How the hell can NOD32 be the "best" antivirus software when they have no warning or description of MyDoom.F on their site for their clients? This is a very destructive variant that deletes files, and has been in the wild for two days. One good thing about Symantec and the other big boys: they have reams of details about every virus out there, in an easy-to-grok format.
All this stuff greatly aids clean-up when your lusers download and open the infected ZIP attachments from an obscure webmail provider that you weren't blocking. No definition-based antivirus system is going to protect you within minutes of a virus spreading, restore deleted data, or help you repair all the other damage done to your systems beyond removing the virus itself. You need other tools, primarily information.
I'd rather pay for Symantec or Trend Micro's enterprise suite and the corresponding enterprise support (surprisingly good in both cases) any day of the week.
Giving money and power to government is like giving whiskey and car keys to a teenage boy. -P.J. O'Rourke
...at least in Downtown Chicago. Over five years, I lived in verious areas of the city, in high-rises and houses. I used two different cable providers, RCN and AT&T. In every case, my cable would go out several times per week, for at least a few hours. There were just too many cables running around the city, too connect/disconnects, and too many pirates for those companies to be able to run a reliable cable infrastructure.
I switeched to DirecTV four years ago, and my service has gone out only three times, for a few hours at most. This is in the worst weather Chicago has to offer. If you securely mount your dish on a vertical post or wall (instead of on a roof, where snow can't drift up to it, and water can pool up and foul your cables) weather is not really a problem. If you do see rain fade, you can get a larger dish for less than $100 that will fix the issue.
I have heard anecdotal evidence that service levels have gone up in Chicago since Comacast took over AT&T's network, but I've also heard anecdotal evidence that things have gotten worse in the Chicago suburbs. So who knows.
Oh, and some full disclosure: I myself once argued in a slashdot discussion that all these "random word" spams were going to poison my Bayesian filter. I was quickly pursuaded by our helpful community members (and a little back-of-my-napkin math) that I was wrong...
I didn't mean to attack you, dude, I was just surprised that your post got modded up all the way to a 5-Interesting.
The "random words" technique has been discussed a lot of places, most notably by the widely-quoted "grandfather" of Bayesing spam filtering, Paul Graham. I would have thought at least some of the moderators would have read something about the subject. It's even been discussed on slashdot before.
This is old news, and has been discussed ad-nauseum in every developers forum for anti-spam software that I've seen.
The "random words" technique is almost completely ineffective at "poisoning" a Bayesian or other statistical filter, presuming it is well-trained. All the random words score in the middle, contributing almost nothing to the final message score. Occasionally, a very "hammy" word will be chosen by the spammer, but just as frequently, a very "spammy" word will show up. It's a wash as far as the filter is concerned.
What's probably happening is that spammers are defeating the program's HTML or e-mail header parser, not the Bayesian model in general. Pick a filtering program with a better parser, and you'll do much better. Try SpamBayes.
Nowhere in your own references does it even suggest that US military advisors were involved in the gassing of Kurdish Civillians. What the hell are you talking about?
Oh, and what a shocker - the U.S. made some seriously boneheaded foreign policy moves. Does that somehow make Saddam a nice guy?
In my opinion, the recent war in Iraq was justified, both legally and ethically, by Iraq's repeated breaches of the 1991 cease-fire agreement. We should have gone after him much earlier. Why Bush et. al. tried to use WMD as a rationale to "sell" the war, I have no idea.
I'm sory I killed 300,000 of my own soldiers, and those 600,000 Iranians. Oh, and 200,000 civilians... they might have been a threat some day. Besides, I had to test my VX and Sarin!
Uptime is not really about your OS choice, it's how you manage your systems.
Here's a report from one machine on my local network, a system which runs SQL 2000 under fairly heavy daytime load (especially disk I/O). The reason uptime is only 64 days is that was the last time we applied a OS-level patch that wasn't covered by other security measures:
G:\Utilities\PsInfo>psinfo.exe
PsInfo 1.34 - local and remote system information viewer Copyright (C) 2001-2002 Mark Russinovich Sysinternals - www.sysinternals.com
Uptime: 64 days, 0 hours, 35 minutes, 40 seconds Kernel version: Microsoft Windows 2000, Multiprocessor Free Product type: Server Product version: 5.0 Service pack: 4 Kernel build number: 2195 Install date: 1/8/2001, 9:02:44 PM Processors: 2 Processor speed: 1.0 GHz Processor type: Intel Pentium III Physical memory: 2048 MB
What about the 50% of americans that live between the coasts? We're definitely spread out, except here in Chicago, which has good commuter rail service.
Are you seriously suggesting that a train could be profitable between Chicago and the coasts? Okay, you can include Denver and Cleveland as stops, but unless it was a fast train, nobody would come. Who wants an 20 hour ride to Grandma's, when I can fly for $150? And how do I get to Boulder once I get to Denver onthe train?
The U.S., ingeneral, *is* too spread out for inter-city trains. It's just not too spread out where you live.
Re:Not to be anal, bu(t)t...
on
Wireless Hacks
·
· Score: 1
Apple's "new" font, which came into use in the IIc/IIgs era, looks exactly like ITC Garamond Condensed. Given their cozy relationship with Adobe, I'll assume that's what it is.
The platinum IIe cases used this font too IIRC, although my IIe is beige so I can't be sure. Apple uses the same font on everything to this day...
My office is on several lower floors (8-10) of a building in the downtown area of a really big city with a crappy football team. There's a Starbucks diagonally across the street at ground level, probably 500 feet away.
I was running a netStumbler scan for rogue APs, and I was able to see the T-Mobile network inside Starbucks, even after it was closed. I got a signal that would have been good enough for a 1 mbps connection from about 1/2 of every floor. And this with the punk-ass built-in "tab" antenna on a Microsoft-branded 802.11b card.
Granted, there is a direct line-of-sight between the glass expanses of the Starbucks storefront and the large wraparound windows on our building, but I was still surprised. Maybe being 30-40m high helped somehow, there's lots of metal-faced buildings in the area to bounce a radio signal.
I'm not sure what the monthy T-Mobile/Starbucks rates are, but you might have found yourself a really cheap broadband provider if you can get a directional antenna going.
Microsoft has been doing this for a few years now, and they've used the resulting data to fix the "worst offending" bugs.
The results are encouraging: Office XP programs with Office XP Service Pack 2 basically never crash, at least in our organization of more than 100 desktop and mobile users.
I certainly can't say the same for OpenOffice 1.0... it seemed to crash every time I moved the mouse, so I eventually went back to Office XP on Windows.
I find it disingenous that/. fails to mention Microsoft's widespread use of such a system, and the positive results. But then again you're not allowed to say anything nice about Microsoft here.
That's completely untrue, at least in the general sense.
I've had no trouble applying SP4 to a half-dozen SP3 web servers that had IIS lockdown installed. I think you're blaming the wrong bit of code for your SP4 install failure. Did you actually look at the installer log?
The overwhelming majority of machines infected by this worm will be home machines or unamanged machines on university networks. Very few corporate machines will be victimized in my opinion. Unless, of course, corporations with lax remote access policies allow connections behind their firewalls from employee home machines.
Anyway, I think an indictment of Windows sysadmins is quite premature. The fact that the worm hasn't ground the net to a halt already is indicitave of a decent level of firewalling and patching.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
So if you're stuck with proprietary protocols my heart goes out to you.:)
We're not stuck, it's a choice we (and a lot of other organizations) have made because we find great value in the rich functionality provided by the native RPC client/server interface.
Anyway, both MS and Lotus provide published APIs for extending their products. Not as good open standards, but better (for customer choice) than entirely closed systems. De facto rather than de jure standards are still the rule in a lot areas of the IT industry. Cetainly one must agree that MS Office (which includes the Outlook client) is a de facto standard. Exchange and Notes/Domino are still battling for that title in the corporate groupware arena, and unsurprisingly MS is winning.
Finally, both Exchange and Notes/Domino are also capable of serving standard POP3/IMAP4 protocols, but many of the groupware features (like custom forms applications, scheduling, and the like) are unavailable through those interfaces. POP3 and IMAP4 really make no provisions for anything other than simple mail message passing. When the standards aren't good enough for your needs, you're forced to use something else until the standards catch up.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
Not sure why you don't want to operate at the POP3 level. We have customers using Macs, Windows, Linux, and Palm pilots using our service with no problems.
The vast majority of our clients are non-POP3 (or even IMAP4). We primarily use Outlook 2000/XP's proprietary RPC interface to talk with Exchange server, because it has much richer funtionality than even IMAP4. We also use Outlook Web Access heavily, this of course runs over HTTP, and the OWA server itself communicates directly to the exchange data store through proprietary protocols.
I think you'll find similar problems selling your product into Lotus Notes/Domino shops; these also use proprietary client/server protocols to provide a richer "groupware" experience than "standard" protocols to a wide variety of clients.
Between Exchange and Notes, I'd guess you're missing 90+% of the corporate messaging seats out there (at least in the U.S.)
The only solution I see for a "one size fits all" filter is to filter at the SMTP level as mail comes into an organization, and then provide a web interface for management of spam corpuses, whitelists, and blacklists. We've looked at some products architected this way, but none were Bayesian, and none were even remotely simple enough to be useful to my mother.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
I had very poor results with my first experiences with Bayesian filters, less than 70% capture rate. But I'm becoming more and more convinced that the problem was with the parser of that particular implementation, not the Bayesian approach in general.
But "going Bayesian" poses a problem: as an organization, we need a solution that is easy to administer (i.e. users can retrieve their own false positives, whitelists, and the like), operates entirely at the server, without a client install (since we have so many different ways to connect to our mail system: PDAs, web, etc.), integrates with Exchange 2000 Server (the bully in the corporate messaging space), and requires little user training (so that Harry from marketing can "grok" it.) I haven't found a Bayesian product that even comes withing ten miles of meeting those criteria; in fact, only the only product that comes close is the one we bought.
Do youy know of any Bayesian product for Exchange Server? Software that operates at the SMTP or POP3 level won't cut it, because of the variety of devices we deal with.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
When I used innocuous, I meant INNOCENT the way you use it.
I would have to argue that your list of most INNOCENT words contains many of the same words as other people. All a spammer needs to do is find the intersection of the lists of innocent words from a cross-section of people.
I don't believe producing a list of INNOCENT words is as hard as you think... most personal correspondence is about the same stuff, no matter what your field or interests: family, office politcs, going out after work.
If you read the recent presentation from the writer of the POPfile bayesian filter, you'll see that most spam attacks attempt to defeat the SMTP header, MIME, HTML or text token parsers for spam filters. But some are designed to defeat the statistical engines, such as using the random "innocent" words as I mentioned. These have proven effective against the naive Bayesian algorithm in POPfile, otherwise why would he mention them?
You can get an unabridged dictionary from many password-cracking tools out there on the net. Try searching for l0phtcrack.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
Also, might I ask, what filter do you use?
We're currently using Sunbelt's iHateSpam Server Edition, which uses a Bayesian-like scoring system, and evaluates message body and header alike. But it uses a centralized weightings database for all users. This makes the system much less effective than a per user Bayesian system, but much more manageable for our Exchange Server environment. It also doesn't parse all aspects of HTML cleanly, nor does it tokenise HTML tags separately for analysis, though this is supposed to change in the next release.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
1) Point taken, I didn't think abou tnon-dictionary words that way.
2) The messages I've seen use collections random words I believe are very likely to be scored as "innocent". Certainly spammers can set up their own bayesian filters for a bunch of different mailboxes, find the intersection of strings deemed most innocent, and use those as a base for adding random white-on-white text that makes spam look "innocent" to a statistical filter.
3) Many spam filters do not parse HTML completely or correctly, nor do they perform OCR on images that contain text. That should change in the futute, but what about white-on-white text, or almost white-on-white text that contains the aforementioned innocuous random words?
My main argument is that Bayesian filters are not a silver bullet - even though they might appear to be at this point in time. Spammers will evolve, specifically finding ways to defeat Bayseain filters as they become more widespread. It's just like the antivirus thing, an endless cycle, redeemable only by adding some sort of signature authentication to all executable code.
I think our best bet in fighting spam is to bite the bullet now, change or extend the flawed protocol, and deal with the nightmare PKI and trust system we'll have to create.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
I see this all the time. Random strings, random dictionary words, random HTML comments. definitely designed to throw off statistical filters.
Re:Idea :-) [encrypt all e-mail traffic]
on
Replacing SMTP?
·
· Score: 1
This is stupid. If you're interested in security and authentication, the IPsec layer would be sufficient. But you would need a certificate infrastructure to support the IPsec connections, so this is no better than SMTP over SSL/TLS, which we already have and nobody uses.
If the point of your "temporary" openPGP encryptionis simply to add CPU cycles, there are much simpler and more scalable "problems" to pass off to the sender. For example, in a plain old SMTP session, have the recieveing server calculate two large-ish random primes (say 128 bits) and send their product to the sending server. THe sending server must accept this new ESMTP command, pass the factorizaion back and then it gets to send a message at regular priority. Otherwise the connection gets held open for 30 seconds before the message is accepted.... Men stumble over the truth from time to time, but most pick themselves up and hurry off as if nothing happened.
-Sir Winston S. Churchill
To paraphrase PJ O'Rourke: if you think internet connections are expensive now, wait until you see what they cost when they're free.
Reminds me of the debate on socialized medice...
Slashdot Mirror
All this stuff greatly aids clean-up when your lusers download and open the infected ZIP attachments from an obscure webmail provider that you weren't blocking. No definition-based antivirus system is going to protect you within minutes of a virus spreading, restore deleted data, or help you repair all the other damage done to your systems beyond removing the virus itself. You need other tools, primarily information.
I'd rather pay for Symantec or Trend Micro's enterprise suite and the corresponding enterprise support (surprisingly good in both cases) any day of the week.
Giving money and power to government is like giving whiskey and car keys to a teenage boy. -P.J. O'Rourke
I switeched to DirecTV four years ago, and my service has gone out only three times, for a few hours at most. This is in the worst weather Chicago has to offer. If you securely mount your dish on a vertical post or wall (instead of on a roof, where snow can't drift up to it, and water can pool up and foul your cables) weather is not really a problem. If you do see rain fade, you can get a larger dish for less than $100 that will fix the issue.
I have heard anecdotal evidence that service levels have gone up in Chicago since Comacast took over AT&T's network, but I've also heard anecdotal evidence that things have gotten worse in the Chicago suburbs. So who knows.
Oh, and some full disclosure: I myself once argued in a slashdot discussion that all these "random word" spams were going to poison my Bayesian filter. I was quickly pursuaded by our helpful community members (and a little back-of-my-napkin math) that I was wrong...
The "random words" technique has been discussed a lot of places, most notably by the widely-quoted "grandfather" of Bayesing spam filtering, Paul Graham. I would have thought at least some of the moderators would have read something about the subject. It's even been discussed on slashdot before.
This is old news, and has been discussed ad-nauseum in every developers forum for anti-spam software that I've seen.
The "random words" technique is almost completely ineffective at "poisoning" a Bayesian or other statistical filter, presuming it is well-trained. All the random words score in the middle, contributing almost nothing to the final message score. Occasionally, a very "hammy" word will be chosen by the spammer, but just as frequently, a very "spammy" word will show up. It's a wash as far as the filter is concerned.
What's probably happening is that spammers are defeating the program's HTML or e-mail header parser, not the Bayesian model in general. Pick a filtering program with a better parser, and you'll do much better. Try SpamBayes.
Nowhere in your own references does it even suggest that US military advisors were involved in the gassing of Kurdish Civillians. What the hell are you talking about?
Oh, and what a shocker - the U.S. made some seriously boneheaded foreign policy moves. Does that somehow make Saddam a nice guy?
In my opinion, the recent war in Iraq was justified, both legally and ethically, by Iraq's repeated breaches of the 1991 cease-fire agreement. We should have gone after him much earlier. Why Bush et. al. tried to use WMD as a rationale to "sell" the war, I have no idea.
I'm sory I killed 300,000 of my own soldiers, and those 600,000 Iranians. Oh, and 200,000 civilians... they might have been a threat some day. Besides, I had to test my VX and Sarin!
Oh really?
Uptime is not really about your OS choice, it's how you manage your systems.
Here's a report from one machine on my local network, a system which runs SQL 2000 under fairly heavy daytime load (especially disk I/O). The reason uptime is only 64 days is that was the last time we applied a OS-level patch that wasn't covered by other security measures:
What about the 50% of americans that live between the coasts? We're definitely spread out, except here in Chicago, which has good commuter rail service.
Are you seriously suggesting that a train could be profitable between Chicago and the coasts? Okay, you can include Denver and Cleveland as stops, but unless it was a fast train, nobody would come. Who wants an 20 hour ride to Grandma's, when I can fly for $150? And how do I get to Boulder once I get to Denver onthe train?
The U.S., ingeneral, *is* too spread out for inter-city trains. It's just not too spread out where you live.
The platinum IIe cases used this font too IIRC, although my IIe is beige so I can't be sure. Apple uses the same font on everything to this day...
I was running a netStumbler scan for rogue APs, and I was able to see the T-Mobile network inside Starbucks, even after it was closed. I got a signal that would have been good enough for a 1 mbps connection from about 1/2 of every floor. And this with the punk-ass built-in "tab" antenna on a Microsoft-branded 802.11b card.
Granted, there is a direct line-of-sight between the glass expanses of the Starbucks storefront and the large wraparound windows on our building, but I was still surprised. Maybe being 30-40m high helped somehow, there's lots of metal-faced buildings in the area to bounce a radio signal.
I'm not sure what the monthy T-Mobile/Starbucks rates are, but you might have found yourself a really cheap broadband provider if you can get a directional antenna going.
The results are encouraging: Office XP programs with Office XP Service Pack 2 basically never crash, at least in our organization of more than 100 desktop and mobile users.
I certainly can't say the same for OpenOffice 1.0... it seemed to crash every time I moved the mouse, so I eventually went back to Office XP on Windows.
I find it disingenous that /. fails to mention Microsoft's widespread use of such a system, and the positive results. But then again you're not allowed to say anything nice about Microsoft here.
That's completely untrue, at least in the general sense.
I've had no trouble applying SP4 to a half-dozen SP3 web servers that had IIS lockdown installed. I think you're blaming the wrong bit of code for your SP4 install failure. Did you actually look at the installer log?
Anyway, I think an indictment of Windows sysadmins is quite premature. The fact that the worm hasn't ground the net to a halt already is indicitave of a decent level of firewalling and patching.
We're not stuck, it's a choice we (and a lot of other organizations) have made because we find great value in the rich functionality provided by the native RPC client/server interface.
Anyway, both MS and Lotus provide published APIs for extending their products. Not as good open standards, but better (for customer choice) than entirely closed systems. De facto rather than de jure standards are still the rule in a lot areas of the IT industry. Cetainly one must agree that MS Office (which includes the Outlook client) is a de facto standard. Exchange and Notes/Domino are still battling for that title in the corporate groupware arena, and unsurprisingly MS is winning.
Finally, both Exchange and Notes/Domino are also capable of serving standard POP3/IMAP4 protocols, but many of the groupware features (like custom forms applications, scheduling, and the like) are unavailable through those interfaces. POP3 and IMAP4 really make no provisions for anything other than simple mail message passing. When the standards aren't good enough for your needs, you're forced to use something else until the standards catch up.
The vast majority of our clients are non-POP3 (or even IMAP4). We primarily use Outlook 2000/XP's proprietary RPC interface to talk with Exchange server, because it has much richer funtionality than even IMAP4. We also use Outlook Web Access heavily, this of course runs over HTTP, and the OWA server itself communicates directly to the exchange data store through proprietary protocols.
I think you'll find similar problems selling your product into Lotus Notes/Domino shops; these also use proprietary client/server protocols to provide a richer "groupware" experience than "standard" protocols to a wide variety of clients.
Between Exchange and Notes, I'd guess you're missing 90+% of the corporate messaging seats out there (at least in the U.S.)
The only solution I see for a "one size fits all" filter is to filter at the SMTP level as mail comes into an organization, and then provide a web interface for management of spam corpuses, whitelists, and blacklists. We've looked at some products architected this way, but none were Bayesian, and none were even remotely simple enough to be useful to my mother.
But "going Bayesian" poses a problem: as an organization, we need a solution that is easy to administer (i.e. users can retrieve their own false positives, whitelists, and the like), operates entirely at the server, without a client install (since we have so many different ways to connect to our mail system: PDAs, web, etc.), integrates with Exchange 2000 Server (the bully in the corporate messaging space), and requires little user training (so that Harry from marketing can "grok" it.) I haven't found a Bayesian product that even comes withing ten miles of meeting those criteria; in fact, only the only product that comes close is the one we bought.
Do youy know of any Bayesian product for Exchange Server? Software that operates at the SMTP or POP3 level won't cut it, because of the variety of devices we deal with.
I would have to argue that your list of most INNOCENT words contains many of the same words as other people. All a spammer needs to do is find the intersection of the lists of innocent words from a cross-section of people.
I don't believe producing a list of INNOCENT words is as hard as you think... most personal correspondence is about the same stuff, no matter what your field or interests: family, office politcs, going out after work.
If you read the recent presentation from the writer of the POPfile bayesian filter, you'll see that most spam attacks attempt to defeat the SMTP header, MIME, HTML or text token parsers for spam filters. But some are designed to defeat the statistical engines, such as using the random "innocent" words as I mentioned. These have proven effective against the naive Bayesian algorithm in POPfile, otherwise why would he mention them?
You can get an unabridged dictionary from many password-cracking tools out there on the net. Try searching for l0phtcrack.
We're currently using Sunbelt's iHateSpam Server Edition, which uses a Bayesian-like scoring system, and evaluates message body and header alike. But it uses a centralized weightings database for all users. This makes the system much less effective than a per user Bayesian system, but much more manageable for our Exchange Server environment. It also doesn't parse all aspects of HTML cleanly, nor does it tokenise HTML tags separately for analysis, though this is supposed to change in the next release.
1) Point taken, I didn't think abou tnon-dictionary words that way. 2) The messages I've seen use collections random words I believe are very likely to be scored as "innocent". Certainly spammers can set up their own bayesian filters for a bunch of different mailboxes, find the intersection of strings deemed most innocent, and use those as a base for adding random white-on-white text that makes spam look "innocent" to a statistical filter. 3) Many spam filters do not parse HTML completely or correctly, nor do they perform OCR on images that contain text. That should change in the futute, but what about white-on-white text, or almost white-on-white text that contains the aforementioned innocuous random words? My main argument is that Bayesian filters are not a silver bullet - even though they might appear to be at this point in time. Spammers will evolve, specifically finding ways to defeat Bayseain filters as they become more widespread. It's just like the antivirus thing, an endless cycle, redeemable only by adding some sort of signature authentication to all executable code. I think our best bet in fighting spam is to bite the bullet now, change or extend the flawed protocol, and deal with the nightmare PKI and trust system we'll have to create.
I see this all the time. Random strings, random dictionary words, random HTML comments. definitely designed to throw off statistical filters.
This is stupid. If you're interested in security and authentication, the IPsec layer would be sufficient. But you would need a certificate infrastructure to support the IPsec connections, so this is no better than SMTP over SSL/TLS, which we already have and nobody uses.
...
If the point of your "temporary" openPGP encryptionis simply to add CPU cycles, there are much simpler and more scalable "problems" to pass off to the sender. For example, in a plain old SMTP session, have the recieveing server calculate two large-ish random primes (say 128 bits) and send their product to the sending server. THe sending server must accept this new ESMTP command, pass the factorizaion back and then it gets to send a message at regular priority. Otherwise the connection gets held open for 30 seconds before the message is accepted.
Men stumble over the truth from time to time, but most pick themselves up and hurry off as if nothing happened.
-Sir Winston S. Churchill
To paraphrase PJ O'Rourke: if you think internet connections are expensive now, wait until you see what they cost when they're free. Reminds me of the debate on socialized medice...
Why doesn't some hacker pose as a RIAA agent and use the "pre-emptive shut down" against the site of various media companies or the RIAA itself?
I mean, what checks are there to show that the party requesting and ISP shutdown is in fact an aggrieved copyright holder?