Well, having personally seen spam spewing from an open relay on a linux box, seems like pretty decent evidence.
  
  A single data point does not make a trend.
  
  The Linux and MacOS system that spit out spam now are do not disappear if Windows goes away.
  
  True, but we're talking volume here. Do you really think that 98% of e-mail would be spam if it weren't for the botnets?
  
  Now, do you have any supporting evidence to the contrary? Not guesses, theories, thoughts, I mean evidence.
  Pretty much any statistics you want to dig up show a massive difference between exploited windows machines and any other OS. Even if you adjust for market share. Even if the other OS is leading, as in the case of LAMP vs. windows webservers.
  OS X currently has a market share of - depending who you ask - somewhere between 5% and 15% in the consumer market. The percentage of malware available for OS X compared to the amount available for windows is nowhere even near that share. It's not even in the stadium. The numbers are something like 2 vs. 150,000.
  All the major botnets run on windows exclusively. You would think that at least one of them would've taken another target. The most logical explanation is the botnet makers think rationally - as long as one very easy target is available, breaking into a harder target would be a waste of time.
  But a harder target also means less penetration, even if the easy target were to go away.
  Linux has had its share of exploits. Despite that, no Linux botnet is known. In addition to better security, there is more diversity making it harder for automated exploits to spread. I've actually written a paper on that 10 years or so ago, it's somewhere on my website.
  I've done my research. Now show yours your shut up.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
60. Re:Impressive by gad_zuki! · 2011-03-29 09:47 · Score: 1
  
  Actually, he turned out to be right. I don't think he or MS was claiming to stop all SMTP traffic that you might call spam, but to have filtering technologies that worked well enough where it wasn't a problem for the end user.
  I remember the late 90s and early 00's. Spam was a big issue. You could randomly get 100+ spam emails in an hour. No one had good filters. It was all client-side and big mess. By the mid 00's it was just this thing to worry about when you checked your quarantine and only the occasional message got through instead of 100+ a day. Of course, it wasnt MS that did all the work. Postini, spamassassin, barracuda, various server-side technologies, blacklists, greylisting, etc.
61. Re:Impressive by Dahan · 2011-03-29 10:11 · Score: 1
  
  66% is 66 parts per hundred. 660 parts per million is 660/1000000, or 0.066%.
62. Re:Impressive by DriedClexler · 2011-03-29 10:18 · Score: 1
  
  Bah! I meant to put 660 K (thousand) ppm, thereby completing the similarity to "640 K ought to be ...".
  Double phail.
  
  --
  Information theory is life. The rest is just the KL divergence.
63. Re:Impressive by rastoboy29 · 2011-03-29 11:12 · Score: 1
  
  umm...you do realize it's their crappy OS that allowed the botnet to be so large in the first place, right?
  
  --
  expandfairuse.org
64. Re:Impressive by Anonymous Coward · 2011-03-29 11:55 · Score: 0
  
  I wonder what kind of energy savings are realized when a botnet like this is brought down. I mean, mail servers around the world should see a lot smaller load, right? Fewer cycles to process the remaining email, less heat produced...
65. Re:Impressive by Belial6 · 2011-03-29 12:18 · Score: 1
  
  A single data point does not make a trend.
  No, it doesn't make a trend. It does show it is possible though, and unless you are claiming that spammers would refuse to spam from anything but Windows, we must come to the conclusion that the spamming would continue on another system. The claim that spammers would refuse to work on other system that meet their needs is an extraordinary claim that would need extraordinary proof.
  
  True, but we're talking volume here. Do you really think that 98% of e-mail would be spam if it weren't for the botnets?
  There would continue to be compromised systems. People install botnet clients all the time. There is nothing in Linux or OSX that prevents users from installing software that sends email, so your making a false assumption that there wouldn't be botnets without Windows.
  
  Botnets are automated Social Networks. Just like social networks, greater membership brings more members which increases membership. You want some research that supports my position? Here is a link for you to read http://web.lemuria.org/
  
  If you will excuse the dead links, the papers that are posted there point out that there are far more vectors than just Windows, and that if all else fails, it is simple enough to just get users to install your botnet software. Go ahead. Read the articles. What is in them might seem familiar to you, even if they contradict what you are saying here on Slashdot.
  
  I've shown you yours, so now come up with something that contradicts me or YOU shut up.
66. Re:Impressive by Anonymous Coward · 2011-03-29 13:18 · Score: 0
  
  "Spam will be a thing of the past in two years' time" - Bill Gates, 24 January 2004.
  Why because Winblows won't exist by now?
67. Re:Impressive by Kalriath · 2011-03-29 14:20 · Score: 1
  
  I'm inclined to disagree. A botnet really doesn't have to live in kernelspace - userspace is more than good enough to spew out thousands of spam messages an hour. Jest all you like about drive-by downloads and the like, but the majority of botnet software is executed by the user, deliberately because it claims to give them cool smilies in MSN, or a little monkey hiding by the clock (or Jessica Alba). Even Linux, BSD and OS X do nothing to stop that sort of behaviour (and they don't claim to try). If they were popular enough that you could guarantee enough penetration by developing botnets for them, we'd see far more BSD-targeted "cursor packs". The problem isn't the system, it's the user.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
68. Re:Impressive by Anonymous Coward · 2011-03-29 14:53 · Score: 0
  
  30% of whatever a bunch of spam emails was taking up.
  Email isn't exactly a bandwidth hog protocol though. I'd bet that all the email traffic in the world is less than 5% of the traffic of torrents. Hell, less than 1%.
69. Re:Impressive by Quirkz · 2011-03-29 16:24 · Score: 1
  
  I was wondering if that was a 640k joke, but then I thought I was being crazy and didn't want to ask.
  
  --
  The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
70. Re:Impressive by Tom · 2011-03-29 22:47 · Score: 1
  
  It does show it is possible though,
  Wrong discussion. Nobody here claims that all other OSs are perfectly secure and nothing bad could ever happen on them. "Possible" is not what the problem of Spam is even about. "Massive enough to drown everything else" is what the problem is. For that, it has to be more than possible, it has to be so easy that it is economically feasable to root systems on a large scale.
  
  the papers that are posted there point out that there are far more vectors than just Windows
  Yes, I know. However, you ignore the point that in those approaches I was simply assuming the existence of a remote root exploit that would work on the target system. Also, that is not spam botnet research. A spam botnet wants to stay undetected and it wants to stay up and running. That requires a different approach. But of course you know all that.
  Again, this is not a black-white claim I'm making. I don't say spam would stop if windows were to vanish tomorrow. This is an argument about economics. If the effort to build a botnet on Linux or OS X systems is higher than for windows systems, the economies for the botnet creators change. Spam works by massive volumes due to the tiny return percentage. It needs to send out millions of mails to be profitable. If you are a spammer, you can calculate how much spam on average a rooted system sends before it gets taken down. You can calculate how much it costs to root a system. If either of those variables change, your profit calculations change. If windows were to be replaced by something that is twice as hard to crack and twice as likely to detect a break-in, then your costs suddenly increased four-fold. Is your operation still profitable?
  
  --
  Assorted stuff I do sometimes: Lemuria.org
71. Re:Impressive by Belial6 · 2011-03-30 03:26 · Score: 1
  
  "Possible" is not what the problem of Spam is even about. "Massive enough to drown everything else" is what the problem is.
  That is a false dichotomy. If it is possible, and it can make money then someone will do it. Your cost calculations are irrelevant when you factor in the third world, although it is unlikely to become so expensive that it needs to go to the third world. Of course, your own papers point out that remote exploits are totally unnecessary to propagate malware. What you say in this thread directly contradicts the papers you wrote and published on your website.
72. Re:Impressive by Tom · 2011-03-30 09:43 · Score: 1
  
  You've not heard of different angles to a problem, have you? I haven't done a paper about economics of spam so far, so how could I contradict something I haven't said?
  Cost calculations are not irrelevant. The third world is not by default cheaper. Some things are, like manual labor. Many things aren't, and some things are even more expensive. Unless you do a detailed cost analysis, it isn't as simple as "let's move to a cheap country". Heck, even companies that did do cost analysis learnt the hard way that it can be more expensive in a "cheap" country.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
73. Re:Impressive by Belial6 · 2011-03-30 14:08 · Score: 1
  
  Malware will continue to target the weakest link, which will often be the human user. Anti-Malware products have partial success in containing known threats. Both sides have thus far avoided entering a technology arms race, and are instead fighting the easier war of attrition. Security products sell a lot. Malware apparently sells quite good, too.
  
  The third world is not by default cheaper
  This is a straw man. Your right that it isn't always cheaper. When you need infrastructure and they don't have it, it can be more expensive. When you have a company reputation on the line that can be damaged by a few failures, it can be more expensive. When you have to worry about liability for faulty products, it can be more expensive. We are not talking about these kinds of businesses though. You fail at your strawman.
  
  I would have thought that someone who is an expert on social engineering would be better at twisting the discussion. Apparently your skills are not as good as you believe.
74. Re:Impressive by Tom · 2011-03-31 07:04 · Score: 1
  
  We are not talking about these kinds of businesses though. You fail at your strawman.
  
  So the hungry kids in Africa are all computer experts just waiting for someone to come along and give them a few bucks so they can write the next botnet? Yeah, right.
  These botnets aren't run by kids, they are run by organized crime. Last I checked, the mafia didn't relocate to India because it's cheaper there. You have your people, your networks of influence and power, your ties to the local community and law enforcement, your thugs - all stuff that's not so easy to transport and not so easy to set up someplace else.
  
  someone who is an expert on social engineering
  Your claim, not mine. I can connect you to experts in that field if you have business for them, I merely know about it what you pick up when you work in information security for a decade.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
75. Re:Impressive by Belial6 · 2011-04-01 06:22 · Score: 1
  
  So the hungry kids in Africa are all computer experts just waiting for someone to come along and give them a few bucks so they can write the next botnet? Yeah, right.
  Did you really just try to counter me calling you out on your strawman argument by making a strawman argument? Let me reread that just to be sure. Yep. You sure did. You are fully aware that not every kid in Africa would need to be a computer expert for there to be enough computer experts in the country to make the system profitable. I hope you don't lie to your customers as transparently as you lie to readers on Slashdot.
  
  These botnets aren't run by kids, they are run by organized crime. Last I checked, the mafia didn't relocate to India because it's cheaper there. You have your people, your networks of influence and power, your ties to the local community and law enforcement, your thugs - all stuff that's not so easy to transport and not so easy to set up someplace else.
  Now you are trying to tell us that it is difficult to find corruption in Africa? Wow.
  
  Your claim, not mine. I can connect you to experts in that field if you have business for them, I merely know about it what you pick up when you work in information security for a decade.
  Since you post 'facts' about social engineering on your site from seminars that you have given, it is NOT my claim. Unless, of course, you are going to claim that you were totally unqualified to be giving those talks. Quite frankly, given that social engineering is the BIGGEST threat to security, if you cannot claim to be an expert in that part of it, you cannot claim to be an expert in security at all.
Your trolling/shilling has to stop by Anonymous Coward · 2011-03-29 03:49 · Score: 0, Troll

seriously
Who cares by afidel · 2011-03-29 03:49 · Score: 4, Insightful

The organized criminals who are raking in the money are well protected in their home countries so this is essentially a big game of whack a mole until people better protect their computers (good luck with that).

--
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
1. Re:Who cares by Jahava · 2011-03-29 04:02 · Score: 2
  
  The organized criminals who are raking in the money are well protected in their home countries so this is essentially a big game of whack a mole until people better protect their computers (good luck with that).
  Agreed, kind of. Users can only do so much, especially when zero-days are frequent targets of vulnerabilities and vendors do lazy and irresponsible patching and damage control.
  We need well-enforced international criminal penalties for both the spammers themselves, as well as the corporations that hire them. Remove the monetary incentive and both the motive and means drop significantly. This also reduces the overall incentive to infect others' machines as a nice side effect.
  What would also be interesting is legislation holding a corporation accountable (to an extent) for damages caused by infections that leveraged their products as a vector. I imagine that would light a fire under Adobe's feet to actually patch responsibly.
2. Re:Who cares by _|()|\| · 2011-03-29 04:16 · Score: 5, Informative
  
  this is essentially a big game of whack a mole
  
  The last couple of times a story like this was posted, I went straight to SpamCop's statistics for corroboration. You're right: the touted decrease in spam is real, but temporary. However, the yearly chart does seem to show a downward trend.
3. Re:Who cares by damn_registrars · 2011-03-29 04:19 · Score: 2
  
  so this is essentially a big game of whack a mole until we do something about the economic forces behind spam
  
  There, fixed that for 'ya. No amount of patching and filtering will make spam go away - ever. Spam will continue to be sent out as long as spammers can make money by sending out spam. The only way we can ever end spam for good is to either make it too expensive to send (which would not be palatable for most users) or take serious steps to interfere with the money train that keeps the spammers paid.
  
  Everything else is reactionary, futile, or just a feel-good step (or a combination thereof).
  
  --
  Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
4. Re:Who cares by a1Neri · 2011-03-29 04:23 · Score: 0
  
  The organized criminals who are raking in the money are well protected in their home countries so this is essentially a big game of whack a mole until people better protect their computers (good luck with that).
  So we should do absolutely nothing to stop it, sounds like a great plan. We'll probably never stop terrorism either but you're right - lets just stop trying.
5. Re:Who cares by SlippyToad · 2011-03-29 04:45 · Score: 1
  
  I don't know why we don't start boxing in nations who do not control their spammers and hackers. Telling the USSR, just for an example, to shut down their known, easily-found spamming operations or get blackholed right off the fucking face of the planet would go a long way towards ending this stupidity.
  I'm sure somewhere in the Wikileaks memos someone could find evidence that all of our world leaders are polishing each others' fucking knobs on this issue . . . sometimes I think the world is run by toddlers who've escaped the daycare.
  
  --
  One day I feel I'm ahead of the wheel / the next it's rolling over me / I can get back on / I can get back on
6. Re:Who cares by Belial6 · 2011-03-29 05:41 · Score: 2
  
  It would also destroy the software industy and stagnate it with the few companies that could afford the insurance or were "too large to fail" and making sure that the three companies still producing software didn't do anything new for fear of creating a hole.
7. Re:Who cares by Anonymous Coward · 2011-03-29 05:49 · Score: 0
  
  I think you mean to s/USSR/USA/
8. Re:Who cares by Tom · 2011-03-29 06:59 · Score: 1
  
  Why, then, does my own statistics show a very strong upwards trend? Is the volume getting lower, but it bypasses the filters better?
  Seriously. I have as much spam in my inbox now as I used to do 10 years ago, when it started to piss me off enough that I installed spam filters. Except now there's little more I can do. :-(
  
  --
  Assorted stuff I do sometimes: Lemuria.org
9. Re:Who cares by Tom · 2011-03-29 07:06 · Score: 1
  
  And unfortunately, this will not happen for a very, very long time.
  You see, spam is just the ugly part of some deep beliefs of our culture. Tackling spam means asking questions few people really want to have asked seriously.
  For example: Isn't almost all advertisement unsolicited? I certainly didn't opt-in to any of the billboards I encounter every day on the street.
  Or: Where do we draw the line to unethical business practices, and can we really draw it - in an official, as in on-the-book, way - without declaring half of our major corporations unethical?
  
  --
  Assorted stuff I do sometimes: Lemuria.org
10. Re:Who cares by Tom · 2011-03-29 07:16 · Score: 1
  
  sometimes I think the world is run by toddlers who've escaped the daycare.
  It's worse than that. It's run by people with an adult mind and toddler ethics. I'm not kidding, kids have an early phase in their development where they simply can not fathom the concept that there could be a part of the world that does not revolve around them, and can not be easily classified as threat or source-of-food-and-security - or as one of the famous people with that mindset put it "you're either with us..."
  
  --
  Assorted stuff I do sometimes: Lemuria.org
11. Re:Who cares by blair1q · 2011-03-29 08:17 · Score: 1
  
  How well protected?
  Like, say, if the government advertised their names and addresses, would it be impossible to bribe their nefarious cohorts to impose a little discipline on them?
12. Re:Who cares by afidel · 2011-03-29 08:53 · Score: 1
  
  Yes, that well protected. They are part of well armed organized gangs with protection from local and state police and often the military. The Russian mob makes the guys from Sicily and NYC look like rank amateurs, as do many of the groups in other former eastern block countries. The guys in China could be touched if they pissed off the wrong party boss who wasn't being enough to look the other way.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
13. Re:Who cares by sjames · 2011-03-29 20:23 · Score: 1
  
  It's worse! Toddlers can be taught that cheating and hitting are bad. World leaders are impervious to those lessons.
14. Re:Who cares by eriqk · 2011-03-30 02:28 · Score: 1
  
  Telling the USSR, just for an example, [...]
  I hate to break it to you, but the USSR hasn't been around for about two decades.
Agreed, 110%... apk by Anonymous Coward · 2011-03-29 03:49 · Score: 0

"It's really impressive Microsoft was able to do this. They've dropped 33% of the worlds spam and they did it all alone. Microsoft deserves kudos to this. Good job MS!" - by disopaos (2029158) on Tuesday March 29, @11:46AM (#35653682)
Especially vs. spam that might have contained attachments that were bogus malware in disguise to wreak havoc on you, or, spam that contained links that led to maliciously scripted websites.
APK
P.S.=> I'm for anyone that's out there contributing to the "good fight" against those types of things... apk
1. Re:Agreed, 110%... apk by Anonymous Coward · 2011-03-29 03:58 · Score: 3, Funny
  
  Don't forget about the spam that contains an /etc/host attachment. Some of them are hundred of megabytes in size.
Form letter time by DriedClexler · 2011-03-29 03:50 · Score: 5, Funny

This same old "silver bullet" for spam is yet another lame attempt to solve an intractable problem. Here we go...
Your post advocates a:
wait, one third you say??? Holy shit, never mind! Good work!

--
Information theory is life. The rest is just the KL divergence.
zeus by Anonymous Coward · 2011-03-29 03:51 · Score: 0

they should take down zbot and similar. spam is just a nuisance, stealing credit card numbers is obviously much bigger problem.
This is really good news... by Tigger's+Pet · 2011-03-29 03:53 · Score: 2

Now I can get my spam-bot service up and running with much less competition in the marketplace. Some penis-enlargement companies just don't want to spread their money around.
1. Re:This is really good news... by cobrausn · 2011-03-29 04:24 · Score: 1
  
  Hmmm. Penis Enlargment. Spread. I can't help but feel there is a joke in there somewhere...
  
  --
  How does it feel to be a liar with pants constantly on fire?
2. Re:This is really good news... by Anonymous Coward · 2011-03-29 05:19 · Score: 0
  
  You're really beavering for a laugh, mate!
3. Re:This is really good news... by blair1q · 2011-03-29 08:19 · Score: 1
  
  No, and now that there's less traffic your operation will be more visible, hence more vulnerable. Hence the PECs will be negotiating to pay you less since the risk of losing your services to interdiction just went up.
4. Re:This is really good news... by Chris+Tucker · 2011-03-29 14:33 · Score: 1
  
  "Taxes: Redeemable only for Warfare, Welfare, and more Taxes. Offer not valid in Puerto Rico." Some dumbass Randroid Teabagger.
  "I enjoy paying taxes. With them I buy civilization."
  Oliver Wendell Holmes.
  
  --
  Guaranteed! This comment 100% Anthrax free!
5. Re:This is really good news... by cobrausn · 2011-03-30 02:49 · Score: 1
  
  You're replying to a sig? What a fucking loser. I'm also pretty sure you're replying with someone elses sig.
  
  Also, you don't know a fucking thing about me and you failed to really get what the sig is saying. I would gladly pay taxes if I felt that it wasn't going to be used to wage pointless wars (this coming from a military vet) and if I got anything out of the socialist programs they institute. Instead, we get American style welfare, where the successful pay and get nothing and those who don't pay shit get everything. You may now return to your mother's basement you fucking liberal binarian twit. I have never actually read any Rand, but considering how it makes fucking idiots like you froth at the mouth I might start quoting her everywhere, even when it's not relevant. Oh, and since we're being retarded here...
  
  Guaranteed! This comment 100% Intelligence free!
  FTFY.
  
  --
  How does it feel to be a liar with pants constantly on fire?
6. Re:This is really good news... by Chris+Tucker · 2011-03-30 04:14 · Score: 1
  
  This. Is. SLASHDOT, Slappy. You drop a sig like that, expect to get called on it.
  I love it when people like you flip out. Shows me that I was dead on target.
  I particularly love the instant resort to obscenities, not to mention the cite of a COMIC STRIP.
  So you're ex-military. So what? I'm to be impressed that you joined the ArmyNavyAirForceMarinesCoastGuard? I'm to be impressed that you became a member of an organization that goes and kills people because some Rear Echelon Mother Fucker in D.C. says so? When CHimp McCokespoon said to overthrow Saddam, did yo leap to your feet and yeah "OOHRAH! GET SOME! GET SOME!"?
  Yeah, ex-military. Big Fucking Whoop! Got both eyes, all your limbs and fingers and no PTSD or TBI? If yes, you're lucky.
  But, I digress.
  What REALLY pisses you off is that your Teabagger quote didn't get the reaction you were expecting.
  You got a response that almost made you think, but your brain, overfed on GOP/Rightwing/conservatarded propaganda couldn't process the Holmes quote.
  "What The Fuck? I can't understand this, so I must hate it and the person that said it!"
  Oliver Wendell Holmes, Jr. . Hate away.
  The successful pay and get nothing.
  400 people in the US have more wealth than 155 million have combined. Let's make that even clearer for you:
  400 people in the U.S. have more money than HALF the population of the U.S. has if all the money in that half were added together.
  And you, Slappy, YOU are part of that group of 155 million Americans. As am I. Pretty much everyone you will see at work, on the street, etc in the next 24/48/72 hours/12 months will be part of that 155 million.
  I hope you have a job that can't (yet) be moved to China.
  Because when it is, give me a call so I can laugh in your face for thinking that you were someone special, when you were just another sucker that got played by the GOP/Koch-financed Teabaggers/Fox News Conservatards.
  Oh, FYI, I live in a very cozy little apartment on the 4th floor of a building in Boston.
  Oh, P.S. When you were in the military, my taxes fed you, clothed you, and equipped you. When you get sick, my taxes pay for your care at a V.A. hospital. When you get old and retire, your Social Security benefits will likely include some of the money from my my taxes. The roads you drive on are paid for by my taxes. The air traffic controllers that keep planes from crashing into each other are paid for with my taxes. The EPA that strives to insure that you have clean water and air. Yep! My taxes help pay for that. They also help pay for the FDA and CDC. Wholesome food and medicines, along with disease prevention.
  You're welcome!
  When you die, your burial in a Veteran's cemetery will be paid for by taxes, as was the cemetery itself, and the care of your grave will be paid for by taxes paid by people much like myself.
  People who pay for civilization.
  
  --
  Guaranteed! This comment 100% Anthrax free!
7. Re:This is really good news... by cobrausn · 2011-03-30 04:29 · Score: 1
  
  Instantly resort to obcenities? The first fucking line of your reply called me a dumbass. I didn't read the rest of your post, as the first couple lines were a pretty good indication of the kind of dumbshit I'm dealing with, and the rest will likely just annoy me and make my day that much worse.
  
  Before I go though, one last troll.
  
  Government "help" to business is just as disastrous as government persecution... the only way a government can be of service to national prosperity is by keeping its hands off. Read more: http://www.brainyquote.com/quotes/authors/a/ayn_rand.html#ixzz1I6JtufZD
  
  --
  How does it feel to be a liar with pants constantly on fire?
8. Re:This is really good news... by Chris+Tucker · 2011-03-30 09:54 · Score: 1
  
  Would you like some cheese with your w(h)ine?
  "
  Government "help" to business is just as disastrous as government persecution... the only way a government can be of service to national prosperity is by keeping its hands off. Read more: http://www.brainyquote.com/quotes/authors/a/ayn_rand.html#ixzz1I6JtufZD "
  Funny, GE seems to be prospering .
  "The company, led by Immelt, earned $14.2 billion in profits in 2010, but it paid not a penny in taxes because the bulk of those profits, some $9 billion, were offshore. In fact, GE got a $3.2 billion tax benefit. "
  Randroid teabagger says what?
  
  --
  Guaranteed! This comment 100% Anthrax free!
figures by Anonymous Coward · 2011-03-29 03:55 · Score: 0

> 13.82 billion spam emails each day
astounding
Licensed copy of Windows 7 by aaaaaaargh! · 2011-03-29 03:56 · Score: 1

This outcome could have been easily prevented if they had used licensed copies of Windows 7 for their spam net.
Typo in article? by RealGrouchy · 2011-03-29 03:59 · Score: 1

FTA (emphasis added):

Shortly after the news of the Rustock botnet takedown broke, Adam Wosotowsky, principal engineer at McAfee Labs told SecurityWeek: âoeWe have seen a decrease in Rustock levels, however it by no means has disappeared. This could be due to the botnet still running on old commands, or that lawsuits against botnet owners and associated hosting are proving successful. We are also expect the reseeding of botnets, such as McColo, as botnet operators rebuild their networks."
How do successful lawsuits against the botnet owners prevent the spam from disappearing?
- RG>

--
Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
1. Re:Typo in article? by wiredmikey · 2011-03-29 05:21 · Score: 1
  
  Not a typo, here is an example of a recent prosecution -- http://www.fbi.gov/news/pressrel/press-releases/fbi-slovenian-and-spanish-police-arrest-mariposa-botnet-creator-operators -- Andy many more are behing hunted down Brian Krebs writes about: http://krebsonsecurity.com/2011/03/microsoft-hunting-rustock-controllers/#more-8707
2. Re:Typo in article? by RealGrouchy · 2011-03-29 05:26 · Score: 1
  
  Yes, but the quote cites recent prosecutions as a reason why the botnets have not reduced output entirely.
  - RG>
  
  --
  Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
ZEUS Tracker can help you then & here's how by Anonymous Coward · 2011-03-29 04:09 · Score: 0, Informative

ZEUS TRACKER:
https://zeustracker.abuse.ch/monitor.php?filter=online
Add what's in there hostname-domain/subdomain name-wise into your HOSTS file, and zeus can't touch you, because you stop access to ANY of its botnet's servers or enslaved zombies.
(And, when you get IP Addresses in there rather than URL's as 99% of them are, add them in as a new firewall rule that denies access to them (either in your software based firewall OR router)).
APK
P.S.=> It works. It's what I do for myself, family, & friends until ZEUS (& other bots like SpyEye which also has such a tracker of its command & control, dropzone, etc. servers also) is "taken down", which is probably only a matter of time... apk
I've gotten less spam myself by sandytaru · 2011-03-29 04:11 · Score: 1

Went from 4-5 spam messages a day in gmail to just one today. That is awesome.

--
Occasionally living proof of the Ballmer peak.
Not for long... by damn_registrars · 2011-03-29 04:13 · Score: 4, Insightful

Sure the spam volume dropped, but anyone who thinks this is anything but temporary is either crazy or an idiot. Naturally as soon as one botnet goes down another one ramps up to take its place; this is exactly what the prime motivating factor behind spam - money - will do to the situation.

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:Not for long... by creamy_red · 2011-03-29 05:54 · Score: 1
  
  I don't know about you, but the amount of spam I'm receiving is decidedly higher in perhaps the last 2-3 months. Not sure what it is - Gmail used to be really good about catching it.
2. Re:Not for long... by EvilIdler · 2011-03-29 07:13 · Score: 1
  
  My spam volume is pretty much unchanged. I'll get a handful at the weekend (off to SpamCop it goes), and since registering a business some local companies using foreign servers have been sending me one or two unwanted comical e-mails per week. All my spam is either 419-scams or somebody trying to sell me somewhat legal business products these days. The old pharmaceutical spam doesn't even reach my inbox (thanks, Zimbra filters!).
  I do have a very old and easily guessed e-mail account that I don't actually use, and just use to train filters. Whenever I activate it I can enjoy 100-200 new e-mails per day for the filters to chew on. This amount has not changed since the botnet went down, either.
3. Re:Not for long... by blair1q · 2011-03-29 08:21 · Score: 1
  
  Prosecution is the prime demotivator behind reducing crime, so it should be done as loudly and crudely as possible.
Hm. by JustAnotherIdiot · 2011-03-29 04:18 · Score: 1

Who else stopped reading as soon as it said "According to Symantec"?

--
What do I know, I'm just an idiot, right?
Re:Unrootable by TaoPhoenix · 2011-03-29 04:31 · Score: 2

Amiga OS 5!
"Never heard of it? Precisely!"

--
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Wouldn't it be great if the ISPs could play a part by Marrow · 2011-03-29 04:31 · Score: 1

Perhaps by just informing people that their machine may be infected? Perhaps by using another medium like an automated phone call or a note on their bill that says that traffic from their computer conforms to traffic seen by infected computers? Perhaps giving them some stats each month that says: this is how many email were seen to be sent by your Internet connection; hey this is pretty high for a home computer, have you updated your virus scanning?
I do not necessary suggest that they block port 25 or insert means of cutting off users. But the users could be warned/informed of what the network was seeing.
To give it a slightly different twist... by Anonymous Coward · 2011-03-29 04:31 · Score: 0

You know what kind of answers you'll get for that one. You deserve all of them.
Here's another twist to it, one that doesn't get mentioned as often, but which would be food for thought for those free software folks who try to imitate Microsoft in every respect (with a registr^H^H^H^H^H^H^Hgconf and all that goodness):

It is in the most genuine interest of Microsoft that users be dumb

Chew on that sentence, taste it slowly. How is it? A tad bitter?
Back in the heroic seventies, one of the aspects of computer ergonomy was that it should encourage the user to learn, providing paths from newbie state to advanced state.
Nowadays all that seems forgotten. Cater to the minimum, and try to keep the users there.
I'm observing the very same trend on Free desktop environments, and that makes me really sad.
Have we lost the battle, after all?
1. Re:To give it a slightly different twist... by hedwards · 2011-03-29 04:40 · Score: 1
  
  It's a matter of motivation back in the 70s and 80s and through much of the 90s, the number of computer users was small enough that you could do that, but a lot of people that make up the growth aren't motivated to learn, which is why even extremely simple things are beyond their grasp.
  MS, Apple and some of the Linux distros aren't helping anybody by discouraging people from experimenting and looking to get better at it.
2. Re:To give it a slightly different twist... by rgbatduke · 2011-03-29 04:46 · Score: 1
  
  The battle to give humans actual brains? There's an actual battle?
  
  Bear in mind that 1/2 of the world's population has an IQ less than 100. Even allowing for the Flynn effect, what that essentially means is that roughly 2/3 of the world's population isn't going to be able to learn to use complex tools, especially when they have the lazy choice of using simple ones. Either the computer provides the missing intelligence, or the user will have to do without.
  
  In the case of MS's many operating systems post DOS (which required some intelligence to operate) they simply have done without. In the case of Apple's operating systems pre-OSX -- they also did without. Indeed, remember the adage "You can learn to use a Mac in a day, and pay for that knowledge the rest of your life". OSX retained a lot of the brainless simplicity of the GUI, but at least it does have an expert-friendly upwardly mobile path for those whose intelligence is somewhat above the mean.
  
  Either way, one cannot blame users of Microsoft systems for its appalling security. It was insecure by design. I don't know whether or not this still is true -- MS apologists are now asserting that W7 is finally all secure and everything, something that I have little empirical evidence to validate but hey, it COULD be true and if one day I ever try it perhaps I'll find out. You know, when hell freezes over?
  
  rgb
  
  --
  Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
3. Re:To give it a slightly different twist... by digitig · 2011-03-29 05:32 · Score: 1
  
  MS, Apple and some of the Linux distros aren't helping anybody by discouraging people from experimenting and looking to get better at it.
  Yeah, sure, that's why MS give away express editions of Visual Studio for free.
  
  --
  Quidnam Latine loqui modo coepi?
4. Re:To give it a slightly different twist... by Anne+Thwacks · 2011-03-29 06:35 · Score: 1
  
  Its a vicious circle: If you are dumb, MS is a pretty good choice. (OpenBSD is not :-)
  
  --
  Sent from my ASR33 using ASCII
5. Re:To give it a slightly different twist... by cavreader · 2011-03-29 07:21 · Score: 1
  
  Believe it or not most users just want to USE their computer not dither over the underlying abstract architecture endlessly.
6. Re:To give it a slightly different twist... by cavreader · 2011-03-29 13:02 · Score: 1
  
  There are a lot of things you can criticize MS about but their development tools have been first rate, not counting SourceSafe of course. I know the pre .NET Visual Basic offends everyone on this site but that one product was responsible for giving a lot of marginal developers a way to grind out apps quickly. What better way to promote their OS then make it as easy as possible for people to develop apps for that OS? Free Visual Studio is just another way to lure developers to their platform.
Re:Who from NIX/Open SORES has done the same? by Anonymous Coward · 2011-03-29 04:36 · Score: 0

I don't see any NIX Open Source companies doing what MS has to allow a botnet like this one. Has anyone from the NIX or Open Source world needed to stomp out 30% of the world's spam?
Answer the question troll. No spin tactics, just answer it.
I predict ignoring the question, or completely doing anything he can to do some kind of "spin-CON-Troll" tactic.
Nobody uses NIX open sores crap by comparison by Anonymous Coward · 2011-03-29 04:36 · Score: 0

there are very few non-Microsoft botnet members out there. Think about that. by postbigbang (761081) on Tuesday March 29, @12:04PM (#35653992)
The reason for that is in my subject above.
Re:Stop being a filthy troll then by WrongSizeGlass · 2011-03-29 04:41 · Score: 0

What Open SORES or NIX has done what MS has here? Answer the question, don't evade it or try "Spin-CON-Troll" tactics. Your douchebaggish trollishness is showing in your reply as well as your low brow and sloping forehead, douche.
So Mr Shill is posting as AC and is getting personal and rather testy? If you don't like the view of /.ers about the security of MS products you have a few options:
A) Go post somewhere else
B) Tell your employer to get their shit together
C) Both A & B
D) All of the above
Agreed, 110%... apk by Anonymous Coward · 2011-03-29 04:44 · Score: 0

See subject-line. If anything, it'd let folks know "Houston, we have a problem!". I'd take it a step further & tell them "clean it up or you're cut off until you do" (to stop them from spreading infestors that many spam mails contain as attachments OR from link url's they contain to malscripted sites that infect them instead).
MS Spam by ruthless+reader · 2011-03-29 04:47 · Score: 1

Kudos MS! Now we can expect e-mails about MS Live, Office and other MS products.
Re:Wouldn't it be great if the ISPs could play a p by characterZer0 · 2011-03-29 04:54 · Score: 1

Does the ISP need to look far enough into the packet to see that it is SMTP traffic, or even that it is TCP?
It could be an option when you sign up though.

--
Go green: turn off your refrigerator.
Awesome... by hesaigo999ca · 2011-03-29 05:01 · Score: 1

Hope that M$ continues this great venture into closing down the infected pcs or whatever they did to stop the spam, they could help the price of internet to go down if all spam ceased, and the ISPs did not have to spend extra for all that filtering....might give us cheaper internet???
1. Re:Awesome... by blair1q · 2011-03-29 08:33 · Score: 1
  
  Maybe we should start a fund to help MS defray the cost of the effort. In case they have trouble paying...for fixing...the problem they...caused...
Can't Fix Stupid by Anonymous Coward · 2011-03-29 05:04 · Score: 3, Informative

Actually, MS is a highly secure OS. It is the users that are not secure. I have hundred of windows servers and been running them for years on the internet. So have many others. They don't turn into zombies. I have had several PC's, all windows none of them zombies. I have a sister who has to have every toolbar she comes across and any free software that tells her the weather or what ever. She turns a PC into a zombie in usually a weeks time. I have a neighbor, running a mac, little old lady. Found hers to be running as a zombie. Have a niece and a nephew that are constantly downloading torrents and things, all their PC's zombies. The more amazing thing, you can tell them they are zombie and explain it to them, they just don't care.
So you really need to put the blame though where it deserves users. While we are at it, I am hoping all the windows user do go buy macs. I will let you have those users all you want.
1. Re:Can't Fix Stupid by Anonymous Coward · 2011-03-29 05:39 · Score: 0
  
  Software installs only make up a small number of the age old infections. The biggest drop in Windows botnet numbers occurred because of the sudden prevalence of NAT routers in the early 2000s. Microsoft got lucky.
2. Re:Can't Fix Stupid by rsborg · 2011-03-29 09:51 · Score: 2
  
  Actually, MS is a highly secure OS. It is the users that are not secure.
  Typical blame-the-victim (btw MS is a company, not an OS).
  Years of Microsoft's poor security practices in the service of extraction of greater profits and margins has led to this situation.
  
  I have a neighbor, running a mac, little old lady. Found hers to be running as a zombie.
  
  Let me match your anecdotal evidence with some of mine (equally valuable):
  I have numerous (dozen or more) relatives that have migrated to Mac who prior to the migration would always have some spyware or virus on their Windows system, even a botnet client or two. Post migration, I have yet to hear of any slowdowns, erratic behavior or even systems problems (aside from meatspace issues like wrist pain from computer use, etc). My cousin lost a Mac HD, back in '07 and Time Machine (new back then) didn't save his data.... that's about it.
  The fact that Vista/7 is more secure than XP does little to counteract the habits and ecosystem of malware that exists to exploit people. Everyone I know would rather focus on setting up their backup software and dealing with how best to configure their keyboard than worrying about running MS security essentials (good on MS for that one, btw) or malwarebytes.
  
  --
  Make sure everyone's vote counts: Verified Voting
3. Re:Can't Fix Stupid by Actually,+I+do+RTFA · 2011-03-29 12:12 · Score: 1
  
  have numerous (dozen or more) relatives that have migrated to Mac who prior to the migration would always have some spyware or virus on their Windows system, even a botnet client or two. Post migration, I have yet to hear of any slowdowns, erratic behavior or even systems problems (aside from meatspace issues like wrist pain from computer use, etc)
  See that, even the malware on OS X is better written!
  
  --
  Your ad here. Ask me how!
4. Re:Can't Fix Stupid by Anonymous Coward · 2011-03-29 12:13 · Score: 0
  
  Typical blame-the-victim
  
  I get the same thing when I comment on attacks I get from compromised Linux based servers.
5. Re:Can't Fix Stupid by mjwx · 2011-03-29 14:22 · Score: 1
  
  The fact that Vista/7 is more secure than XP does little to counteract the habits and ecosystem of malware that exists to exploit people.
  
  You think that Mac's do?
  
  You've proven the GP's point. Bad user habits are the cause of spam, not MS's operating system and I dislike Winblows as much as the next person with half a brain.
  
  However bad Windows is at supporting bad user habits, OS X actively fosters them. The Mac advertising gives people a false sense of security by telling them that they are magically secure. In actual fact the same kind of malware that is so prevalent on Windows systems also exists on OS X, the only difference is that Mac users beleive they are automatically protected by virtue of using a Mac.
  
  The biggest infection vector in malware has never been technical (the OS), it's always been social (the user) and Mac's don't help this. In fact they make it worse.
  
  Here are the six dumbest ideas in computer security,
  Windows and OS X cover major dumbs 1, 2 and 3 as well as minor dumbs 3, 5 and 6.
  OS X on it's own covers minor dumbs 1 and 2 as well as actively working against major dumb 5 (educating users).
  
  Of those dumbest ideas, number 5 (educating users) is the most important because it's the only long term fix. But it's impossible to educate a user who believes they are magically protected. At least the overwhelming majority of Windows users acknowledge that there is a danger.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
6. Re:Can't Fix Stupid by sjames · 2011-03-29 20:17 · Score: 1
  
  Until Microsoft made email and documents executable against the advise of every security expert, the very idea of an email virus was nothing more than an in joke/urban legend. Then, they trained millions of users to click OK without reading or thinking about it. That's not what I would call a good security record.
7. Re:Can't Fix Stupid by Anonymous Coward · 2011-03-30 06:28 · Score: 0
  
  If I drive my car without maintenance and it breaks down it still isn't the car manufacturer's fault. Just because somebody is too busy putting on seat covers and fuzzy dice hanging from the rear view doesn't change the fact that their failure to perform basic upkeep was responsible. at least with cars you need a license showing that at some point in the past you knew enough about the rules to pass a basic test, computers don't even have that and in the end are you surprised it looks like a demolition derby?
Ok Apple by Barlo_Mung_42 · 2011-03-29 05:06 · Score: 1

It's your turn to do something useful.
1. Re:Ok Apple by LoganDzwon · 2011-03-29 05:29 · Score: 0
  
  Any % of 0 is still 0.
secondary support for the evidence by fifedrum · 2011-03-29 05:11 · Score: 1

I work at a top 20 email provider and can concur that spam levels are down since the November, 2011. We were rejecting 96% at the perimeter back then, today we're rejecting around 73% with the same % making it to the inbox and getting marked as junk. Not a crazy reduction in spam, just a reduction in spam.
1. Re:secondary support for the evidence by Anonymous Coward · 2011-03-29 05:57 · Score: 0
  
  November 2011?
2. Re:secondary support for the evidence by rsborg · 2011-03-29 09:54 · Score: 1
  
  I work at a top 20 email provider and can concur that spam levels are down since the November, 2011.
  
  Care to tell me what MSFT and AAPL are trading for in your current time? I'll even be happy with a ballgame score or two.
  
  --
  Make sure everyone's vote counts: Verified Voting
3. Re:secondary support for the evidence by fifedrum · 2011-03-30 05:44 · Score: 1
  
  I'm caught. My son's science fair project tonight is about time travel, interestingly enough. I may as well answer. $12. Each. The Yankees win the world series. Again. It was hell being in the time machine in the rented storage locker for so long, but I slept through most of the waiting and, well, you know, for the rest.
Re:Wouldn't it be great if the ISPs could play a p by Anonymous Coward · 2011-03-29 05:22 · Score: 0

fudge that. a home computer shouldn't be sending out email anyways. they should be using a business connection, the isp's mail server, or a web-based service like gmail.
I get more by Anonymous Coward · 2011-03-29 05:24 · Score: 0

Mine has increased from 1/day to 4/day
1. Re:I get more by GameboyRMH · 2011-03-29 06:50 · Score: 1
  
  I get between 0 and 2 a day (and maybe one per month slips past the filter).
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
HOSTS files work, others here agree (see inside) by Anonymous Coward · 2011-03-29 05:51 · Score: 0

10 proofs of where folks here like my posts on HOSTS files and how to use them to secure yourself vs. threats online (as well as speeding yourself up by blocking out adbanners and hardcoding your fav. sites into them):
http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952
http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952
Heck, even 1 today, & in this very thread about this article, that was "modded up" for using a HOSTS file to blockout the worst botnet of all today imo, ZEUS:
http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066
Here's one from another user that does well using them, rated +3 INFORMATIVE no less also:
http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
---
Would you like more (like twice as many more)? I can produce them in seconds...
ANYHOW/ANYWAYS:
In any event - So much for your pitiful attempts @ trolling me, because, as you can see with concrete visible data? You are outnumbered, & badly, 5:1 thusfar... & as-per-my-usual?? Just "too, Too, TOO EASILY", with facts.
APK
P.S.=> See, in a very real way, I actually pity "your kind" online: You & "your kind" (trolls) don't offer anything worthwhile & I suspect that's because you're a miserable "ne'er-do-well", & you KNOW it...
Funny part is, even my nephew, who is 25 yrs. my junior (& CIS RIT senior now) even said to me the other day:
"Around 2004 this all started with the trolls online. It wasn't like that before then. They ruin the internet for the rest of us that used to have valid technical discussions"
I agree... you jerks are as bad as spammers yourselves... apk
66% Left... by Life2Death · 2011-03-29 05:54 · Score: 0

This is awesome. Though I'm not sure totally what this means, depending on some factors, it could mean little depending on how fast spam traffic is growing (its in the billions per?)
Messenger spam is another thing I'd love to see eradicated, namely from Yahoo! as it seems to have gotten extremely bad lately and meebo isnt adept to handling it.
I noticed by hduff · 2011-03-29 05:56 · Score: 1

I noticed a drop, but it's back up now with messages telling me how my "business" is an award winner and the usual Nigerian-influenced stuff
Are people really that stupid?

--
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
1. Re:I noticed by Tom · 2011-03-29 07:11 · Score: 1
  
  Yes. As every con-man knows: A sucker is born every minute
  
  --
  Assorted stuff I do sometimes: Lemuria.org
2. Re:I noticed by blair1q · 2011-03-29 08:34 · Score: 1
  
  A sucker is born every minute
  Said the man selling a get-rich-quick-off-suckers scheme...
and they should "throttle" email traffic as well? by dndk82 · 2011-03-29 06:02 · Score: 1

it seems possible, but giving ISP the right to inspect my data doesn't sound safe to me. The prospect won't be good as they can tamper with my data header and later with the data itself. Once they can make one step onto your data, they'll go further.
Eat your words, "Pro-*NIX Troll", vs. these facts by Anonymous Coward · 2011-03-29 06:35 · Score: 1

EAT YOUR WORDS:

"Microsoft's poor record at building a somewhat secure operating system." - by cpghost (719344) on Tuesday March 29, @12:09PM (#35654070) Homepage
See below... & if you're going to talk? Don't do it out your ass!
---
Vulnerability Report: Microsoft Windows 7: (03/29/2011)
http://secunia.com/advisories/product/27467/?task=advisories
Unpatched 10% (6 of 59 Secunia advisories)
AND, of those 6 vulnerabilities, yes... 3 are "remote". HOWEVER, they're in subsystems (like FAX) that aren't installed "by default" (means I don't use it here), or have work-arounds (mhtml bug), OR, are caused/utilized by faulty 3rd party apps (e.g., & of ALL things? Apple stuff triggers one, ITunes another, iirc, etc. but no other apps are KNOWN to - go figure, eh?).
I.E.-> "NO PROBLEMO!"
---
Vulnerability Report: Microsoft Office 2010: (03/28/2011)
http://secunia.com/advisories/product/30529/?task=advisories
Unpatched 0% (0 of 4 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2008: (03/28/2011)
http://secunia.com/advisories/product/21744/
Unpatched 0% (0 of 4 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
http://secunia.com/advisories/product/17543/
Unpatched 0% (0 of 6 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2010:(03/29/2011)
http://secunia.com/advisories/product/30853/?task=advisories
Unpatched 17% (1 of 6 Secunia advisories)
(The single 1 here also, like Windows 7 above, has an EASY work-around, & thus? Again, "NO PROBLEMO"!)
---
Vulnerability Report: Microsoft Internet Explorer 9.x:
(03/29/2011)
http://secunia.com/advisories/product/34591/
Unpatched 0% (0 of 0 Secunia advisories)
---
So, that "all said & aside"?
For a "poor track record", MS has practically INVULNERABLE systems out there in their current stuff (& recent lesser versions also)... & NOT JUST THE OS, but the entire "gamut" of what you need to do business online, today (and, as you can see? QUITE safely!)
I.E.-> They're doing a HELL OF A GOOD JOB on the security front!
APK
P.S.=> So, shall we compare a NIX/Open SORES OS in Linux's "latest/greatest"? Lets, & here goes:
---
Vulnerability Report: Linux Kernel 2.6.x (03/29/2011)
http://secunia.com/advisories/product/2719/?task=advisories
Unpatched 7% (19 of 259 Secunia advisories)
---
LMAO - THAT? That's more than 3x as many as Windows 7 has that are unpatched, & I'd wager there aren't workarounds for them (or as many as MS has shown above)...
Plus?
ROTFLMAO - THAT'S ONLY THE LINUX KERNEL MIND YOU, not the entire 'gamut/array' of what actually comes in a Linux distro that has (such as the attendant GUI, Windows managers, browsers, etc. that ship in distros too that have bugs, and yes, THEY DO) THAT ADDS EVEN MORE BUGS that COMPOUNDS THAT # EVEN MORE!
(It gets even WORSE when you toss on ANDROID (yes, it's a LINUX variant too), because it's being shredded on the security-front lately, unfortunately)
BOTTOM-LINE:
What this all comes down to, is all the "Pro-*NIX propoganda straight outta pravda" practically doesn't stand up very well against concrete, verifia
Not only Microsoft by farhan_quazi · 2011-03-29 06:41 · Score: 1

Its not only Microsoft that participated in this operation. International Secure Systems Lab also associated with this. http://blog.iseclab.org/2011/03/24/the-underground-economy-of-spam-a-botmasters-perspective-of-coordinating-large-scale-spam-campaigns/ And they are continuing further down the road.
APK FTW, & quoting Gandhi by Anonymous Coward · 2011-03-29 06:50 · Score: 0

"First they ignore you. Then they laugh at you. Then they fight you. Then you win" - Mahatma Gandhi
APK "FTW":
http://it.slashdot.org/comments.pl?sid=2059420&cid=35655470
APK
P.S.=. That was JUST "too, Too, TOO EASY - just '2EZ'"... lol! apk
Re:Eat your words, "Pro-*NIX Troll", vs. these fac by IRWolfie- · 2011-03-29 07:01 · Score: 1

all unpatched the Linux vulnerabilities you show are marked non-critical by the adversaries where as some of those from windows are marked critical.
Really?? by Tasha26 · 2011-03-29 07:13 · Score: 1

I got 12 spam in my Inbox this morning and another 5 in the afternoon. Given past levels, that's a spike in my case.
Let's do some math, shall we? by Anonymous Coward · 2011-03-29 07:18 · Score: 0

First of all, you skim:

"all unpatched the Linux vulnerabilities you show are marked non-critical by the adversaries where as some of those from windows are marked critical." - by IRWolfie- (1148617) on Tuesday March 29, @03:01PM (#35656572)
Ahem:
---
1.) You seem to rather "conveniently" omit the fact that is ONLY the Linux kernel - NOT the entirety of a Linux distro (which adds more bugs)
2.) Less is more - and last time I checked? 6 bugs in an OS in its ENTIRETY (Windows 7) is less than 19 in a KERNEL (linux) ONLY!
3.) Toss on ANDROID problems (truckloads of them, in the news nearly every day lately in fact) COMPOUND THAT EVEN MORE... & yes, Android IS a Linux variant!
---
I noted both facts in my 1st post here in fact... care to debate that as well? Stop skimming please!
The funniest part is, Windows has work-arounds for the critical ones (remote are the MOST dangerous) & yes, LINUX HAS A REMOTE ONE UNPATCHED!!!
See here:
---
Linux Kernel ROSE Multiple Vulnerabilities:
http://secunia.com/advisories/product/2719/?task=advisories
---
(I noted that, & again, you "conveniently" omit that fact in your typical "Pro-*NIX" attempts @ what I call "Spin-CON-Troll" trolling on YOUR end).
APK
P.S.=> Above all else? "Less IS truly, MORE" because Windows in its ENTIRE ARRAY/FULL GAMUT of development tools, OS, Office Suite & webbrowser + DB server (all you need to do business in fact) has less bugs than the Linux kernel, alone... apk
See something MORE impressive from MS! by Anonymous Coward · 2011-03-29 07:40 · Score: 0

Per my subject-line above, take a peek, "drink it in & digest it" folks (especially the "Pro-*NIX" crew around here that for YEARS has been spreading their "Windows is less secure than Linux" b.s.):
---
Vulnerability Report: Microsoft Windows 7: (03/29/2011)
http://secunia.com/advisories/product/27467/?task=advisories
Unpatched 10% (6 of 59 Secunia advisories)
AND, of those 6 vulnerabilities, yes... 3 are "remote". HOWEVER, they're in subsystems (FAX only) that aren't installed "by default", or, they have EASY work-arounds (mhtml bug via MS FixIt Tool, GUI easy too), OR, are caused/utilized by faulty 3rd party apps (e.g., & of ALL things? Apple stuff triggers one, ITunes another, iirc, etc. but no other apps are KNOWN to - go figure, eh?).
I.E.-> "NO PROBLEMO!"
---
Vulnerability Report: Microsoft Office 2010: (03/29/2011)
http://secunia.com/advisories/product/30529/?task=advisories
Unpatched 0% (0 of 4 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2008: (03/29/2011)
http://secunia.com/advisories/product/21744/
Unpatched 0% (0 of 4 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (03/29/2011)
http://secunia.com/advisories/product/17543/
Unpatched 0% (0 of 6 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2010: (03/29/2011)
http://secunia.com/advisories/product/30853/?task=advisories
Unpatched 17% (1 of 6 Secunia advisories)
(The single 1 here also, like Windows 7 above, has an EASY work-around, & thus? Again, "NO PROBLEMO"!)
---
Vulnerability Report: Microsoft Internet Explorer 9.x: (03/29/2011)
http://secunia.com/advisories/product/34591/
Unpatched 0% (0 of 0 Secunia advisories)
---
So, that "all said & aside"?
For a "poor track record", MS has practically INVULNERABLE systems out there in their current stuff (& recent lesser versions also)... & NOT JUST THE OS, but the entire "gamut" of what you need to do business online, today (and, as you can see? QUITE safely!)
I.E.-> They're doing a HELL OF A GOOD JOB on the security front!
APK
P.S.=> So, shall we compare a NIX/Open SORES OS in Linux's "latest/greatest"? Lets, & here goes:
---
Vulnerability Report: Linux Kernel 2.6.x (03/29/2011)
http://secunia.com/advisories/product/2719/?task=advisories
Unpatched 7% (19 of 259 Secunia advisories)
---
LMAO - THAT? That's more than 3x as many as Windows 7 has that are unpatched, & I'd wager there aren't workarounds for them (or as many as MS has shown above)...
Plus?
ROTFLMAO - THAT'S ONLY THE LINUX KERNEL MIND YOU, not the entire 'gamut/array' of what actually comes in a Linux distro that has (such as the attendant GUI, Windows managers, browsers, etc. that ship in distros too that have bugs, and yes, THEY DO) THAT ADDS EVEN MORE BUGS that COMPOUNDS THAT # EVEN MORE!
(It gets even WORSE when you toss on ANDROID (yes, it's a LINUX variant too), because it's being shredded on the security-front lately, unfortunately)
BOTTOM-LINE:
What this all comes down to, is all the "Pro-*NIX propoganda straight outta pravda" practically doesn't stand up very well against concrete, verifiable & visible facts now, does it? Nope... apk
APK (& Yes, MS) "FTW", quoting Gandhi... apk by Anonymous Coward · 2011-03-29 08:03 · Score: 0

"First they ignore you. Then they laugh at you. Then they fight you. Then you win" - Mahatma Gandhi
So, "that all said & aside"?
---
APK "FTW":
http://it.slashdot.org/comments.pl?sid=2059420&cid=35656902
(And, rather EASILY I might add, "as-per-my-usual" vs. the "Pro-*NIX" trolls & their spin-CON-Troll" tactics & gaming the boards engine to bury posts, or troll others off topic when beaten, & other more lame tactics!)
---
Because others reading here and myself certainly don't see the *NIX trolls being able to effectively debate that set of points I put in there, as well as exposing his "convenient skimming"... lol!
LMAO - Instead, he RAN... as *NIX trolls always do, when confronted by facts &/or logic (+ in this case, math even), because they can't defeat truths/facts - their only resorts are:
1.) Down mods that are unjustified
2.) Trolling off topic
3.) Burying posts by ignoring them (hoping others who don't know about the jackass filter here being raised so that AC's like myself's posts aren't seen by others, & that only shows "highly rated posts"!
Which is, bullshit of course - anyone can have MULTIPLE ACCOUNTS HERE to troll others, or unjustly down mod them to bury their posts too (E.G.-

"It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed." - by Bruce Perens (3872) on Friday July 30 2010, @04:55PM (#33089192) Homepage Journal
FROM -> http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192
(There's "1 of your own", a much respected one no less, *NIX trolls, telling it how it REALLY is... fake accounts galore, unjustified down mods, trolling & off topic b.s. + more!)
If that's "the best the nix trolls got" around here? It ain't much! Especially vs. facts/truth!
---
Still back on "FTW"?
The "Pro-*NIX Troll" ran, but from his perspective, knowing that IF he replies? It will raise that from being "buried" as it is for most folks since the new "Web 2.0" board engine starts its filter a LOT higher to hide posts, & if he replies, it will expose his and Linux's failure.
(To the owners here: /., you're shameful, burying posts that aren't highly rated... & these jerks around here "game" your boards this way (but, I think you know it, & allow it because of the "Pro-*NIX" slant this site has, a rather lame & imo, crooked one too))...
In the end? There's NO disputing facts... period.
APK
P.S.=> Man, I just GOTTA say it, as I always end up doing vs. the "Pro-NIX" trolls around here:
That was JUST "too, Too, TOO EASY - just '2EZ'"... lol! apk
Re:Wouldn't it be great if the ISPs could play a p by blair1q · 2011-03-29 08:32 · Score: 1

I've recently discussed with my ISP the sort of thing they could do to identify packets trying to get into my network (lots of extra blinkenlights on the cable modem, occasional access attempts at the router), and their response was basically that it's illegal for them even to tell me the IP addresses in the incoming or outgoing packet headers.
Yup. They may be routing them, but they're not allowed to log them or even to see them on a screen, and they're certainly not allowed to tell me what they are.
I'm not sure they have a basis for saying that it would be illegal, but they certainly don't want to do the simplest of things to tell me what's going on.
My router logs most access attempts (about 90% of which are IPs allocated to a certain semi-communist meganation in the Far East), but I suspect it's not logging everything and the ones it doesn't log are of course the ones I'm most curious about. So I'm still considering escalating the issue until they prove they're forbidden to do enough inspection to block the offending interlopers entirely.
But it suggests to me that if I asked them to watch my link to see if it ever starts botting, that they'd tell me they aren't allowed to, but not why.
So I guess it's time to front a more sophisticated standalone firewall, maybe get a cable-modem (DOCSIS) analyzer, though that is unlikely to be cheap, unless I can hack up a modem... hmm...
whack-a-bot by solune · 2011-03-29 08:56 · Score: 1

Seems I've seen this story before...'bout once every couple months, on Slashdot, If I'm not mistaken:
http://slashdot.org/index2.pl?fhfilter=botnet
Rather like whack-a-mole, no?
Slashdouchery as usual. by Anonymous Coward · 2011-03-29 08:58 · Score: 0

The delivery mechanism for all this spam wouldn't exist if it weren't for Microsoft's poor record at building a somewhat secure operating system.
Bullshit.
In the past six years, the number of Linux servers I've seen spewing out spam is LEGION.
Stop using fucking sendmail; learn to fucking write decent PHP, and update your fucking content management systems before ye be judged yourselves.
Oh here we go.... by bmo · 2011-03-29 08:58 · Score: 1

>Since then, Bagle, a botnet that wasn't even on MessageLabs' top ten spam-sending botnets at the end of 2010, has taken over from Rustock as the most active spam-sending botnet this year."
Yeah, and guess what?
Bagle runs spectacularly under Wine. As in, it behaves itself quite nicely and you don't notice it until you receive mail in your mailbox that is coming from yourself.
Bagle is truly cross-platform malware.
All it needs to do is attach itself to Gnome's or KDE's startup folder or .bashrc or .login.
Any of these will do the trick, and if you've got Wine installed, your machine instantly becomes a botnet slave.
--
BMO
1. Re:Oh here we go.... by PCM2 · 2011-03-29 09:46 · Score: 1
  
  All it needs to do is attach itself to Gnome's or KDE's startup folder or .bashrc or .login.
  Indeed. From what I've read, Bagle might run under Wine, but only when you run it. Unlike on Windows, it doesn't have any way to make it auto-start after a reboot. To expect a Windows virus to know how to rewrite a .bashrc or .login file on some random version of Linux, which might be running Gnome or might be running KDE, etc., sounds pretty far-fetched.
  
  --
  Breakfast served all day!
2. Re:Oh here we go.... by bmo · 2011-03-29 12:22 · Score: 1
  
  >it doesn't have any way to make it auto-start after a reboot.
  Didn't I just mention 4 different ways to start at login? Once root status is attained, there's another way - add it to the init scripts. It's not as if local privilege escalation doesn't exist.
  >To expect a Windows virus to know how to rewrite a .bashrc or .login file on some random version of Linux, which might be running Gnome or might be running KDE, etc., sounds pretty far-fetched.
  When I ran Bagle, it was smart enough to fetch my address book from Thunderbird and mail me from the list, which is how I found out I had been running Bagel for 10 minutes. Because Wine is smart enough to interpret the Linux file system hierarchy for Bagel.
  When is the last time you checked your .bashrc for odd stuff? The windows idiots keep saying that once Linux becomes popular on the desktop, it'll be just as big a target. While they are wrong in certain respects because the statement ignores security models, it's true in a way. Adding Wine can make you "just another Windows machine."
  I'm ringing an alarm bell here, buddy, and you ain't listening. A lot of people who I tell this to just simply plug their ears and cry out "BUT IT'S A WINDOWS WORM" without ever recognizing that you install a form of Windows on your computer when you install Wine. And a lot of Linux users do, to play games.
  Your complacency is going to be your downfall.
  --
  BMO
3. Re:Oh here we go.... by AnfieldSierra · 2011-03-30 15:20 · Score: 1
  
  OK, so what is the infection vector exactly ? How does it attach to .bashrc or .login ? Did some user save it to the Gnome/KDE startup folder ? You're a moron.
Re:Wouldn't it be great if the ISPs could play a p by Tom · 2011-03-29 09:00 · Score: 1

You don't need to do any packet inspection. A blackhole server, a tarpit, or just the logs on your own mailserver would be enough to identify customers that have a botnet problem.

--
Assorted stuff I do sometimes: Lemuria.org
99.8% improvement for my domain by KeithH · 2011-03-29 09:40 · Score: 1

The spam-hose has abruptly gone limp. The flow petered out from one spam every 4 seconds to one every 30 minutes. My spam dropped from 226000 in the past month to about a dozen per day since these dicks were cut off. I'm impressed and grateful for the 99.8% improvement.
TomHudson, you 1 eyed CYCLOPS (we know it's you) by Anonymous Coward · 2011-03-29 10:21 · Score: 0

You're pitiful, and now I know who the AC troll is that's been stalking me here for MONTHS now!
(It's YOU, with your own words quoted telling others to do so with you here http://slashdot.org/comments.pl?sid=1646272&cid=32150544 as my proof thereof!)
APK
P.S.=> You only brought this on yourself - & despite your hiding or trying to as an AC poster? You're busted, lol ... apk
The intertubes are regreased! by Anonymous Coward · 2011-03-29 14:44 · Score: 0

I've definitely noticed that porn loads faster now that the spam is gone.
Re:Here's some research, jackass by Tom · 2011-03-29 23:00 · Score: 1

You make no sense, it's really hard to understand what the heck you're trying to say, but I'll give it a try:

because your 10 yr. old research? It's ANCIENT... today is TODAY,
You must be really young if you think the world changes that quickly. Technical details do. Basic principles don't.

Same with MacOS X once it was more utilized - it became more of a "prime target" because more folks use it now...
That argument has been debunked hundreds of times, get a new one. If prominence were the deciding factor, then all the Linux/Apache webservers would all be rooted while the more obscure windows/IIS servers would all be save. Funny thing is, we don't see that in the real world.

[Android rambling]
I fail to see the relevance of that. This is a discussion about spam, and so far Android systems aren't known as a major source of spam. So either you have data that nobody else has, or you're just dragging in a point that has no relation to the argument for what reason, exactly?

NOBODY USES THEM by comparison to Windows

Yeah, right. That was 10 years ago, today is today and OS X has a market share of 15% in many places of the world, that is considerably more than nobody. Even if you assume a power law, you'd expect about 4% of the botnets to be OS X botnets. Hm, strangely, they aren't.

& malware makers target the SINGLE largest body of users there is

The real world is not instanced. For years, malware has fought over control of rooted PCs, various malware kicking the competition out, etc. - you'd think at least one of them would branch out to a system with less competition. Just one. Strange, doesn't happen. Why? Economics.

why would Apple put out a security hardening guide on their website,
I have no idea what kind of thought processes you have, but they appear confused at the very least. There are similar hardening guides for all variants of windows right on the Microsoft website as well, so your point is what, exactly?
Sorry to say it this honestly, but if there is any point in your drivel that could've been worth my time then it is well hidden in the ghastly grammar and structure.

--
Assorted stuff I do sometimes: Lemuria.org
Well to be fair... by DarthVain · 2011-03-30 02:40 · Score: 1

Well to be fair, probably like 90% of those are pirated versions of Windows XP and as such never got any security updates. Not sure MS is responsible for large number of people around the world ripping off their software and not paying for it...
Just sayin'
Don't worry MS is still evil. Just that these botnets are predominately made up of pirated software to begin with.
Quoting you: PUT UP OR SHUT UP! by Anonymous Coward · 2011-03-30 02:43 · Score: 0

1st: Where's your ALLEGED "research data" then? See subject-line, because it's nearly EXACTLY what you asked for & I provided it.
NO, seems all you have is "the oldest 'troll trick' in the world (off topic english critiques along w/ ad hominem attacks, so where's your PHD in English, expert? Fantasyland, along with your 'research'?)

"You make no sense, it's really hard to understand what the heck you're trying to say"by Tom (822) on Wednesday March 30, @07:00AM (#35664726) Homepage
See above, & "your honor, I rest my case", lol... you make it EASY for me on THAT account, w/ your off topic b.s. english writing critique (is there such a section of this forums? No)...
Additionally, it also seems you read my points FINE, despite your transparent off topic 'critiques' of my writing style (of which this forums has no such section, nor is this topic about that mind you) & replied, fine, on YOUR end to my points (though I blow you away on each of your replies here, easily, lol!)
Sso it shows that's just another "troll trick" (lol, won't work on me - I've been trolled by the BEST of them, & won everytime... how? FACTS my boy, facts! The thing that blows trolls doors off everytime!)
---

"I fail to see the relevance of that. This is a discussion about spam, and so far Android systems aren't known as a major source of spam." - by Tom (822) on Wednesday March 30, @07:00AM (#35664726) Homepage
They're a LINUX, Tom... & proof of a "portent of things to come" for Linux, on "things security"...
(Especially about the b.s. I have seen, for YEARS here no less, of "LINUX IS MORE SECURE THAN WINDOWS"... funny, but the data I show is showing QUITE otherwise, easily (& so does ANDROID)).
---

"Yeah, right. That was 10 years ago, today is today and OS X has a market share of 15% in many places of the world, that is considerably more than nobody." - by Tom (822) on Wednesday March 30, @07:00AM (#35664726) Homepage
Aha, KNEW IT: You "fell for my trap", & yes, "jedi mind tricks" do WORK ON YOU
See, by way of comparison, especially compared to Windows "share-of-market"? They are so LOW on the totem poll, it's not even funny!
Hell, MS is SO FAR AHEAD in 1st place, there practically isn't a 2nd place winner... lol!
Still, considering that Apple put out B.S. loaded commercials that stated in essence & iirc, literally even, that "Windows is less secure than a PC" here:
http://www.youtube.com/watch?v=sdF5IsyOxU4
AND THEIR HOMEPAGE SAID "no viruses" too here:
http://replay.waybackmachine.org/20090303015013/http://www.apple.com/getamac/whymac/
?
Please... malware IS malware!
(& yes, MacOS X has seen its share, despite the "marketing-droidz" b.s. shown above).
(Fact is, I can show SLEWS of it happening, just ask... I will provide it, unlike YOU, though you demanded proof of others... you got it, see my 1st post you replied to and "Read 'em & WEEP")
HOWEVER, here is where you HELP my case:
As you say in fact, when MacOS X's market-share/user mind-share went up... (makes sense - as malware makers/hackers-cracker are like pickpockets!)
E.G.-> Like pickpockets, the hacker/cracker crowd ARE criminal largely, & they do NOT operate on "crowds of 1" only, they target LARGE crowds (like Windows has), in order to "maximize their ROI" on efforts expended in code. Think about it like a shotgun - you target the largest body you can, not just 1 bird when you hunt for birds!
---

"I have no idea what kind of thought processes you have, but they appear confused at the very least." - by Tom (822) on Wednesda
1. Re:Quoting you: PUT UP OR SHUT UP! by Tom · 2011-03-30 09:56 · Score: 1
  
  I don't have the mind for this discontinuous drivel. As you wrote those guidelines, you can write better than that, I'm sure your editor wouldn't have accepted a jumbled mess of incomplete sentences. So if you want to make a point, make it in a way that makes sense.
  
  They're a LINUX, Tom... & proof of a "portent of things to come" for Linux, on "things security"...
  Fine, so your point really is about Linux and the mentioning of Android is - I don't know, but apparently we can ignore it. So where are the Linux botnets? Oh yes, I forgot, nobody uses Linux. Except almost all of the Fortune 500 companies, the vast majority of web-, mail-, DNS and other Internet servers, tons of WLAN routers and other devices... we don't even have to count in the desktop machines, even if your "nobody" argument were anywhere near the truth regarding that, there are still millions upon millions of Linux servers out there, connected to the Internet 24/7. So where are the Linux botnets? Where are your facts?
  
  --
  Assorted stuff I do sometimes: Lemuria.org
Phone It In by jman.org · 2011-03-30 03:58 · Score: 1

Glad this was done, but wondering when IT cops are going to move to the current century.

The authorities went physically to data centers & pulled the plug on suspect servers.

Yes, you'd want to confiscate the offending machines, but why not start by simply updating iptables on the core router(s) serving the DC(s), effectively and simultaneously shutting them off from the outside world?

Timing the takedown would be much better controlled, as it could be scripted and run from a central location. Just set it up and click the "Die Monster Die" icon (or run DMD from your shell) and all the heads of the Hydra get cut at once. Plenty of time for cleanup after you know for sure none of the C&C boxes can shoot out some last-minute instruction before getting shut off.

(Sure, there would be some tug of war on allowing one entity all those logins. That's what ACL's are for. They'd be updated as well after the takedown is complete.)
Pirated Windows receives security updates. by pH4 · 2011-03-30 10:38 · Score: 1

Not only do all security updates go to all users' systems, but non-genuine Windows systems are able to install service packs, update rollups, and important reliability and application compatibility updates. In addition, the users of non-genuine Windows systems can also upgrade a lot of the other software on their computer. For example Internet Explorer 8 has numerous security- oriented features and improvements, and it is available to all users.
http://windowsteamblog.com/windows/b/windowssecurity/archive/2009/04/27/who-gets-windows-security-updates.aspx
1. Re:Pirated Windows receives security updates. by DarthVain · 2011-03-31 02:08 · Score: 1
  
  Well I ran pirated Windows XP for years (to replace the crap ME that came pre-installed), and never enabled auto updates, nor tried to ever do an update. Your running illegal software and connecting to MS serves for updates? Not if you think MS might disable your OS, or do something about it. Anyway I would bet that MOST do not update their security, and I am not sure it was always this way, and that is a recent development in order to fight spam. I had no idea til just now. I can even recall trying to DL service packs and installing them manually.
  Anyway it got so bad with virus, malware, trojans, adware, etc... that my PC would become unusable. For awhile I would do clean installs and backups every so often, but over time it just became compromised so quickly to make it a pain. In the end I install Linux and used that until I finally bought a new computer, and bought a copy of Vista to use (ya I seem to always buy the OS too soon apparently) which I use today with auto updates.
  Anyway I would bet the majority of pirated XP out there isn't getting updated security patches on a regular basis.
Where's your "10 yr. old security research" by Anonymous Coward · 2011-03-30 11:00 · Score: 0

You demanded others show it, I put up mine. Where's YOURS?
(Fantasy-Land?)

"I don't have the mind for this discontinuous drivel." - by Tom (822) on Wednesday March 30, @05:56PM (#35671746) Homepage
LOL, no... it appears you don't have a mind, period (or an actual research paper on security either)... remember, you said this to others here -> "PUT UP OR SHUT UP" so, when it's asked of you, though you demand it of others?? You suddenly evade it??? Please, lol!
---

"As you wrote those guidelines, you can write better than that, I'm sure your editor wouldn't have accepted a jumbled mess of incomplete sentences." - by Tom (822) on Wednesday March 30, @05:56PM (#35671746) Homepage
Heh, it was good enough to get me UNEXPECTEDLY paid, & does VERY well + has for almost 14 yrs. now (you done the same?).
Your "english grammar" critiques - where's your showing that you're an expert on that too? Got your PHD in English?? Not that it'd matter... you're off topic, & trolling now (the last resort of the defeated in technical debate).
Plus, like it or not??? You're a BLOWHARD - you said you "did your research"... well, show us it!
Personally speaking - I don't think you have it, period. I gave you the benefit of the doubt, but... not anymore. I don't think others will either - & hey: THIS SITE? Widely travelled, & rated #1 in tech sites, see here:
http://www.topsite.com/best/tech
It's your rep, because odds are? Others ARE watching & reading... I actually sort of feel bad for you now, shooting your mouth off as you did, & not living up to your bluster.
---

"So if you want to make a point, make it in a way that makes sense." - " - by Tom (822) on Wednesday March 30, @05:56PM (#35671746) Homepage
It would appear to anyone reading here I have... see subject-line, above ALL else.
APK
1. Re:Where's your "10 yr. old security research" by Tom · 2011-03-31 07:07 · Score: 1
  
  I think I'll leave you to your bridge, there's no content in this anymore. Bye.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
Where's YOUR "content"? You said you had it! by Anonymous Coward · 2011-03-31 08:19 · Score: 0

"I think I'll leave you to your bridge, there's no content in this anymore. Bye." - by Tom (822) on Thursday March 31, @03:07PM (#35681022) Homepage
After all, didn't YOU say THIS to others here, acting the "big shot"?

"I've actually written a paper on that 10 years or so ago, it's somewhere on my website. I've done my research. Now show yours your shut up." - by Tom (822) on Tuesday March 29, @05:24PM (#35658778) Homepage Journal
FROM -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35658778 RIGHT IN THIS ARTICLE EXCHANGE?
Well, quoting you again "NOW SHOW YOURS OR SHUT UP"
APK
P.S.=> NOW - I want you to know: I have nothing against you personally, I really don't... but, if you're going to BLAST people like you did here? Especially with challenges like THAT?? I'll put up what I have... to satisfy your request!
Funny you can't... "do not as I do, but as I SAY"... that?
That doesn't go VERY FAR around here man... just letting you know, that's HOW it works around here & for good reason AND YOUR OWN GOOD - proof!
Slashdot's one of the TOP TECH RATED SITES online, millions watching @ any moment, see here:
http://www.topsite.com/best/tech
I am only doing you a favor man, I really am!
I say that, because I used to come in here and cite info. too, always correct too, but no backing!
I took a LOT of shit for it...
Yes, and even if I have done well in this art & science of computing & NOT just for that security guide I showed you that's done GREAT for 14++ years online (the topic here)?
Well, that all "said & aside"?
I still have to backup my bluster... it's HOW it is here, and yes, elsewhere & SHOULD be (especially if you DEMAND it from others yourself)!
SO, to that note? Above & BEYOND that security guide of mine? See here:
"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."
----
Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61
(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).
WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)
PC-WELT FEB 1998 - page 84, again, my work is featured there
WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there
PC-WELT FEB 1999 - page 83, again, my work is featured there
CHIP Magazine 7/99 - page 100, my work is there
GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it
HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!
Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...
Being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3
Lastly, late
MS is DOWN 2 ONLY 5 UNPATCHED SEC. VULNS by Anonymous Coward · 2011-04-12 16:41 · Score: 0

Microsoft's DOWN TO 5 UNPATCHED SEC. VULNS IN THE ENTIRE MS PRODUCT LINE YOU USE TO DO BUSINESS ONLINE: (& 4x less unpatched security vulnerabilities than Linux has, no less, in its "latest/greatest", albeit KERNEL ONLY (makes a difference, read on)):
---
Vulnerability Report: Microsoft Office 2010: (04/12/2011)
http://secunia.com/advisories/product/30529/?task=advisories
Unpatched 0% (0 of 4 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2008: (04/12/2011)
http://secunia.com/advisories/product/21744/
Unpatched 0% (0 of 4 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (04/12/2011)
http://secunia.com/advisories/product/17543/
Unpatched 0% (0 of 6 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2010: (04/12/2011)
http://secunia.com/advisories/product/30853/?task=advisories
Unpatched 17% (0 of 6 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Explorer 9.x: (04/12/2011)
http://secunia.com/advisories/product/34591/
Unpatched 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft Windows 7: (04/12/2011)
http://secunia.com/advisories/product/27467/?task=advisories
Unpatched 8% (5 of 59 Secunia advisories)
AND, of those 5 vulnerabilities, yes... 2 are still "remote". HOWEVER, they have EASY work-arounds, OR, are caused/utilized by faulty 3rd party apps you can just avoid, as there's usually an alternate app for most anything!
(E.G.., & of ALL things? Apple stuff triggers one, ITunes another, iirc, etc. but no other apps are KNOWN to - go figure, eh?).
The remaining can be avoided by not just downloading & running "anything" etc. (being utterly stupid in other words, or just ignorant (which in the case of a child, I could excuse (not an adult)).
I.E.-> "NO PROBLEMO!"
&
ALMOST 4x LESS THAN IS PRESENT ON THE LINUX 2.6x KERNEL ALONE (toss on the rest of what goes into a Linux distro? That # goes "up, Up, UP & AWAY...", bigime, "increasing that lead, that Linux has", lol, in more unpatched known security bugs present that is (a dubious honor/win, lol, to say the least!)
---
So, that "all said & aside"?
Microsoft's doing a HELL OF A GOOD JOB on the security front!
APK
P.S.=> Compare a "*NIX/Open SORES" OS in Linux's "latest/greatest"?:
---
Vulnerability Report: Linux Kernel 2.6.x (04/12/2011)
http://secunia.com/advisories/product/2719/?task=advisories
Unpatched 7% (19 of 259 Secunia advisories)
---
THAT? That's more than 4x as many as Windows 7 has that are unpatched, & has a REMOTE BUG UNPATCHED in the "ROSE" subsystem... PLUS, I'd wager there aren't EASY workarounds for them (or as many as MS has shown above)...
AGAIN - THAT'S ONLY THE LINUX KERNEL MIND YOU, not the entire 'gamut/array' of what actually comes in a Linux distro (such as the attendant GUI, Windows managers, browsers, etc. that ship in distros too that have bugs, and yes, THEY DO), THAT ADDS EVEN MORE BUGS that COMPOUNDS THAT # EVEN MORE!
So, so much for "Windows is less secure than Linux" stuff you see around here on /., eh?
(It gets even WORSE for 'Linuxdom' when you toss on ANDROID (yes, it's a LINUX va
Ms DOWN 2 only 5 unpatched Sec. Vulns! apk by Anonymous Coward · 2011-04-12 16:45 · Score: 0

Microsoft's DOWN TO 5 UNPATCHED SEC. VULNS IN THE ENTIRE MS PRODUCT LINE YOU USE TO DO BUSINESS ONLINE: (& 4x less unpatched security vulnerabilities than Linux has, no less, in its "latest/greatest", albeit KERNEL ONLY (makes a difference, read on)):
---
Vulnerability Report: Microsoft Office 2010: (04/12/2011)
http://secunia.com/advisories/product/30529/?task=advisories
Unpatched 0% (0 of 4 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2008: (04/12/2011)
http://secunia.com/advisories/product/21744/
Unpatched 0% (0 of 4 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (04/12/2011)
http://secunia.com/advisories/product/17543/
Unpatched 0% (0 of 6 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2010: (04/12/2011)
http://secunia.com/advisories/product/30853/?task=advisories
Unpatched 17% (0 of 6 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Explorer 9.x: (04/12/2011)
http://secunia.com/advisories/product/34591/
Unpatched 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft Windows 7: (04/12/2011)
http://secunia.com/advisories/product/27467/?task=advisories
Unpatched 8% (5 of 59 Secunia advisories)
AND, of those 5 vulnerabilities, yes... 2 are still "remote". HOWEVER, they have EASY work-arounds, OR, are caused/utilized by faulty 3rd party apps you can just avoid, as there's usually an alternate app for most anything!
(E.G.., & of ALL things? Apple stuff triggers one, ITunes another, iirc, etc. but no other apps are KNOWN to - go figure, eh?).
The remaining can be avoided by not just downloading & running "anything" etc. (being utterly stupid in other words, or just ignorant (which in the case of a child, I could excuse (not an adult)).
I.E.-> "NO PROBLEMO!"
&
ALMOST 4x LESS THAN IS PRESENT ON THE LINUX 2.6x KERNEL ALONE (toss on the rest of what goes into a Linux distro? That # goes "up, Up, UP & AWAY...", bigime, "increasing that lead, that Linux has", lol, in more unpatched known security bugs present that is (a dubious honor/win, lol, to say the least!)
---
So, that "all said & aside"?
Microsoft's doing a HELL OF A GOOD JOB on the security front!
APK
P.S.=> Compare a "*NIX/Open SORES" OS in Linux's "latest/greatest"?:
---
Vulnerability Report: Linux Kernel 2.6.x (04/12/2011)
http://secunia.com/advisories/product/2719/?task=advisories
Unpatched 7% (19 of 259 Secunia advisories)
---
THAT? That's more than 4x as many as Windows 7 has that are unpatched, & has a REMOTE BUG UNPATCHED in the "ROSE" subsystem... PLUS, I'd wager there aren't EASY workarounds for them (or as many as MS has shown above)...
AGAIN - THAT'S ONLY THE LINUX KERNEL MIND YOU, not the entire 'gamut/array' of what actually comes in a Linux distro (such as the attendant GUI, Windows managers, browsers, etc. that ship in distros too that have bugs, and yes, THEY DO), THAT ADDS EVEN MORE BUGS that COMPOUNDS THAT # EVEN MORE!
So, so much for "Windows is less secure than Linux" stuff you see around here on /., eh?
(It gets even WORSE for 'Linuxdom' when you toss on ANDROID (yes, it's a LINUX va