I'm always interested in a solution saying 'all the other vendors and their methods are crap, but our solution is the ultimate solution to spam'.
The article says: "Statistical (bayesian) scanning is easily defeated by randomization".
This is simply not true and I guess folks at hexview haven't met any real bayesian anti-spam application. I develope (and use!) a statistical (though not Bayesian but inverse chi square) content filter and I can tell you that it's far from "being defeated". I get lots of spam every day and it marks them correctly and catches at least 99.5% of the spam easily.
Nowdays most of the spam is sent by botnets as illustrated in the "Many-To-One" scenario. They accept that it's a difficult to handle situation and heuristic filtering is required unless the bots send a high email traffic. What about new botnets, unknown to the STP system? Bayesian filters can handle this. A typical shortcoming of this STP thing is that they cannot handle situations when you get spam from a low traffic host or if your colleauge bothers you with some stuff. Statistical filter can help you with this, too. It's unacceptable for me if a 3rd party judges my emails whether they are spam or not. That's why I keep avoiding solutions like STP, RBL,...
Have you considered traffic shaping? I mean ISPs may set up a traffic shaping rule limits their outbound DNS traffic to ~15%. I guess this should help a little.
I also think AV applications are very useful. Eg. I use clamav and AVG to keep malware out of my email. I'm pretty sure that it's good if an AV app can catch a worm but that's only the 2nd line of defense. You 1st line of defense is your up-to-date OS otherwise you are dead.
Let's say you have support for X commercial product from its vendor. Let's say product X has a serious bug. What to do? Of course, your boss will tell his boss 'we have called the vendor's tech support'. Fine.
Let's say a few months has gone and the vendor still cannot fix the issue. What your boss will tell his boss? 'oh, I'm sorry we chose the wrong product...'
I'm sure not every oss product is enterprise ready. Many of them has no business like attitue which enterprise users demand. I've read an article that said 99% of sourceforge/freshmeat projects are abandonware. That may be true.
But I think that's irrelevant. You need a product from vendor X which has future, bugs are getting fixed, new features are implemented at request, etc. Who cares what licence or distribution product X has? The upper management wants rock solid IT infrastructure inside its budget and should not care (too much) about license philosophies.
It should be noted that no application is secure enough (except some 'Hello World!' implementations). It's not unusual that one should get hotfixes, service packs, etc. to keep ones system (relatively) secure against crackers. If you like winamp get the update and relax.
As other folks said you may use other applications, mplayer is my favourite one. Of course I run it on Linux.
"There are 11 types of people in the world: those who can count in binary, and those who can't."
I think you mean 10 types of people in the binary world...
Slashdot Mirror
The article says: "Statistical (bayesian) scanning is easily defeated by randomization".
This is simply not true and I guess folks at hexview haven't met any real bayesian anti-spam application. I develope (and use!) a statistical (though not Bayesian but inverse chi square) content filter and I can tell you that it's far from "being defeated". I get lots of spam every day and it marks them correctly and catches at least 99.5% of the spam easily.
Nowdays most of the spam is sent by botnets as illustrated in the "Many-To-One" scenario. They accept that it's a difficult to handle situation and heuristic filtering is required unless the bots send a high email traffic. What about new botnets, unknown to the STP system? Bayesian filters can handle this. A typical shortcoming of this STP thing is that they cannot handle situations when you get spam from a low traffic host or if your colleauge bothers you with some stuff. Statistical filter can help you with this, too. It's unacceptable for me if a 3rd party judges my emails whether they are spam or not. That's why I keep avoiding solutions like STP, RBL, ...
Have you considered traffic shaping? I mean ISPs may set up a traffic shaping rule limits their outbound DNS traffic to ~15%. I guess this should help a little.
I also think AV applications are very useful. Eg. I use clamav and AVG to keep malware out of my email. I'm pretty sure that it's good if an AV app can catch a worm but that's only the 2nd line of defense. You 1st line of defense is your up-to-date OS otherwise you are dead.
hcoder
Let's say you have support for X commercial product from its vendor. Let's say product X has a serious bug. What to do? Of course, your boss will tell his boss 'we have called the vendor's tech support'. Fine.
Let's say a few months has gone and the vendor still cannot fix the issue. What your boss will tell his boss? 'oh, I'm sorry we chose the wrong product...'
I'm sure not every oss product is enterprise ready. Many of them has no business like attitue which enterprise users demand. I've read an article that said 99% of sourceforge/freshmeat projects are abandonware. That may be true.
But I think that's irrelevant. You need a product from vendor X which has future, bugs are getting fixed, new features are implemented at request, etc. Who cares what licence or distribution product X has? The upper management wants rock solid IT infrastructure inside its budget and should not care (too much) about license philosophies.
It should be noted that no application is secure enough (except some 'Hello World!' implementations). It's not unusual that one should get hotfixes, service packs, etc. to keep ones system (relatively) secure against crackers. If you like winamp get the update and relax. As other folks said you may use other applications, mplayer is my favourite one. Of course I run it on Linux.
"There are 11 types of people in the world: those who can count in binary, and those who can't." I think you mean 10 types of people in the binary world...