The Battle Against Junk Mail and Spyware 312
wildfrontiersman writes "A New York Times editorial by Brent Staples, The Battle Against Junk Mail and Spyware on the Web, laments 'The story of technology is the story of noble aspirations overtaken by a hard-core huckster reality. This process is on vivid display in the debate about electronic junk mail, which makes up more than half of all the e-mail that travels on the Internet.' He criticizes the new spam law, the lack of attention to spyware and how it threatens our beloved internet."
From the article.... (Score:5, Insightful)
And what the article does not discuss at any length is that we have Microsoft security (or lack thereof) to blame for most of the spyware problems. If Windows had better security, then most of these problems would not be there to the same degree as they currently are.
It's getting sad (Score:5, Insightful)
I was visiting my parents when they got their Dell and out of the box it required over 20Mb of security fixes and had a virus scanner (Mcafee) that was set to explode after 90 days if they didn't subscribe and the firewall off by default. Oh and of course their account that they setup with the instructions made them an administrator. We got that patched up and hardened quickly but your average Joe who buys a system and plugs it in is just a sitting duck and he has no clue. It's pathetic that companies like Dell can't harden the things a little before shipping them out.
Re:From the article.... (Score:3, Insightful)
Re:From the article.... (Score:5, Insightful)
Re:Spyware a necessary evil for some (Score:5, Insightful)
Care to justify that stance?
When visiting someone who asks me to help them with some computer-related task, as my very first action I download and run AdAware. It usually find at least 30-40 scattered chunks of spyware (I've seen in the thousands more than once), with perhaps half a dozen actual fully-functioning programs (the abundance of spyware has the amusingly ironic side effect that they all tend to break one another over time).
After removing all the spyware found, the computer's owner without fail notices the improved responsiveness and reduced desktop and browser clutter. I have not once had someone then ask me annoyedly where their "favorite" browser hijack vanished to; more often, I get a thankful "Oh, you finally got rid of that damn thing... I agreed to it from some website a few months ago, and no matter what I do couldn't make it go away".
So, what part of any of the above do you believe makes a computer more user-friendly?
I pity no one (Score:2, Insightful)
I run a Windows XP machine for music editing and I use it online plenty too, and to date I have yet to worry about spyware, or worms. I don't have some ultra fancy shmancy set on the Win machine because I don't care that much about it. Now... I do contracting work at a mid sized Uni from time to time (I work at an ISP), and whenever at the Uni, I would see students' machine flooded with tons of spyware, viruses, you name it they had it. After fixing things for some of these kids while there, a call would come in an hour later, ONE HOUR, same kid, same viruses, same spyware.
See what happens is, people who are using Windows are using it mainly because of ease of use, at least that's my take on it, and it's easy to trick many Windows users to open up stupid mail, get horny guys to open up "Bratney Spears nude!" emails, as well as leechers to swap files a-la kazaa. ... Sorry to say I have no pity on most Windows users. Me I have everything from sparcs to ultras to i386's, and I've NEVER, NEVER, let me repeat, NEVER have gotten spyware, nor a virus. And no... I don't use antivirus software because my home gateway (NetBSD) filters garbage out before it comes in.
Re:From the article.... (Score:5, Insightful)
The story of technology... (Score:5, Insightful)
The story of technology is the story of noble aspirations overtaken by a hard-core huckster reality.
I think that's a little too narrow of a generalization to make about all of technology. But it is a symptom of a larger truth about technology. The story of technology is the story of technical progress outpacing social progress. We have not, as a society, come to a consesus on privacy, security, information as property, and who should regulate these matters. Similar, perhaps tougher, problems in biotech. This characteristic of technology driving questions about social morality is something I don't think was ever seen before the 20th century.
Re:Spam is not that big a problem (Score:3, Insightful)
Re:From the article.... (Score:2, Insightful)
The problem is the end user. Education keeps a computer clean. Linux isn't clean because it has super security, it is clean because it's users are educated (and cus no one writes anything for Linux users as well...I know).
Security has ABSOLUTELY NOTHING TO DO WITH SPYWARE. Spyware is installed when people install other crap and simply don't pay attention. Blame your stupid friends and their stupid parents for wanting to install that dorky little game or download files off of Kazaa. Don't blame Gator and MS. They are just making money off of uneducated people.
How that post can be modded insightful is beyond me...how about flamebait.
Good perspective... (Score:4, Insightful)
As for how widespread the spam problem is, I cannot really opine as to whether the problem deserves the kind of attention that it is getting, as I have had the same email address for well over three years, it is visible on several mailing lists and usenet, and "I have yet to recieve the floods of spam that I so poften see described here on
I'm not claiming to get no spam, as I do recieve two to three unsolicited comercial email adverts per month at my account, sometimes a few more (I once recieved six in one week), and this leads me to believe that there is probably something about one's user habits that either does or does not attract spam.
I'm also sure that one's email provider has an effect on how attractive that address is to spammers. I'm sure that GMX's anti-spam measures do make thier users less attractive to spammers (If you were a spammer, would you put much energy into spamming a domain of email users if you were certain that the domain admins were likely to adjust thier filters before your ad run was complete? or would you concentrate on those domains that left it up to thier users to face the onnslaught alone?)
Email providers would take common sense measures to protect thier users from the most obvious spam with poorly forged headers, email originating from unsecured proxies and open relays, large numbers of identical meassages targeting alphabet blocks of obviously generated addresses, and emails originating from known spam source IPs (not netblocks), as well as applying "learning" filters (Beyesian and/or whatever), allowing users to submit examples, but apparently few providers do this.
Why do people continue to use thier services?
Has anyone here abandoned an email address after it became such a spam magnet as to be nearly unusable?
Re:One way to solve it - stop buying (Score:3, Insightful)
I Allways say that tech control won't work. All the server-side control methods just doesn't work, not only for spam, but for anything. And when i say server side, i actually mean sender-side. For example: A Law that controls SPAM, the m$ idea that there only exists exchanger servers out there, while most of us are at sendmail or postfix, so they try to imposs a server side resitiction based on the false premise that people can modifiy software, and that everyone uses THEIR software. The same with anti-spam laws, a law in one country won't control people outside that country, and since inside the net there are no nationalitys, that won't affect even people in that country, because, again a technical problem, there is no way to control that!.
So, going to the point: the more effective control is in the client-side:
1) Anti-spam soft (call it spamassasin, popfile, etc,etc)
2) Black Lists of Open Relays, known spam senders, etc,etc.
And, the more important ones, DON'T HELP CREATE MORE SPAM:
1) Don't use vulnerable software, like outlook.
2) Don't use software that helps spam or any other kind of e-abuse, fo example: propietary soft that has spyware)
3) Don't register to comercial sites/soft/whatever; since they objective IS to make money, they, or some employee there, will trade with your data for sure.
4) Don't answer surveys that has any relation with commerce.
5) As the parent writer said, DONT BUY from spam, or from sites/people that has any relation with it.
6) DON'T SPAM. This may sound stupid, but many people spam everyday, specially hotmail lusers, when you fordward that stupid joke to all the other assholes on your buddy list, you are:
a) Distributing lists of addresses that man get to
some spammer address.
b) What you send is UNSOLICITED BULK EMAIL, if you want, SPAM.
Re:From the article.... (Score:2, Insightful)
It's not a security problem; the users explicitly asked for the spyware to be installed. They just didn't understand what they were really in for.
Your solution is unrealistic (Score:5, Insightful)
What world are you living in? In the one that I inhabit, advertising is a multi-billion dollar industry. All of that brain sapping drivel pushed out on network television every night creates a captive audience to push sodas, alcohol, cars, and everything else that makes the (Western) world go round.
The fact that you and your friends use Tivo or listen to internet radio stations is only slightly more important than the fact that you use Linux at home. The rest of the world still uses M$ products and buys things because a commercial told them it will get them more pu$$y.
As for e-mail advertising, this is the latest (not even latest, but relatively recent) intrusion of advertising into communications mediums. Until people are willing to PAY for things (e.g. HBO) instead of being cheap greedy hypocrites, advertising will continue to infiltrate all communication and entertainment mediums.
Even when people are willing to pay for things, the advertisements will become more subtle and embedded, with product placements as perfectly nailed in the movie The Truman Show.
And the reason advertising continues to happen in e-mail is that the costs to advertise are getting less and less to the point that now if 1/10000 people buys Herbal Viagra or whatever crap is being sold, then it becomes worthwhile. So good luck convincing 100% of the people to stop buying stuff. Let's come up with realistic solutions.
Re:From the article.... (Score:3, Insightful)
Yet. I hate to say this on here ( this will get me killed THRICE in a very painful way ) but this can be done with proper DRM. It will stop users from installing stuff on their own PC that isn't certified by . That WOULD stop most spyware dead in it's tracks. Of course, we all know MS's history concerning bugs and sooner or later a bug big enough to fly a 747 through which will negate the "only install stuff we tell you to" option of DRM. Which in itself isn't a bad thing...
After all, this IS the NEW YORK TIMES! (Score:3, Insightful)
NYT writers are well known for making things up, so I'm sure that any word about software that would indeed make things better would be considered obviously false and get the writer fired. One must not be quite so obvious about the fraud, so as to get awards rather than fired.
Bob-
Read the license or web to avoid spyware (Score:3, Insightful)
Granted EULAs are usually long and cumbersome and rightfully so, that is what makes most end user just click 'accept' right away. Also if you search the program you want to install on the web you may come up with a review or someone else stating that spyware is installed with it.
A majority of spyware programs are installed with legally questionable software, file sharing. To minimize your chances of installing spyware do not install any "legally" questionable software and read the EULA!
Maybe in your world.... (Score:4, Insightful)
You have to look at this from an abstract viewpoint to realize why nothing works so far (except bayesian filtering - to a limited exent).
You own server X. Out on the internet are servers A, B, C, D, and E. You know that you don't want any mail from D and E because they're spammers. You *might* want mail from C, sometimes but not all the time (a retailer, let's say). Messages from B you'd like to let through because that's your buddy's ISP, but A is a server used by both your friends and spammers (for example, AOL).
Now then, give us a simple algorithm to make sure that you always block D and E as long as they're sending spam, sometimes/never from C, allow from B, and block some mail from A depending on whether or not it's spam.
If that sounds too hard, then just come up with a simple algorithm to determine whether or not an email is spam.
See why it's still a problem
Re:I pity no one (Score:4, Insightful)
Re:From the article.... (Score:4, Insightful)
Get real!
Like it or not - the basic security of the operating system greatly affects the total security for the computer. And like it or not MS Windows is not good in that regard.
Re:Safeguards (Score:2, Insightful)
"Usually I point them to Opensource Projects that are safe to my knowledge"
Am I the only one who see a conflict here?
Re:I pity no one (Score:2, Insightful)
Re:From the article.... (Score:1, Insightful)
Get real yourself.
Re:But the Solution to Spyware is ... (Score:2, Insightful)
"(x) Mailing lists and other legitimate email uses would be affected"
The most I have emailed in bulk is say 5o people. If my computer requires 15 minutes of computation to post to 15 people so what !!! My computer is multitasking, and if I were to send postcards it would cost me much more time and money
"(x) It is defenseless against brute force attacks"
Ammm we are talking Spam, but brute force would require that they do a computation for every post they send. (They not me)
"(x) Users of email will not put up with it"
Well, I can't see why, if it a solution to a problem, why not. It's no skin of the users back.
"(x) Lack of centrally controlling authority for email"
True, but tell that to Linux development. This would only work if It is viral.
"(x) Public reluctance to accept weird new forms of money"
I doubt this point is relevant. In any event, you will use it if that hot chick gave you her email address.
Killer app is all it's about on the internet.
"(x) Huge existing software investment in SMTP"
Very true, but how much is spam costing ?
"(x) Extreme stupidity on the part of people who do business with spammers"
So what, "I" don't want spam and if I and enough like me implement this method of sending mail then It wil be part of the next outlook. The Extreem stupidity" market will upgrade without knowing.
"(x) Armies of worm riddled broadband-connected Windows boxes"
Not relevant, we are talking Spam that keeps showing up in my box. It is relevant if you mean that they will distribute the computation that way. Well, so be it, only a small persentage of the spam should be coming from those boxes. And even they will be bogged down. Currently it has becoe a huge computational task to send simple email. If you increase the computation 100 fold (that is too small still) Considering the drop in hit rate, it will just make it unprofitable.
"(x) Sending email should be free"
But it is, you see, all you will use is waste. 99%+ of most computer time is idle time. It will only cost spammers that send 100 million posts.
"(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical"
This is a discussion on what a future solution may be
"Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work."
?!?!?
Giorgis
People are getting fed up. Congress is listening (Score:4, Insightful)
Not only is the FTC now required to study a do-not-email list, there's even talk of the DMA's worst fear - a do-not-mail list for paper mail. Bills have already been introduced in New York and Massachusetts.
This is the year to go for a do-not-email list with teeth as sharp as the do-not-call list. It worked for fax. It worked for phones. It can work for e-mail. And it's an election year. Keep pushing on your elected officials and the FTC. Push the FTC to implement a do-not-email list. Insist that it include domain-wide opt-out.
And yes, it will work if the law goes after where the money goes. Any competent cop and prosecutor can find out where those Viagra orders get fulfilled and who collects the money. It just takes some routine police work and a few court orders.
Re:Unix not immune.. Just not a target (Score:3, Insightful)
That may help keep someone from running a spyware program called 'ls', but there are plenty of other ways to get someone to run a program.
True, and maybe reasonable for a work machine, but hardly practical for most of us.
I agree that right now, unix programs are generally more secure than the corresponding windows programs. But if the make-linux-just-like-windows-so-that-everyone-wil
Re:Safeguards (Score:3, Insightful)
As for cookies: yes, we all know how they're used to invade your privacy. The question is, how do you prevent it? Scanning for "evil" cookies doesn't catch them soon enough to preserve your privacy -- unless you run the scanner continuously, which will destroy your system performance.
A site can't read or write a cookie unless your browser lets it. So the place to control cookie-related info is in your browser. If you don't trust cookies at all, you simply disable them. But most of us want some cookie functionality, so we forbid third-party cookies, or only allow specific sites to use them. Third-party cookies are assumed to be intrusive -- even if they're not in any adware database!
That means that Doubleclick and other such companies get to write cookies to our drives, but can't read them back. So when I run Ad-Aware and it complains about all those tracking cookies, it's complaining about an issues I've already dealt with.
Re:From the article.... (Score:3, Insightful)
Even if MS did remove some "features" to enhance security, 99.9% of the users wouldn't even notice - most people don't USE these features. Just how many people email
Re:I pity no one (Score:4, Insightful)
I love the hoops people like you will go through to continue running your inferior software. In spite of the fact that mozilla and it's derivitaves are faster, has a better interface(admittedly, it's a subjective matter there, but the fact that it utilizes the middle mouse button to enhance tabbed browsing makes it feel like riding a sport bike vs. the Internet Explorers tricycle), and are infinitely more resistant to widespread viruses and web-borne spyware than IE, and in spite of the fact that mozilla includes pipelining to increase browsing speed even further and native popup blocking which actually works because it blocks only unrequested popups instead of all of them, you decide to go and tweak IE for half an hour so you can keep on using it.
In the same vein are the people who think that there's no reason to go out and get something other than outlook express for their e-mail. sure, if I patch for two hours, then tweak for two more, I can maybe get close to the iron-clad near invunerability to these things I get by using any other mail client or web browser on the planet for a few weeks until another vunerability comes out...on the other hand, I could just use those instead.
But hey, what do I know? Just spend all those hours downloading IE patches, and be sure to come back every day so you are up to date! and download proximatron and MyIE so you can have blocked ads and tabs, and after all those hours of research and downloading....
Re:Simple solution to spy/adware (Score:2, Insightful)
This might have something to do with me running mozilla on linux tho.
For spam, I let spam assassin do its work, and very rarely see spam coming through.
But then again, I can't go back to windows. I am too used to my heavily customised unix-like (in this case gentoo) desktop. So spyware isn't really a concern for me.