(*) technical ( ) legislative ( ) market-based ( ) vigilante ( ) lack of an
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses (*) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it (*) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it (*) Requires too much cooperation from spammers (*) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it ( ) Lack of centrally controlling authority for email (*) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses ( ) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email ( ) Armies of worm riddled broadband-connected Windows boxes (*) Eternal arms race involved in all filtering approaches (*) Extreme profitability of spam ( ) Joe jobs and/or identity theft ( ) Technically illiterate politicians (*) Extreme stupidity on the part of people who do business with spammers ( ) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) No-lists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks (*) Countermeasures must work if phased in gradually ( ) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
( ) technical ( ) legislative ( ) market-based (*) vigilante ( ) lack of an
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses ( ) Mailing lists and other legitimate email uses would be affected (*) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it ( ) Users of email will not put up with it ( ) Microsoft will not put up with it (*) The police will not put up with it (*) Requires too much cooperation from spammers (*) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(*) Laws expressly prohibiting it ( ) Lack of centrally controlling authority for email (*) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses (*) Asshats (*) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email ( ) Armies of worm riddled broadband-connected Windows boxes (*) Eternal arms race involved in all filtering approaches (*) Extreme profitability of spam (*) Joe jobs and/or identity theft ( ) Technically illiterate politicians (*) Extreme stupidity on the part of people who do business with spammers (*) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) No-lists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud (*) Countermeasures should not involve sabotage of public networks (*) Countermeasures must work if phased in gradually ( ) Sending email should be free (*) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
( ) technical (*) legislative ( ) market-based ( ) vigilante ( ) lack of an
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses ( ) Mailing lists and other legitimate email uses would be affected (*) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it ( ) Users of email will not put up with it ( ) Microsoft will not put up with it (*) The police will not put up with it ( ) Requires too much cooperation from spammers ( ) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it ( ) Lack of centrally controlling authority for email (*) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses (*) Asshats (*) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email ( ) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches (*) Extreme profitability of spam ( ) Joe jobs and/or identity theft (*) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers (*) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable (*) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) No-lists suck (*) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually ( ) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses (*) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome (*) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
(*) technical ( ) legislative ( ) market-based ( ) vigilante ( ) lack of an
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses (*) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it (*) Users of email will not put up with it (*) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers (*) Requires immediate total cooperation from everybody at once (*) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it (*) Lack of centrally controlling authority for email ( ) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses ( ) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money (*) Huge existing software investment in SMTP (*) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email ( ) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches ( ) Extreme profitability of spam ( ) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers ( ) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) No-lists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks (*) Countermeasures must work if phased in gradually ( ) Sending email should be free (*) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
1. Pull the network cord from infected machine. 2. Clean worm from infected machine (trivial in most cases...i.e. kill process edit registry) 3. Turn on firewall. 4. Plug in cord. 5. Download/install patches. 6. As an added measure run an online virus checker like the one from trendmicro.
Don't need to involve any other computers or media.
That's really nice. Flame someone who admittedly says they are new to linux and admits they had a problem. You do realize we need people like this who are willing to try it out to promote linux on the desktop.
Unfortunately, YaST and sax2 really blow it when comes to this. I just installed SuSE 9.1, and yes I checked the box to install the nvidia drivers. When my machine came up, sux2...I mean sax2 had nicely configured my monitor with crazy refresh settings so that I got "sync out of range".
Now, I'm not a linux newbie (the poster clearly admitted he was) and I was able to correct the issue by ctrl-alt-+ until I got a usable resolution/sync rate and was able to reconfigure the monitor settings to ones that were sane (why the hell do they have a list of monitors if all the numbers are going to be wrong?) I could see a newbie having trouble with this.
Oh, but the story doesn't end there. When I got it working with the right resolution and refresh rate, I noticed another lovely thing. 3D support was enabled, but the graphics were really slow. When I dragged a window it was jerky, minimizing a window looked like an automatic car window going down, etc.
What'd I do? I dumped the crappy driver installed by YaST (yes I know it comes from nvidia, but there was definitely something wrong with it), installed the ones from nvidia...but don't follow the instructions for suse because sux2...i mean sax2 never works right. I instead copied the file from another install where a similar setup was working correctly.
YaST works ok, however I have in the past and continue to have bad luck using YaST to install the nvidia drivers. Sax2 is the biggest piece of crap ever.
It's not hard to understand why someone who is new to linux may have a hard time using such a buggy piece of software, and may be intimidated by the command line or by messing with the esoteric X config file directly.
So how can we distinguish between an application that simply uses the right buzzwords, like AES, from an application that is actually secure?
We can't. I think it's more of a question of "Is it secure enough?" The WinZip encryption may be weak, but unless you're zipping up government secrets it's probably OK.
Almost all encryption schemes can be broken, either through brute force or social engineering, it's just the way it is.
Peer review certainly helps, but doesn't ensure that the product is secure. It may you tell which products are not secure, but then the above paragraph shows that.
It's bad, but it's not quite as bad as all of that. For example, a sex offender recently moved in down the street from me. He has a job, a house, and most of the neighbors make an effort to be friendly to him. I know I do.
I've been following this story in the news for a while:
The guy has served his time and he's to be released. The neighbors don't look friendly to me. Granted the guy did some awful things, but still.
Can't argue with that. A criminal conviction, though, requires proof "beyond reasonable doubt". If a jury really convicted him then I doubt that the conviction rested on nothing more than browser logs. If it did go down that way, that guy had better get a better lawyer and appeal. Getting the conviction overturned will get him off the registry.
RTFA. He wasn't convicted by a jury, he pleabargained. He says it was out of fear because they told him if it went to trial he'd go to jail for a long time. Instead he ended up spending 20 days in jail, but is now labeled as a sex offender and has a felony on his record. Pretty crappy if this is indeed a result of some spyware and perhaps some naivety on his part.
That's just it...you, I, or someone else who knows things about computers would click yes and feel confident that we were doing the right thing. In reality people who are knowledgable configure the firewall properly such that it works for the things they need to do and blocks everything else. For us there's no need to even have popup notifiers. What you are failing to understand is that most people have no idea how computers or networks work nor do they want to.
Most people do not know what a port is...they don't know what FTP is...some don't even know what IM is. Ask the majority of people what program they use to browse the web and they say, "I don't know...the e thing...or windows". Try it sometime. Ask people what version of windows they have, what their mail client is, what IM client they use, what the difference between a worm a virus and a trojan is and watch the blank stares.
In short, they simply have no idea what they are clicking yes and no to. The only things they know are that sometimes if they click no things do not work and that the constant popping up of firewall messages is annoying.
I agree that Microsoft could be doing a better job, and they are working on it. The ICF is a good first step. Enabling it by default (which they will do with Service Pack 2) is a good second step. A good third step would be forcing the user to enable a lot of the worthless services that are now currently turned on by default when windows is installed.
Other than that there isn't much they can do...people choose not to install patches. People choose not to install/update antivirus software. People choose to launch harmful email attachments.
Except that most people will just click yes because they have no idea what they are doing.
All they know is that "clicking yes" makes their IM client work or game work.
Asking if it's ok to do something hasn't stopped websites that install spyware, "comet cursor...sure sounds good...spyware crap toolbar, wow that sounds useful!"
What makes you think it'll work with firewalls?
Finally, clicking "always" makes the notices stop comming up. Imagine the machine is being pummeled by Sasser and notices keep popping up constantly asking to allow inbound traffic.
Unfortunately the only real solution is also the most impractical...cutting the luser's network cable.
Um no...you see, while online you download a copy of zonealarm. You put it on removable media (notice that you quoted part of my post that included using the removable media, this is really key to the whole plan) and then you install it from the removable media after reinstalling the OS, but before putting the machine online.
This presumes that:
1. Your machine is able to download something prior to reinstall, or that you have another machine that is online or a friend with a machine that is online or access to another machine that is online (say a library machine or work machine), or that you use another OS temporarily to get your machine online (cd based linux distro or reinstall windows download and then reinstall again), or that you downloaded the firewall ahead of time prior to needing to reinstall.
2. You have removable media available that has enough capacity to hold the firewall software.
3. You are able to write to your available removable media.
4. Your machine is able to read the removable media after reinstall.
5. Your removable media is not corrupt.
6. You know what removable media is.
The above conditions in most cases are quite easy to meet. If they cannot be met, then you enable the built in XP firewall as was also mentioned in my post.
The flow chart below illustrates the point as well:
able to download firewall? | | |yes |no | | \/ no \/ able to put ------> reinstall os, enable built in firewall on firewall, then put machine removable online and patch media? | yes reinstall os, install +-------------->firewall from removable media, then put machine online and patch
Slashdot Mirror
Your post advocates a
(*) technical ( ) legislative ( ) market-based ( ) vigilante ( ) lack of an
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(*) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(*) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(*) Requires too much cooperation from spammers
(*) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(*) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(*) Eternal arms race involved in all filtering approaches
(*) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(*) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) No-lists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(*) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Your post advocates a
( ) technical ( ) legislative ( ) market-based (*) vigilante ( ) lack of an
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(*) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(*) The police will not put up with it
(*) Requires too much cooperation from spammers
(*) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(*) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(*) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(*) Asshats
(*) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(*) Eternal arms race involved in all filtering approaches
(*) Extreme profitability of spam
(*) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(*) Extreme stupidity on the part of people who do business with spammers
(*) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) No-lists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(*) Countermeasures should not involve sabotage of public networks
(*) Countermeasures must work if phased in gradually
( ) Sending email should be free
(*) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Your post advocates a
( ) technical (*) legislative ( ) market-based ( ) vigilante ( ) lack of an
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(*) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(*) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(*) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(*) Asshats
(*) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(*) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(*) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(*) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
(*) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) No-lists suck
(*) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(*) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(*) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Your post advocates a
(*) technical ( ) legislative ( ) market-based ( ) vigilante ( ) lack of an
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(*) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(*) Users of email will not put up with it
(*) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(*) Requires immediate total cooperation from everybody at once
(*) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(*) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(*) Huge existing software investment in SMTP
(*) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) No-lists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(*) Countermeasures must work if phased in gradually
( ) Sending email should be free
(*) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
When you install it, the toolbar gives you the option to install with or without "Advanced Features".
I'd certainly call the toolbar benign though. As you said, it tells you upfront what it's going to do when you enable the "Advanced Features".
I imagine that penis enlargement emails would be considered "cummunist" propaganda.
Ba bum bum...Yes folks I'll be here all night.
You haven't been reading slashdot enough. :-p
Tarpitting has been featured a few times in the past.
I want one google dollars!
MuahahaMuahahahaMuahahahaha!
Or...
1. Pull the network cord from infected machine.
2. Clean worm from infected machine (trivial in most cases...i.e. kill process edit registry)
3. Turn on firewall.
4. Plug in cord.
5. Download/install patches.
6. As an added measure run an online virus checker like the one from trendmicro.
Don't need to involve any other computers or media.
That's really nice. Flame someone who admittedly says they are new to linux and admits they had a problem. You do realize we need people like this who are willing to try it out to promote linux on the desktop.
Unfortunately, YaST and sax2 really blow it when comes to this. I just installed SuSE 9.1, and yes I checked the box to install the nvidia drivers. When my machine came up, sux2...I mean sax2 had nicely configured my monitor with crazy refresh settings so that I got "sync out of range".
Now, I'm not a linux newbie (the poster clearly admitted he was) and I was able to correct the issue by ctrl-alt-+ until I got a usable resolution/sync rate and was able to reconfigure the monitor settings to ones that were sane (why the hell do they have a list of monitors if all the numbers are going to be wrong?) I could see a newbie having trouble with this.
Oh, but the story doesn't end there. When I got it working with the right resolution and refresh rate, I noticed another lovely thing. 3D support was enabled, but the graphics were really slow. When I dragged a window it was jerky, minimizing a window looked like an automatic car window going down, etc.
What'd I do? I dumped the crappy driver installed by YaST (yes I know it comes from nvidia, but there was definitely something wrong with it), installed the ones from nvidia...but don't follow the instructions for suse because sux2...i mean sax2 never works right. I instead copied the file from another install where a similar setup was working correctly.
YaST works ok, however I have in the past and continue to have bad luck using YaST to install the nvidia drivers. Sax2 is the biggest piece of crap ever.
It's not hard to understand why someone who is new to linux may have a hard time using such a buggy piece of software, and may be intimidated by the command line or by messing with the esoteric X config file directly.
So how can we distinguish between an application that simply uses the right buzzwords, like AES, from an application that is actually secure?
We can't. I think it's more of a question of "Is it secure enough?" The WinZip encryption may be weak, but unless you're zipping up government secrets it's probably OK.
Almost all encryption schemes can be broken, either through brute force or social engineering, it's just the way it is.
Peer review certainly helps, but doesn't ensure that the product is secure. It may you tell which products are not secure, but then the above paragraph shows that.
That's trojan not virus...
Except that Microsoft sells office for Mac.
It's not like this trojan was designed for linux users.
Oh yeah...Microsoft is attacking those Mac pirates. Macs represent what, 1% of the desktop market?
That's far more likely than some script kiddy who thought it would be fun to dupe people into running a harmful shell script.
Workaround: Don't run crap off a P2P network without a valid md5sum from the original source.
How does that make it any less of a trojan?
It obviously designed to make the user think they were running/installing Word, but instead erases their home directory.
What happens if it doesn't do anything bad until say...the 10th time you run it?
I hope you keep good up to date backups.
Just about all of it does. Either from plants directly or from things that eat plants.
Somehow I don't see the feces economy as being sustainable.
Biodiesel is made from plants yes?
Have any idea how we fertilize our plants?
Did you ever stop to think how they get hydrogen into a form suitable for use as a transportation fuel?
It's not like you pour water into your tank or something.
Hydrogen is an energy carrier, not an energy source.
Yeah those ads are annoying...not as annoying as the Oracle unbreakable ones though.
It's bad, but it's not quite as bad as all of that. For example, a sex offender recently moved in down the street from me. He has a job, a house, and most of the neighbors make an effort to be friendly to him. I know I do.
I've been following this story in the news for a while:
Patrick Gholotti
The guy has served his time and he's to be released. The neighbors don't look friendly to me. Granted the guy did some awful things, but still.
Can't argue with that. A criminal conviction, though, requires proof "beyond reasonable doubt". If a jury really convicted him then I doubt that the conviction rested on nothing more than browser logs. If it did go down that way, that guy had better get a better lawyer and appeal. Getting the conviction overturned will get him off the registry.
RTFA. He wasn't convicted by a jury, he pleabargained. He says it was out of fear because they told him if it went to trial he'd go to jail for a long time. Instead he ended up spending 20 days in jail, but is now labeled as a sex offender and has a felony on his record. Pretty crappy if this is indeed a result of some spyware and perhaps some naivety on his part.
That's just it...you, I, or someone else who knows things about computers would click yes and feel confident that we were doing the right thing. In reality people who are knowledgable configure the firewall properly such that it works for the things they need to do and blocks everything else. For us there's no need to even have popup notifiers. What you are failing to understand is that most people have no idea how computers or networks work nor do they want to.
Most people do not know what a port is...they don't know what FTP is...some don't even know what IM is. Ask the majority of people what program they use to browse the web and they say, "I don't know...the e thing...or windows". Try it sometime. Ask people what version of windows they have, what their mail client is, what IM client they use, what the difference between a worm a virus and a trojan is and watch the blank stares.
In short, they simply have no idea what they are clicking yes and no to. The only things they know are that sometimes if they click no things do not work and that the constant popping up of firewall messages is annoying.
I agree that Microsoft could be doing a better job, and they are working on it. The ICF is a good first step. Enabling it by default (which they will do with Service Pack 2) is a good second step. A good third step would be forcing the user to enable a lot of the worthless services that are now currently turned on by default when windows is installed.
Other than that there isn't much they can do...people choose not to install patches. People choose not to install/update antivirus software. People choose to launch harmful email attachments.
Except that most people will just click yes because they have no idea what they are doing.
All they know is that "clicking yes" makes their IM client work or game work.
Asking if it's ok to do something hasn't stopped websites that install spyware, "comet cursor...sure sounds good...spyware crap toolbar, wow that sounds useful!"
What makes you think it'll work with firewalls?
Finally, clicking "always" makes the notices stop comming up. Imagine the machine is being pummeled by Sasser and notices keep popping up constantly asking to allow inbound traffic.
Unfortunately the only real solution is also the most impractical...cutting the luser's network cable.
I wonder how well Marc holds up against Stevens.
It's very unfortunate Stevens died so young, his books including "Advanced Unix Programming" are extraordinary.
Um no...you see, while online you download a copy of zonealarm. You put it on removable media (notice that you quoted part of my post that included using the removable media, this is really key to the whole plan) and then you install it from the removable media after reinstalling the OS, but before putting the machine online.
This presumes that:
1. Your machine is able to download something prior to reinstall, or that you have another machine that is online or a friend with a machine that is online or access to another machine that is online (say a library machine or work machine), or that you use another OS temporarily to get your machine online (cd based linux distro or reinstall windows download and then reinstall again), or that you downloaded the firewall ahead of time prior to needing to reinstall.
2. You have removable media available that has enough capacity to hold the firewall software.
3. You are able to write to your available removable media.
4. Your machine is able to read the removable media after reinstall.
5. Your removable media is not corrupt.
6. You know what removable media is.
The above conditions in most cases are quite easy to meet. If they cannot be met, then you enable the built in XP firewall as was also mentioned in my post.
The flow chart below illustrates the point as well:
able to download firewall?
| |
|yes |no
| |
\/ no \/
able to put ------> reinstall os, enable built in
firewall on firewall, then put machine
removable online and patch
media?
| yes reinstall os, install
+-------------->firewall from removable
media, then put machine
online and patch