Forgot your password?
typodupeerror
Spam The Almighty Buck United States Your Rights Online

The Battle Against Junk Mail and Spyware 312

Posted by michael
from the no-quarter-no-quarter dept.
wildfrontiersman writes "A New York Times editorial by Brent Staples, The Battle Against Junk Mail and Spyware on the Web, laments 'The story of technology is the story of noble aspirations overtaken by a hard-core huckster reality. This process is on vivid display in the debate about electronic junk mail, which makes up more than half of all the e-mail that travels on the Internet.' He criticizes the new spam law, the lack of attention to spyware and how it threatens our beloved internet."
This discussion has been archived. No new comments can be posted.

The Battle Against Junk Mail and Spyware

Comments Filter:
  • Boring. (Score:2, Informative)

    by I'm back (737470)
    Try this link. However, for what it's worth, the editorial can be summarised to "Congress' new law won't work. Won't somebody think of the children!"
    • Re:Boring. (Score:2, Informative)

      by Anonymous Coward
      Try this link [nytimes.com]. However, for what it's worth, the editorial can be summarised to "Congress' new law won't work. Won't somebody think of the children!"
  • by Anonymous Coward on Saturday January 03, 2004 @07:37PM (#7869549)
    for the tin-foil hat crowd, posted AC to avoid Karma-whoring, here. [nytimes.com]
    • For when no google link can be had, use this little javascriptlet [tuxserver.ath.cx], just it to your bookmarks(note that I linked to a document containing the source, just paste it where an URI goes in a bookmark). You usually have to tweak the username and email a little, but that is all. Right now, I am zhfyrw90 on nytimes, but that is only now. I don't even know what the password is....

      javascript:function%20getString(len)%7Bvar%20chars =new%20Array('a','b','c','d','e','f','g','h','i',' j','k','l','m','n','o','p','q

  • Is this the black activist Brent Staples? The guy who wrote "Parallel Time"? If it is, then he seems to really be branching out in terms of subject matter. He's not a regular for the NYT, is he?
    • by Lshmael (603746) on Saturday January 03, 2004 @07:47PM (#7869605) Homepage
      as this biography [pbs.org] (warning, embedded Quicktime!) points out:

      Brent Staples is an editorial writer for The New York Times. He holds a PhD in psychology from The University of Chicago. His memoir, Parallel Time: Growing up in Black and White, was the winner of the Anisfield Wolff Book Award, previously won by such writers as James Baldwin, Ralph Ellison and Zora Neale Hurston.
  • by Aliencow (653119) on Saturday January 03, 2004 @07:38PM (#7869562) Homepage Journal
    A year ago, spyware wasn't nearly as bad as it is now. I was at a friend's house trying to show him some stuff from my gallery on his P4 2.0ghz, and it choked by starting Internet Explorer. 3 toolbars over each other, hard drive spinning like hell because all the ram is eaten up by spyware...

    Had to run Spybot, ad-aware, spybot, ad-aware over and over for like 2 hours while rebooting to get rid of everything...

    At least the latest Norton Antivirus scans some of it and so does Network Associate's antivirus. I wish Trend Micro's would do it too, it probably will soon...
    • by jawtheshark (198669) * <slashdot&jawtheshark,com> on Saturday January 03, 2004 @07:48PM (#7869609) Homepage Journal
      Yes, I know... I have once been called in for someone that didn't manage to run a (quite old game for the time, The Sims if IIRC) on a P-IV 2.0GHz. Indeed, it was unplayable. Task-manager reported 100% usage in idle situation (Windows XP).

      Needless to say: I did like you... Spent hours cleaning the damned thing. Then I did what any sensible person does: download Mozilla, set the skin to IE (so that the idiot users won't notice), enable pop-up blocking, and set it as default browser.

      Never heard any complains of that person again, and he can play The Sims now. Sometimes, people need to be forced to use the right software.

      • Safeguards (Score:5, Interesting)

        by fm6 (162816) on Saturday January 03, 2004 @08:16PM (#7869764) Homepage Journal
        Switching to Mozilla will protect you from abusive BHOs and toolbars. But those are easy to get rid of. The worst -- most tenacious and disruptive -- spyware uses the stupid little "custom features" hooks that Windows is full of. The only way you can completely avoid those is to never download a shareware or freeware app, ever. Somehow, I doubt such a strategy will catch on.

        It doesn't help that spyware databases software databases have gotten so undiscriminating. You run a spyware scanner, and even the best ones raise red flags over stuff that has some of the features of spyware, but simply isn't. These include customer support tools like backweb. Yes, these can be abused, but ultimately anything you install in your system can be abused. It's simply a question of whether you trust whoever provided the software. Gator and Alexa have used up our trust. Backweb and the CS orgs that use it have not.

        There's also the cookie issue. Yes, cookies are a grave threat to privacy. But the solution is in your browser: configure it use a good privacy policy, or if you totally hate cookies, not to accept them at all. Scanning the cookie database is a waste of time. Yet all adware scanners insist on doing it.

        • Re:Safeguards (Score:3, Informative)

          by jawtheshark (198669) *
          Yes, you are right. Let's take the example of Kazaa. Well, that is part of my explanations about spyware... Use freebies and you're screwed. I explain them my philosophy of a stable computer: identify the needs, install what you need, and keep it that way. If you need anything else, ask me, I'll tell you if you can install it safely.
          Yes, this gives me a lot of emails, but it takes 10 minutes to give them a good alternative or give them the "OK".

          For Kazaa, I say "No" and point them to Gnucleus. Yes

          • Re:Safeguards (Score:2, Insightful)

            by DaBj (168491)
            "Well, that is part of my explanations about spyware... Use freebies and you're screwed"
            "Usually I point them to Opensource Projects that are safe to my knowledge"

            Am I the only one who see a conflict here?
    • I pity no one (Score:2, Insightful)

      by segment (695309)

      I run a Windows XP machine for music editing and I use it online plenty too, and to date I have yet to worry about spyware, or worms. I don't have some ultra fancy shmancy set on the Win machine because I don't care that much about it. Now... I do contracting work at a mid sized Uni from time to time (I work at an ISP), and whenever at the Uni, I would see students' machine flooded with tons of spyware, viruses, you name it they had it. After fixing things for some of these kids while there, a call would co
      • Re:I pity no one (Score:2, Interesting)

        by GreyPoopon (411036)
        I've NEVER, NEVER, let me repeat, NEVER have gotten spyware, nor a virus.

        Have you scanned for spyware? I can tell you that all it takes to get spyware is to follow one of the links on http://news.google.com using IE with ActiveX enabled. Needless to say, I don't do ever do this.

        • Re:I pity no one (Score:2, Insightful)

          by AndroidCat (229562)
          It's amazing what a simple script can do with Microsoft's own ActiveX for XMLHTTP and ADODB and moderate permissions. (A favourite was to pull down an exe from a site and save it over wmplayer.) That hole might be patched, but Microsoft thinks nothing of throwing its own signed ActiveX on machines without giving them a proper security audit.
      • Re:I pity no one (Score:3, Informative)

        by jawtheshark (198669) *
        You shouldn't pity clueful users that get spyware. You should however help correctly. That is protect them from their own cluenessless.

        Typically, this is install adaware to get rid of the junk, and then patch their goddamned systems. Install Mozilla, set it default give it an IE skin, block popups and remove iexplore.exe from their system. Set firewall (of your choice), add an AV ( http://www.grisoft.com for a free as in beer one) and explain the basics. Scare the crap out of them by exaggerating a b

        • Re:I pity no one (Score:3, Informative)

          by trauma (62841)
          I'm with segment above, I've never used any browser beside IE since it surpassed Netscape Navigator in features years ago, and I also have never ever picked up spyware from surfing. (I have installed freeware utilities that came with spyware, which is promptly caught and cleaned by Ad-Aware or Spybot or Hijack This!.) And I have not entirely disabled VBScript or Javascript.

          While IE does install with some less-than-prudent default settings, it's a simple matter to change them. Stating that the solution i
          • Re:I pity no one (Score:4, Insightful)

            by Sj0 (472011) on Sunday January 04, 2004 @03:33AM (#7871591) Homepage Journal
            Are you done being an elitist prick? Good, it's my turn. I hate to say it, but you're the one with the stupid slashdot attitude, The same one that keeps the linux myth alive: "It doesn't matter if it's broken so badly you can barely use it, WE CAN FIX IT! So what if it takes two hours just to patch and another hour of research to secure? So what if using something else would take an hour tops to download(we're talking 7Mb vs. hundreds), and would render me completely immune to these problems? WE CAN FIX THIS AND USE IT!"

            I love the hoops people like you will go through to continue running your inferior software. In spite of the fact that mozilla and it's derivitaves are faster, has a better interface(admittedly, it's a subjective matter there, but the fact that it utilizes the middle mouse button to enhance tabbed browsing makes it feel like riding a sport bike vs. the Internet Explorers tricycle), and are infinitely more resistant to widespread viruses and web-borne spyware than IE, and in spite of the fact that mozilla includes pipelining to increase browsing speed even further and native popup blocking which actually works because it blocks only unrequested popups instead of all of them, you decide to go and tweak IE for half an hour so you can keep on using it.

            In the same vein are the people who think that there's no reason to go out and get something other than outlook express for their e-mail. sure, if I patch for two hours, then tweak for two more, I can maybe get close to the iron-clad near invunerability to these things I get by using any other mail client or web browser on the planet for a few weeks until another vunerability comes out...on the other hand, I could just use those instead.

            But hey, what do I know? Just spend all those hours downloading IE patches, and be sure to come back every day so you are up to date! and download proximatron and MyIE so you can have blocked ads and tabs, and after all those hours of research and downloading.... ...well, I'll be asleep, because unlike some of the people who are in denial and would rather not, for some unfathomable reason, use a modern web browser, I downloaded the 5mb k-meleon a month ago, and really haven't done much else since. Look ma! No spyware! The alpha layer PNGs are really nice too. :P
      • Good news! (Score:3, Interesting)

        by fm6 (162816)

        After fixing things for some of these kids while there, a call would come in an hour later, ONE HOUR, same kid, same viruses, same spyware.

        Hmm, I see a bright side to this. Some of us (especially me) are cynical about Linux's chances of replacing Windows on the desktop. But that doesn't mean we wouldn't like to see it happen.

        Now, Windows is well-entrenched because it's what the current user base is used to. We can't get them to budge because we can't persuade them that the change is worth the effort. Bu

    • At least the latest Norton Antivirus scans some of it and so does Network Associate's antivirus. I wish Trend Micro's would do it too, it probably will soon...

      Trend Micro's OfficeScan already detects spyware and spyware based javascript, it's been doing it for at least a year now. Unfortunately, it can't always kill the spyware; my logs show it quarrantining the spyware only to have the spyware reinstall itself and repeating this process each morning several times, but the spyware is winning out.
    • by King_TJ (85913) on Saturday January 03, 2004 @10:11PM (#7870265) Journal
      I can personally attest to this. I've been doing on-site PC service for a local company for the last couple months, and our #1 call by far is for problems that end up being spyware/ad-ware related.

      In my experience, SpyBot works extremely well, but it has a few quirks in its interface that lead people to not get everything cleaned up that it can clean up.

      Most importantly, when it finds spyware it tells you requires a reboot to remove, you'll notice that it rescans everything during the system restart. The thing is, though, it isn't *removing* everything during this stage. It's only setting itself up so it *can* remove what it finds successfully, if you click to "fix problems" on its console window after everything finishes and the Windows desktop comes back up!

      Also, I'm seeing more and more virii/trojan horse type infections that are smart enough to kill processes of any known virus scanner. These wouldn't have the chance to infect a PC in the first place if people kept their virus scanner running and updated, but many people don't. Then when someone like myself comes in and tries putting an updated one on the PC, the install won't even complete successfully. (This also manifests itself as a scanner that shows itself as "disabled" in the system tray, but which won't ever stay enabled when you try to toggle it back on.)

      I'm at a loss as to why Symantec, McAfee, AVG, and the other popular scanners don't allow doing a "reboot and scan/remove virii before system startup", so the virus code can't get a jump on the scanner??
    • I am a full time Linux user, however I am always drafted to work on my families trashed Windows computers. Anyway after a long hard search I found good freeware solutions for detecting & removing Keyloggers and Spyware.

      These are also good if you want to safely use a strange machine. These are the programs:

      SpyBot S&D safer-networking.org [slashdot.org]
      Pest Scan pestscan.org [slashdot.org]

      Keylogger Hunter http://www.styopkin.com/keylogger_hunter.html [styopkin.com]
  • Even though spyware may be annoying, it's the price that must be paid to allow for a more user-friendly computer. The more we automate our PC's, the less control we have over what runs on them. Or, one could buy a Mac and forget about it entirely...
    • by pla (258480) on Saturday January 03, 2004 @07:52PM (#7869639) Journal
      Even though spyware may be annoying, it's the price that must be paid to allow for a more user-friendly computer.

      Care to justify that stance?

      When visiting someone who asks me to help them with some computer-related task, as my very first action I download and run AdAware. It usually find at least 30-40 scattered chunks of spyware (I've seen in the thousands more than once), with perhaps half a dozen actual fully-functioning programs (the abundance of spyware has the amusingly ironic side effect that they all tend to break one another over time).

      After removing all the spyware found, the computer's owner without fail notices the improved responsiveness and reduced desktop and browser clutter. I have not once had someone then ask me annoyedly where their "favorite" browser hijack vanished to; more often, I get a thankful "Oh, you finally got rid of that damn thing... I agreed to it from some website a few months ago, and no matter what I do couldn't make it go away".


      So, what part of any of the above do you believe makes a computer more user-friendly?
      • by Zocalo (252965) on Saturday January 03, 2004 @08:11PM (#7869739) Homepage
        Care to justify that stance?

        I can think of one, just ONE example where this is the case. The Google Toolbar [google.com]. It's an incredibly useful thing if you can use it (only works with IE5.5 or better) but it does contain one optional feature what might be classed as "Spyware". Specifically, in return for providing Google with some details of your browsing habits you gain access to some PageRank related features. Google does however provide extensive clickthroughs and documentation that detail just what this entails, which is more than most of the crap out there with a penchant to phone home.

    • "Or, one could buy a Mac and forget about it entirely... "

      You can forget about a lot entirely if you go that route. Not saying Mac is unusuable, but computers are general purpose machines, and the more general, the more attractive they are.
  • by BWJones (18351) on Saturday January 03, 2004 @07:46PM (#7869599) Homepage Journal
    The new spam law does nothing about the invisible programs that invade our computers as we move from one Web site to the next. These insidious programs -- variously known as adware, spyware and snoopware -- can cause computers to call up aggressive ads or can actually track a user's movements through the Internet for use by marketers later on. The most sinister programs can record everything the user does, whether offline or surfing the Net.

    And what the article does not discuss at any length is that we have Microsoft security (or lack thereof) to blame for most of the spyware problems. If Windows had better security, then most of these problems would not be there to the same degree as they currently are.

    • I think if Windows had better security, it would lose much of its user-friendliness, which is its primary appeal. MS takes a lot of heat over security, but I think they are just delivering what the market wants. If they made Outlook "secure", there would be an immediate uproar by 99.9% of users over the loss of functionality.
      • I think if Windows had better security, it would lose much of its user-friendliness, which is its primary appeal. MS takes a lot of heat over security, but I think they are just delivering what the market wants. If they made Outlook "secure", there would be an immediate uproar by 99.9% of users over the loss of functionality.

        You should try OS X [apple.com] and see what you have been missing. You get security with true plug and play compatibility and ease of use.
      • Um, you can have "user-friendliness" AND security. Look at OSX. So far, I haven't heard of anyone that enjoyed getting viruses and worms, or loved reinstalling the OS every 6 months due to crappy MS software. Users don't have a choice when it comes to security on Windows. They only get the lack of it. Most of the security problems in IE / Outlook can be solved without losing ANY functionality at all.

        Even if MS did remove some "features" to enhance security, 99.9% of the users wouldn't even notice - most pe
    • by recursiv (324497) on Saturday January 03, 2004 @07:51PM (#7869631) Homepage Journal
      Yes they would be. No operating system security can stop a user from being an admin and installing unintentionally (but intentionally from the perspective of the OS) malware.
      • Yes they would be. No operating system security can stop a user from being an admin and installing unintentionally (but intentionally from the perspective of the OS) malware.

        No they would not be (and they are not). Operating systems should not allow root access or even administrator access for certain functions (like installing software) without explicitly notifying the user of said installation and requiring an administrative password or phrase.

        • No they would not be (and they are not). Operating systems should not allow root access or even administrator access for certain functions (like installing software) without explicitly notifying the user of said installation and requiring an administrative password or phrase.

          Unfortunately, spyware is smarter than Microsoft. The spyware installs even if the user has NO administrative rights. What makes it even harder is that to remove the spyware, you do need administrative rights, thus you can't have use
        • by Anonymous Coward
          Spyware typically does explicitly notify the user. They just happily click on "Next" or "Agree" along with all the other license agreements to get to their neat new free program which came with bundled spyware.

          It's not a security problem; the users explicitly asked for the spyware to be installed. They just didn't understand what they were really in for.

      • No operating system security can stop a user from being an admin and installing unintentionally (but intentionally from the perspective of the OS) malware.

        Yet. I hate to say this on here ( this will get me killed THRICE in a very painful way ) but this can be done with proper DRM. It will stop users from installing stuff on their own PC that isn't certified by . That WOULD stop most spyware dead in it's tracks. Of course, we all know MS's history concerning bugs and sooner or later a bug big enough to

        • When Microsoft uses this as a DRM motivator, keep in mind that this doesn't have to be strict DRM. All you need is a really really obvious "This is uncertified software, are you sure you want to install? *click* Are you really sure?" warning to deter spyware. The EFF or some other benign organization could easily provide this certification.
    • by Lshmael (603746) on Saturday January 03, 2004 @07:53PM (#7869650) Homepage
      The spyware problem is not a Windows security problem so much as an Internet Explorer security problem. While the insecurity of the operating system is a problem that aids malware in general, having a more secure browser would help this. The improvements to Internet Explorer [microsoft.com] due to appear in Service Pack 2 should help stop the spread of spyware somewhat.
      • Thanks for the link - that is interesting. For those that didn't read it, the binaries with SP2 are going to be recompiled with protection to prevent buffer overruns. But what I'm curious about is this - closing ports except when they are in use, How are they going to know what services you want to have listening and which ones you want shut down? And it they don't mean listening services, then isn't the port closed when it isn't in use anyway?
      • The spyware problem is not a Windows security problem so much as an Internet Explorer security problem. While the insecurity of the operating system is a problem that aids malware in general, having a more secure browser would help this.

        The point you make is valid, but applications should not have the degree of uncontrolled access to the OS as they currently do in Windows.

        The improvements to Internet Explorer due to appear in Service Pack 2 should help stop the spread of spyware somewhat.

        However, this
        • I would much rather have an OS that I can depend upon for security and that will not require me to spend lots of money and time on administration.

          Not to troll (I really like OSX) but Apple has been bad with this in OSX, requiring you to buy an upgrade to get some patches. MS is actually better about that - their patches are free. Yes, I know that the OSX upgrades have new features too, but sometimes I don't need them - I just need the bug patches.
    • by Anonymous Coward
      Absolutely not the fault of MS. How can you blame a company for allowing people to use its product as they wish? I have had exactly ZERo spyware/spamware/adware whatever products on my computers. None are in my office and none are on my local friends computers. All it takes is simple education. You cannot blame anyone except for the stupid user who said yeah I will install this random program that pops up when I go to a porn site or whatever.

      The problem is the end user. Education keeps a computer clean. Li
    • by fermion (181285) on Saturday January 03, 2004 @08:11PM (#7869738) Homepage Journal
      To be fair, it is not specifically a Windows problem. If Macs had even 25% of the market, someone would write mac centered spyware. A certain number of users would voluntarily install the new code, some may even type in thier password to give the code access to thier systems,and the games would be on.

      Of course, such code would not have the luxury of tailoring itself to outlook/IE. It would have to learn to work with mail/Safari, neither of which are as instrusive as the MS counterparts.

      I leave it as an excersise to the reader as to whether Safari is as much annoyware as IE, or if the OSS base of Safari gives it an edge.

  • by mr_lithic (563105) on Saturday January 03, 2004 @07:47PM (#7869607) Homepage Journal
    I assume that spam is one of the last places where people believe that an ad driven business model will survive.

    In most other forms of media, it seems that advertising has had its day. Television is no longer able to subject us to ads and is threatened, Radio ads in internet radio are able to be skipped. So we only have to deal with the advertisements that arrive in our inbox.

    There are a variety of ways of dealing with this detritus, the easiest one is make it a social stigma to admit to buying anything from spam.

    Have any enlargements or pharmaceuticals ever been sold using this method? Has anyone ever received one of these messages and replied and then eagerly waited for their postie to drop by with their delivery of "Hot Teens"?

    Turn Spam purchasing into the Venereal Disease of the new century and it will cost these folks more to send the messages than is returned in sales.

    Legislation is pointless in an area where geography is no longer a method of control.

    • Yeah, kinda like how the shameful stigma of buying or watching porn has made it difficult to obtain and rarely advertised in our society.
    • I do not think that if you are buying "enlargement pills" or "hot teens," you are going to admit to it, regardless of whether you bought it from a spam message or searched it out yourself.
    • by Deadstick (535032) on Saturday January 03, 2004 @08:01PM (#7869689)
      There are a variety of ways of dealing with this detritus, the easiest one is make it a social stigma to admit to buying anything from spam.

      -Hey, nice pecker stretcher, and those pictures of the guy with the goat are really cool. Where'd you get 'em?

      -I ordered them from a spam ad.

      -You PIG!!!

      rj

    • The SPAM will work if only one person in 10,000 si dumb enough to buy it. We whould be lucky if only one person in ten is clueless. Getting to where only 0.01% of the population is clueless is impossible.

    • You really have a point!.
      I Allways say that tech control won't work. All the server-side control methods just doesn't work, not only for spam, but for anything. And when i say server side, i actually mean sender-side. For example: A Law that controls SPAM, the m$ idea that there only exists exchanger servers out there, while most of us are at sendmail or postfix, so they try to imposs a server side resitiction based on the false premise that people can modifiy software, and that everyone uses THEIR software
    • by dekashizl (663505) on Saturday January 03, 2004 @08:44PM (#7869877) Journal
      I assume that spam is one of the last places where people believe that an ad driven business model will survive. In most other forms of media, it seems that advertising has had its day.

      What world are you living in? In the one that I inhabit, advertising is a multi-billion dollar industry. All of that brain sapping drivel pushed out on network television every night creates a captive audience to push sodas, alcohol, cars, and everything else that makes the (Western) world go round.

      The fact that you and your friends use Tivo or listen to internet radio stations is only slightly more important than the fact that you use Linux at home. The rest of the world still uses M$ products and buys things because a commercial told them it will get them more pu$$y.

      As for e-mail advertising, this is the latest (not even latest, but relatively recent) intrusion of advertising into communications mediums. Until people are willing to PAY for things (e.g. HBO) instead of being cheap greedy hypocrites, advertising will continue to infiltrate all communication and entertainment mediums.

      Even when people are willing to pay for things, the advertisements will become more subtle and embedded, with product placements as perfectly nailed in the movie The Truman Show.

      And the reason advertising continues to happen in e-mail is that the costs to advertise are getting less and less to the point that now if 1/10000 people buys Herbal Viagra or whatever crap is being sold, then it becomes worthwhile. So good luck convincing 100% of the people to stop buying stuff. Let's come up with realistic solutions.
    • by Jonathan Quince (737041) on Saturday January 03, 2004 @09:16PM (#7870023) Homepage

      The boycott you propose has already been around for a long time. It's called the "Boulder Pledge". Unfortunately, it doesn't work.

      The people who advertise through spam are fly-by-night operations. They typically hope to make a quick buck by shoving a message at a million people and getting a 0.0001% conversion rate. (Do the math.) Often they aren't even the ones with products to sell; rather, they're "basement operations" with little in the way of resources or business sense hawking merchandise on behalf of the less-reputable amongst affiliate programs.

      The people who make the real money off spam don't make the money selling stuff through spam. Instead, they get paid by aforementioned fly-by-nights to send the spam. They are the few fat sleazeballs sitting at the top of the pyramid being supported by everybody else. Just ask Alan Ralsky (if you can get a letter through to him under the massive number of catalogues he receives).

      This convoluted chain of middlemen is the reason why normal market forces haven't stamped out spam, even though spam is net unprofitable. Losers pour money into the spam system and are dealt out of the game with a high turnover rate; but there are always enough new losers coming in to keep the system afloat. Meanwhile, professional scam artists know every trick in the book to squeeze money out of an activity that truthfully causes a net loss for everybody else involved.

      From the fly-by-nighters lured in by the promise of easy riches and duped into paying hard cash for spam advertising to the victimized ISPs and end users who have server, bandwidth, and support costs shifted to them, everybody else comes out in the red anyway. So how, exactly, is a boycott supposed to work?

  • by Detritus (11846) on Saturday January 03, 2004 @07:49PM (#7869615) Homepage
    At least for the moment, a medium that was hailed as the ultimate venue for education and self-improvement is mired in the age-old conflict between the salesman who wants his foot in the door, no matter what, and the angry person who wants nothing more than to be left alone.

    Both problems, the spammer and the salesman, can be solved with the use of a good 12-gauge shotgun.

    Trespassers will be shot. Survivors will be shot again.

  • It's getting sad (Score:5, Insightful)

    by hodet (620484) on Saturday January 03, 2004 @07:50PM (#7869621)
    I used to help out friends and family all the time removing viruses and ad-ware but I have put a stop to it unless they specifically ask for help and bring me their computer. The stuff is getting ridiculous and the average user couldn't care less.

    I was visiting my parents when they got their Dell and out of the box it required over 20Mb of security fixes and had a virus scanner (Mcafee) that was set to explode after 90 days if they didn't subscribe and the firewall off by default. Oh and of course their account that they setup with the instructions made them an administrator. We got that patched up and hardened quickly but your average Joe who buys a system and plugs it in is just a sitting duck and he has no clue. It's pathetic that companies like Dell can't harden the things a little before shipping them out.

  • by Gldm (600518) on Saturday January 03, 2004 @07:51PM (#7869623)
    Given what it's costing companies to reduce spam, and what they're paying in network bandwidth, wouldn't it be more economical to just hire people to track down the major spamers and then just post 10 million dollar international bounties on each head? I bet it'd cut the spam level alot more effectively for alot less money.

    As for spyware, maybe it's just me, but how about say, not letting files download onto your local disk and set up with executable permissions? You'd think that maybe a modern OS would have some kind of setting to disable this kind of thing? Maybe even just lock out c:\program files\ from being able to create new directories? Yeah I didn't think so. I'm sure the new "security focused" development has better things to secure than the filesystem from malicious executables, because we all know this is a new and infrequent problem right?

    One of these days I'll run into someone who gives you these "free offers to improve your life" and talks about how beneficial they are. Then I'll give them some nice theraputic blows to the face to increase the supply of oxygen giving blood to the skin. Look, it works! I can see it turning purple with extra blood now. You should thank me for preemptivly solving a case of skin irritation from lack of bloodflow. How about I remove some of those teeth so you're protected from dangerous cavities too?
  • by NoData (9132) <{moc.oohay} {ta} {_ataDoN_}> on Saturday January 03, 2004 @07:54PM (#7869656)
    From article:
    The story of technology is the story of noble aspirations overtaken by a hard-core huckster reality.

    I think that's a little too narrow of a generalization to make about all of technology. But it is a symptom of a larger truth about technology. The story of technology is the story of technical progress outpacing social progress. We have not, as a society, come to a consesus on privacy, security, information as property, and who should regulate these matters. Similar, perhaps tougher, problems in biotech. This characteristic of technology driving questions about social morality is something I don't think was ever seen before the 20th century.
  • See it all the time- (Score:5, Interesting)

    by IWantMoreSpamPlease (571972) on Saturday January 03, 2004 @08:04PM (#7869705) Homepage Journal
    I do tech support for ~10,000+ clients. When Windows 98 was common, the biggest problems were stability and trying to keep it that way.

    Now that win2k (and winxp) is out, the stability issue has been resolved. Now the most common thing I see is tons of spyware slowing the PC down to a crawl (obligatory slashdot humor: The difference between a PC infested with spyware that crawls, and Windows XP hogging all the resources making the PC crawl, is sometimes hard to discern.)

    And of course lovely viruses from that oh-so-wonderful default-installed e.mail program, Outlook Express.

    Most (nearly all) the *major* spyware issues stem from PEBKAC, a little knowledge (on the end-users part) would go a long way, but much of the spyware out there cloaks itself in "official" looking popups, all happily Verisigned, which can sometimes even trip up sys admins.

    The next version of windows is rumored to fix this (to what extent is unknown) but undoubtedly will introduce a ton of new spyware.

    Now isn't it nice that we BeOS and *nix users are immune to all that crap? I know I'm glad I use BeOS.
    • Why do you say you are immune? Ever hear of installing a program as a user, in your home directory?

      Sure, it wont effect other users directly, but it will still slow down the machine and waste bandwidth...

      Sure, *nix users arent targeted yet so we are safe for now. But we cant *just* sit back and laugh...
      • Why do you say you are immune? Ever hear of installing a program as a user, in your home directory?

        For that to work, there are two requirements:

        • That either the current directory or part of your home directory is in your path.
        • That /home and /tmp (plus any other user writable areas) are not mounted noexec

        If unix become popular on the desktop there would be viruses. However, unix browsers and email clients tend to be more secure then Internet Explorer and Outlook. Hopefully, one wouldn't see the

        • For that to work, there are two requirements:


          • That either the current directory or part of your home directory is in your path.

          That may help keep someone from running a spyware program called 'ls', but there are plenty of other ways to get someone to run a program.

          • That /home and /tmp (plus any other user writable areas) are not mounted noexec

          True, and maybe reasonable for a work machine, but hardly practical for most of us.

          I agree that right now, unix programs are generally more secure than t

      • Yes, but since configuration information is neatly distributed on unix systems, you can easily clean up when something goes wrong. Yes, it's theoretically possible to make windows software that works this way, but most vendors don't do it this way, in part because Microsoft encourages them to do the opposite.
      • Sure, *nix users arent targeted yet so we are safe for now. But we cant *just* sit back and laugh...

        Ha, jokes on you! My BeOS system will probably never have to deal with it and neither will my friend's OS2 system!

        Gotta love nearly dead OSes!
  • by Pendersempai (625351) on Saturday January 03, 2004 @08:08PM (#7869723)
    Most acts detrimental to the free state, such as murder, can be solved to within an acceptable degree by simply illegalizing it. Deterrence acts on would-be offenders, and the number of murders in the country is small enough that it generally does not disrupt life for most of us.

    Spam works by entirely different rules. It is not enough to deter MOST spammers. It takes only a sufficiently capable handful to bring the mail systems of the entire country to their knees. The economies don't work in the same way: a typical murderer affects the lives of anywhere between one and a hundred people; a spammer affects between one and a hundred MILLION every week.

    So relying on a citizen to be rational -- to realize that it's not in his best interest to spam, given the consequences -- will not work. There are more irrational actors than it takes for spamming to remain alive and well. There must be some sort of technological barrier in place -- with the support of the law, I believe -- to ensure that even these irrational actors are incapable of spamming.

    What are some examples? Require by law that all ISPs -- be they mom and pop shops, tremendous corporations, or colleges and universities -- provide information in an email sufficient to identify the sender. Then prosecute the ISP harshly if it allows a user to spam; hopefully, ISPs can be deterred more consistently than individuals. Overseas ISPs are obviously beyond this jurisdiction, but the FCC might take it upon itself to publish a list of overseas ISPs that comply, and recommend blocking all that don't.

    Alternatively, institute a microcharge on email -- be it monetary or computational -- to disrupt the economies of scale. When a user receives an email from an address not on his whitelist, his computer (or the ISP's) responds with an NP-hard computation problem that the sender's computer must solve before the email is delivered. Solving one -- or one hundred -- such problems would be no problem for a user's computer, but solving one to one hundred million would be much harder. Spamming would require computation like Japan's Earth Simulator to pull off, and the amount of computation might scale each year according to Moore's Law.
    • Alternatively, institute a microcharge on email -- be it monetary or computational -- to disrupt the economies of scale.

      Spam is coming from zombied hosts these days, computational charges will be distributed to the point that they are useless. Monetary charges will destroy mailing lists like the numerous developer lists I subscribe to.

      I believe there is a way to stop spam without any government intervention. We can make it so that spamming only costs the spammer money. I believe the widespread use o

  • by PeepSquat (120181) on Saturday January 03, 2004 @08:09PM (#7869728)
    mayebe I dont remember the law very well, but wasn't there some type of law back like 20 or more years that made it illegal to steal computer time. This applied mainly to mainframes. Couldn't this be applied to spyware,adware, and snoopware, stealing computer time on pc's?
    • Regardless of whether there is or there isn't, the problem is, you generally agree to the "stealing" of your computer time in some obscure clause in the user agreement that you accept when you install a spyware-infested program. Always read the agreement throughly!
  • by Samuel Duncan (737527) on Saturday January 03, 2004 @08:17PM (#7869765) Journal
    I still remember the stories of my grandfather who worked at the federal post office how the amount of advertisment letter rised with the introduction of railway post transport.
    Before that messengers on horses of coaches had to be used. This had the effects that letter where relatively expensive and traveled very slow (4 months from east to west coast). And it was insecure due to hostile natives.
    However all this changed with railway post transport. And so the amount of advertisment letter increased greatly. It even delayed the transport of legit letters, so that the post office had to use special (more expensive) rates for advertisment transport to keep to flood under control. Note that hiding advertisment letters as normal ones didn't work: the post offices clerk were allowed to open every letter and check which they really did regulary.
  • by bigberk (547360) <bigberk@users.pc9.org> on Saturday January 03, 2004 @08:21PM (#7869781)
    If you know what you're doing with email, and use a statistical filter such as spamprobe [sourceforge.net] (or SA/other bayesian) from procmail, consider joining the community wpbl experiment [pc9.org]. This is essentially an IP blocklist built automatically, in real-time, from many statistical filters (no manual user action ). IPs from mail are automatically extracted, classified as spam or good by your bayesian filter, then reported to the central server 24 hours a day. This is not like spamcop.
    • Thanks.

      I like this approach, and will likely participate, but I do wonder how the project can avoid malicious data poisoning using zombie submitters and forged examples.

      • I like this approach, and will likely participate, but I do wonder how the project can avoid malicious data poisoning using zombie submitters and forged examples.

        Data contributors are tightly controlled. All contributors are screened, and authentication is involved in any data injection into the database. There is no anonymous data submission, ever. Also, the database requires reports of IPs sending non-spam making it easier to locate abusers of the system (who deviate seriously from the norms). Yes, a

  • by qtp (461286) on Saturday January 03, 2004 @08:21PM (#7869783) Journal
    It's seldom that a well reasoned analysis of the spam debacle makes it to the pages of the mainstream press, but the discussed article is well reasoned and quite to the point in emphisizing that this issue (unwanted advertising) is nothing new.

    As for how widespread the spam problem is, I cannot really opine as to whether the problem deserves the kind of attention that it is getting, as I have had the same email address for well over three years, it is visible on several mailing lists and usenet, and "I have yet to recieve the floods of spam that I so poften see described here on /.

    I'm not claiming to get no spam, as I do recieve two to three unsolicited comercial email adverts per month at my account, sometimes a few more (I once recieved six in one week), and this leads me to believe that there is probably something about one's user habits that either does or does not attract spam.

    I'm also sure that one's email provider has an effect on how attractive that address is to spammers. I'm sure that GMX's anti-spam measures do make thier users less attractive to spammers (If you were a spammer, would you put much energy into spamming a domain of email users if you were certain that the domain admins were likely to adjust thier filters before your ad run was complete? or would you concentrate on those domains that left it up to thier users to face the onnslaught alone?)

    Email providers would take common sense measures to protect thier users from the most obvious spam with poorly forged headers, email originating from unsecured proxies and open relays, large numbers of identical meassages targeting alphabet blocks of obviously generated addresses, and emails originating from known spam source IPs (not netblocks), as well as applying "learning" filters (Beyesian and/or whatever), allowing users to submit examples, but apparently few providers do this.

    Why do people continue to use thier services?

    Has anyone here abandoned an email address after it became such a spam magnet as to be nearly unusable?

    • by miquels (37972)
      Has anyone here abandoned an email address after it became such a spam magnet as to be nearly unusable?

      Well, my inbox consolidates my own account that has existed from 1995, and several support accounts, and I get around 1500-2000 spams per day in that inbox. Fortunately 99% of that is filtered by spamassassin, but it's getting worse and worse.
  • by k4_pacific (736911) <k4_pacific@yaCOUGARhoo.com minus cat> on Saturday January 03, 2004 @08:22PM (#7869790) Homepage Journal

    If there is spyware sending out packets, one could presumably see what IP address they are going to and maybe even reverse engineer their data format. Then someone could write a program which sends their servers spy packets containing meaningless or misleading information, thereby screwing up whatever market research they are trying to do. Maybe we can create some fake correlations between unrelated items, after all, unlikely correlations come up often enough in real life, like diapers and beer [google.com], that they may not catch on until long after their databases are completely cluttered with meaningless crap.

  • Irony (Score:4, Interesting)

    by Anonymous Coward on Saturday January 03, 2004 @08:38PM (#7869853)
    The irony is that at the end of the NYT article, if one inspects the source code, there is this little gem of javascript code from:

    http://www.nytimes.com/js/s_code_remote_sampling .j s

    This fetches a few pieces of data and sends it back to 2o7.net in the form of a URL for a 1x1 gif.

    Anyone care to reverse engineer this code and see what it's reporting back?
  • by thedbp (443047) on Saturday January 03, 2004 @08:44PM (#7869879)
    Buy a Mac.

    I'm not trolling, nor am I evangelizing, but the truth of the matter is, out of the box, Macs are FAR less prone to be susceptible to any of these nefarious internet annoyances.

    Spyware: practically non-existant for Macs, and any application needs to be manually copied or installed w/a password verification, so nothing gets by without you knowing it (assuming you trust every user of your computer).

    Spam: Mac OS X's built in Mail client has an excellent and easy to use spam filter built in, and in the 2.5 years I've had my .Mac email addy, I haven't had a bit of spam come thru at all.

    PopUps - Not only can you block pop ups in the default browser Safari, most of the pop up ads are themed to look like Windows dialog boxes, so they're easy to spot as advertisements and whisk away with a single click.

    Just my 2
  • by qtp (461286) on Saturday January 03, 2004 @08:53PM (#7869921) Journal
    Is there a correlation between spam and spyware?

    Does any spyware collect email addresses from adress books?

    Does any spyware submit the user's address with it's data?

    Do people who's machines are or have been infected with spyware get more spam?

    Just wondering.

    It seems that spyware that tracks a users web viewing habits would be a no brainer as a data feed for a targeted spam operation.

  • by samdaone (736750) <samdaone@hotmail.com> on Saturday January 03, 2004 @08:54PM (#7869928) Journal
    Most apps that install spyware usually have something in their license that says "we have the right to install whatever we want on your system". When a license says something like that I usually back away and not install it. There is a certain sense of apathy where people no longer read the End User License Agreement, but with freedom, and freedom from spyware, you must read the EULA and make sure a phrase like this is not present.

    Granted EULAs are usually long and cumbersome and rightfully so, that is what makes most end user just click 'accept' right away. Also if you search the program you want to install on the web you may come up with a review or someone else stating that spyware is installed with it.

    A majority of spyware programs are installed with legally questionable software, file sharing. To minimize your chances of installing spyware do not install any "legally" questionable software and read the EULA!
    • Most apps that install spyware usually have something in their license that says "we have the right to install whatever we want on your system". When a license says something like that I usually back away and not install it.

      That isn't always an option. When I saw a Gator EULA pop up during a recent DivX codec install, I immediately clicked "NO". I got a second Gator EULA, and I clicked "NO" to that one, too. The fscking Gator crap installed anyway. I tried uninstalling the codec, which removed the c
    • A majority of spyware programs are installed with legally questionable software, file sharing. To minimize your chances of installing spyware do not install any "legally" questionable software and read the EULA!
      Well, sometimes you don't have a choice. Microsoft regular makes "improvements" to their EULAs and the only way to avoid them is to not install it or any further security fixes; which is not an option. Yet another reason why I run Unix.
  • by KalvinB (205500) on Saturday January 03, 2004 @09:33PM (#7870109) Homepage
    Spammers need images to get past word filters and to make an ad "stand out." Images can't be sent with the e-mail so src tags are used. href tags are also used for links they expect people to click on. "http://" is a unique identifier that absolutly cannot be obfuscated or it will not work. You can add a lot of junk before an @ symbol but eventually the real link must be there. Simply block that link and poof, no more spam from spammers advertising using that domain. You can block countless spammers by blocking a single 100% unique URL that no legitimate e-mail will ever contain.

    The full write up [icarusindie.com] of my take on what I see as horribly flawed ways to combat spam and source code for the custom programs I use to strip links out of e-mails.

    I have an example of spam posted there where everything is just a mess in the e-mail. The headers are forged, the text is all obfuscated. But there, clear as day is an "HTTP://"

    Poof, killed the spam domain. And there's no way to circumvent my method except by not having links of any form in the e-mail. If you put a link in a spam, I will find it and I will block it.

    Ben
    • You're wrong. Images can be included in the body of the message. Each one is a mime-attachment, and has an ID to which the IMG tag referrs. You can get a whole HTML-email full of images and have it completely self-contained in a single email message, without the need to contact any external server.
      • Spammers can't get away with e-mailing millions of messages if they're too large.

        It would take 10 months or more to e-mail a message with a 20KB image 25 million times on a typical high speed connection. By referencing images off of hosts they can send the same number of messages in a week and the hosts can serve up the bandwidth required in half the time it takes to send the e-mails.

        Ben
  • by sjames (1099) on Saturday January 03, 2004 @09:45PM (#7870160) Homepage

    Really, many things together contribute to this problem. In no particular order:

    A rabid consumerist/capitalist economy. Everyone wants you to buy something. Everyone NEEDS you to buy something or the whole thing unravels.

    As a result, advertising in general has become a tragedy of the commons. It's so pervasive that it's becoming ineffective. Nearly everywhere you turn, there's an ad for something. Most advertising doesn't even improve sales, it just keeps them from slipping. The culture of advertising has gotten so embedded in business that few have realized that superbowl ads are usually a net loss. Perhaps the crassness of spam would turn off the 1/10th of a percent who buy if all other advertising wasn't so crass.

    A general acceptance of legalese. If products carrying a EULA over three paragraphs (normal paragraphs) long or using words that have not otherwise been in use for 3 centuries was simply rejected, there would be none. With EULAS cut short, there'd be no fine print on page 123 to hide the spyware disclosure in.

    Another way to accomplish that would be for the legal system to admit that it's just not practical (or even financially possible) to hire a lawyer everytime someone shoves a document at you. Further, it should recognize that a contract must be understandable to an average person with an average amount available to devote to such things. Anything not meeting that criterion is null and void. Fine print on page 123 does NOT constitute disclosure.

    Loosened community ties have opened the door to scam artists like never before. In a worldwide community where the number of people you actually know is vanishingly small, social shame is not very effective.

    Society is well behind the growth of technology. When it becomes more socially acceptable to proclaim that you sell drugs to 8 year olds than to admit you're a spammer, much of it will stop (OK, they may not be that bad, but it's close).

    We need for it to be socially and legally acceptable to spit on a spammer's shoes in disgust. It's good that we as a society are (slowly) learning to accept diversity, but at the same time, some things are NOT reletive. An obnoxious ass who deliberatly annoys millions of people a week does NOT deserve understanding, he deserves contempt. Nevermind jail, ostracise them.

    Law enforcement. If you or I produced the very same spyware that's out there with the very same barely existant (or non-existant) disclosures, we'd be up on charges. Just because it's incorperated doesn't make it OK!

    </soapbox>

  • by SethJohnson (112166) on Saturday January 03, 2004 @10:10PM (#7870263) Homepage Journal


    Since I haven't seen anyone else mention this tool, I thought I'd bring it up.


    Spybot Search & Destroy is a massively effective tool at cleaning a Malware-infected PC of every adware / spyware crap known. It will kill homepage redirects. It even blocks future installation of known malware. Check it out. [safer-networking.org]

    It's free as in beer.
  • by Animats (122034) on Saturday January 03, 2004 @10:47PM (#7870357) Homepage
    The rate at which people signed up for the do-not-call list scared Congress and the direct marketing industry. The DMA had figured it to be a minor nuisance, like the do-not-call list they maintain. They weren't expecting fifty million people to sign up in advance. Which is what happened.

    Not only is the FTC now required to study a do-not-email list, there's even talk of the DMA's worst fear - a do-not-mail list for paper mail. Bills have already been introduced in New York and Massachusetts.

    This is the year to go for a do-not-email list with teeth as sharp as the do-not-call list. It worked for fax. It worked for phones. It can work for e-mail. And it's an election year. Keep pushing on your elected officials and the FTC. Push the FTC to implement a do-not-email list. Insist that it include domain-wide opt-out.

    And yes, it will work if the law goes after where the money goes. Any competent cop and prosecutor can find out where those Viagra orders get fulfilled and who collects the money. It just takes some routine police work and a few court orders.

  • The worse part about all of this is that they had a technology there that could be used effectively and to the benefit of both companies and consumers. Advertising on the Internet is a given, and unless somebody figures out a better way to make a profit on otherwise "free" Internet sites, it's here to stay.

    Personally, I don't see a problem with the idea that if I have to see advertising it would at least be tailored to my interests. If that means that an anonymous profile is put together on my Internet h
  • by wfberg (24378) on Saturday January 03, 2004 @11:10PM (#7870456)
    In ye old days, AV scanners would not only scan for malware that wasn't strictly a virus, but would invariably include an "innoculate" feature which would create checksums for executables and libraries, and the on-access scanner would refuse to run altered or non-checksummed executables. The latter is handy to protect against users installing or running malware. Windows XP includes this, but in a very, very cumbersome manner (Software Restriction Policies) but which at least can check certificates so windows updates will work..

    Any one know of any free checksum-checkers-on-execute, preferably with some sort of centralized checksum database, for windows?

Machines certainly can solve problems, store information, correlate, and play games -- but not with pleasure. -- Leo Rosten

Working...