The Battle Against Junk Mail and Spyware 312
wildfrontiersman writes "A New York Times editorial by Brent Staples, The Battle Against Junk Mail and Spyware on the Web, laments 'The story of technology is the story of noble aspirations overtaken by a hard-core huckster reality. This process is on vivid display in the debate about electronic junk mail, which makes up more than half of all the e-mail that travels on the Internet.' He criticizes the new spam law, the lack of attention to spyware and how it threatens our beloved internet."
Boring. (Score:2, Informative)
Re:Boring. (Score:2, Informative)
Obligatory Google Link (Score:5, Informative)
Re:Obligatory Google Link (Score:2, Informative)
Brent Staples the author (Score:2, Informative)
Re:Brent Staples the author (Score:5, Informative)
Brent Staples is an editorial writer for The New York Times. He holds a PhD in psychology from The University of Chicago. His memoir, Parallel Time: Growing up in Black and White, was the winner of the Anisfield Wolff Book Award, previously won by such writers as James Baldwin, Ralph Ellison and Zora Neale Hurston.
Spyware is getting really bad (Score:5, Interesting)
Had to run Spybot, ad-aware, spybot, ad-aware over and over for like 2 hours while rebooting to get rid of everything...
At least the latest Norton Antivirus scans some of it and so does Network Associate's antivirus. I wish Trend Micro's would do it too, it probably will soon...
Re:Spyware is getting really bad (Score:5, Interesting)
Needless to say: I did like you... Spent hours cleaning the damned thing. Then I did what any sensible person does: download Mozilla, set the skin to IE (so that the idiot users won't notice), enable pop-up blocking, and set it as default browser.
Never heard any complains of that person again, and he can play The Sims now. Sometimes, people need to be forced to use the right software.
Safeguards (Score:5, Interesting)
It doesn't help that spyware databases software databases have gotten so undiscriminating. You run a spyware scanner, and even the best ones raise red flags over stuff that has some of the features of spyware, but simply isn't. These include customer support tools like backweb. Yes, these can be abused, but ultimately anything you install in your system can be abused. It's simply a question of whether you trust whoever provided the software. Gator and Alexa have used up our trust. Backweb and the CS orgs that use it have not.
There's also the cookie issue. Yes, cookies are a grave threat to privacy. But the solution is in your browser: configure it use a good privacy policy, or if you totally hate cookies, not to accept them at all. Scanning the cookie database is a waste of time. Yet all adware scanners insist on doing it.
Re:Safeguards (Score:3, Informative)
Yes, this gives me a lot of emails, but it takes 10 minutes to give them a good alternative or give them the "OK".
For Kazaa, I say "No" and point them to Gnucleus. Yes
Re:Safeguards (Score:2, Insightful)
"Usually I point them to Opensource Projects that are safe to my knowledge"
Am I the only one who see a conflict here?
Re:Safeguards (Score:3, Insightful)
As for cookies: yes, we all know how they're used to invade your privacy. The question is, how do you prevent it? Scanning for "evil" cookies doesn't catch them soon enough to preserve your privacy -- unless you run the scanner continuously, which will destroy your system p
Re:Safeguards (Score:3, Informative)
I'm sitting here trying to figure out what might have confused you. It really was pretty clear what I said.
To repeat, Logitech and several other companies use Backweb technology to display advertisements instead of using it it for its intended purpose (software updates
IE theme for Moz (Score:3, Informative)
I pity no one (Score:2, Insightful)
I run a Windows XP machine for music editing and I use it online plenty too, and to date I have yet to worry about spyware, or worms. I don't have some ultra fancy shmancy set on the Win machine because I don't care that much about it. Now... I do contracting work at a mid sized Uni from time to time (I work at an ISP), and whenever at the Uni, I would see students' machine flooded with tons of spyware, viruses, you name it they had it. After fixing things for some of these kids while there, a call would co
Re:I pity no one (Score:2, Interesting)
Have you scanned for spyware? I can tell you that all it takes to get spyware is to follow one of the links on http://news.google.com using IE with ActiveX enabled. Needless to say, I don't do ever do this.
Re:I pity no one (Score:2, Insightful)
Re:I pity no one (Score:3, Informative)
Typically, this is install adaware to get rid of the junk, and then patch their goddamned systems. Install Mozilla, set it default give it an IE skin, block popups and remove iexplore.exe from their system. Set firewall (of your choice), add an AV ( http://www.grisoft.com for a free as in beer one) and explain the basics. Scare the crap out of them by exaggerating a b
Re:I pity no one (Score:3, Informative)
While IE does install with some less-than-prudent default settings, it's a simple matter to change them. Stating that the solution i
Re:I pity no one (Score:4, Insightful)
I love the hoops people like you will go through to continue running your inferior software. In spite of the fact that mozilla and it's derivitaves are faster, has a better interface(admittedly, it's a subjective matter there, but the fact that it utilizes the middle mouse button to enhance tabbed browsing makes it feel like riding a sport bike vs. the Internet Explorers tricycle), and are infinitely more resistant to widespread viruses and web-borne spyware than IE, and in spite of the fact that mozilla includes pipelining to increase browsing speed even further and native popup blocking which actually works because it blocks only unrequested popups instead of all of them, you decide to go and tweak IE for half an hour so you can keep on using it.
In the same vein are the people who think that there's no reason to go out and get something other than outlook express for their e-mail. sure, if I patch for two hours, then tweak for two more, I can maybe get close to the iron-clad near invunerability to these things I get by using any other mail client or web browser on the planet for a few weeks until another vunerability comes out...on the other hand, I could just use those instead.
But hey, what do I know? Just spend all those hours downloading IE patches, and be sure to come back every day so you are up to date! and download proximatron and MyIE so you can have blocked ads and tabs, and after all those hours of research and downloading....
Re:I pity no one (Score:2)
My updated Spybot S&D blocks the "Avenue A, Inc" spyware from Slashdot about every third or so page view. So even our blessed Slashdot is far from innocent. It helps if you configure S&D to pop-up an indicator each time spyware is blocked.. then you can see which sites are trying to pass the *real* bad stuff onto you.
Steve
Re:I pity no one (Score:4, Insightful)
Re:I pity no one (Score:2, Funny)
Good news! (Score:3, Interesting)
Hmm, I see a bright side to this. Some of us (especially me) are cynical about Linux's chances of replacing Windows on the desktop. But that doesn't mean we wouldn't like to see it happen.
Now, Windows is well-entrenched because it's what the current user base is used to. We can't get them to budge because we can't persuade them that the change is worth the effort. Bu
Re:Spyware is getting really bad (Score:3, Informative)
Trend Micro's OfficeScan already detects spyware and spyware based javascript, it's been doing it for at least a year now. Unfortunately, it can't always kill the spyware; my logs show it quarrantining the spyware only to have the spyware reinstall itself and repeating this process each morning several times, but the spyware is winning out.
Re: Oh yeah, spyware is OUT OF CONTROL! (Score:5, Informative)
In my experience, SpyBot works extremely well, but it has a few quirks in its interface that lead people to not get everything cleaned up that it can clean up.
Most importantly, when it finds spyware it tells you requires a reboot to remove, you'll notice that it rescans everything during the system restart. The thing is, though, it isn't *removing* everything during this stage. It's only setting itself up so it *can* remove what it finds successfully, if you click to "fix problems" on its console window after everything finishes and the Windows desktop comes back up!
Also, I'm seeing more and more virii/trojan horse type infections that are smart enough to kill processes of any known virus scanner. These wouldn't have the chance to infect a PC in the first place if people kept their virus scanner running and updated, but many people don't. Then when someone like myself comes in and tries putting an updated one on the PC, the install won't even complete successfully. (This also manifests itself as a scanner that shows itself as "disabled" in the system tray, but which won't ever stay enabled when you try to toggle it back on.)
I'm at a loss as to why Symantec, McAfee, AVG, and the other popular scanners don't allow doing a "reboot and scan/remove virii before system startup", so the virus code can't get a jump on the scanner??
Free Spyware & Keylogger Detection (For Window (Score:2, Informative)
These are also good if you want to safely use a strange machine. These are the programs:
SpyBot S&D safer-networking.org [slashdot.org]
Pest Scan pestscan.org [slashdot.org]
Keylogger Hunter http://www.styopkin.com/keylogger_hunter.html [styopkin.com]
Spyware a necessary evil for some (Score:2, Interesting)
Re:Spyware a necessary evil for some (Score:5, Insightful)
Care to justify that stance?
When visiting someone who asks me to help them with some computer-related task, as my very first action I download and run AdAware. It usually find at least 30-40 scattered chunks of spyware (I've seen in the thousands more than once), with perhaps half a dozen actual fully-functioning programs (the abundance of spyware has the amusingly ironic side effect that they all tend to break one another over time).
After removing all the spyware found, the computer's owner without fail notices the improved responsiveness and reduced desktop and browser clutter. I have not once had someone then ask me annoyedly where their "favorite" browser hijack vanished to; more often, I get a thankful "Oh, you finally got rid of that damn thing... I agreed to it from some website a few months ago, and no matter what I do couldn't make it go away".
So, what part of any of the above do you believe makes a computer more user-friendly?
Re:Spyware a necessary evil for some (Score:5, Informative)
I can think of one, just ONE example where this is the case. The Google Toolbar [google.com]. It's an incredibly useful thing if you can use it (only works with IE5.5 or better) but it does contain one optional feature what might be classed as "Spyware". Specifically, in return for providing Google with some details of your browsing habits you gain access to some PageRank related features. Google does however provide extensive clickthroughs and documentation that detail just what this entails, which is more than most of the crap out there with a penchant to phone home.
Re:Spyware a necessary evil for some (Score:2)
You can forget about a lot entirely if you go that route. Not saying Mac is unusuable, but computers are general purpose machines, and the more general, the more attractive they are.
Re:Spyware a necessary evil for some (Score:2)
No. I'm sorry, I *really* should have clarified that point in my original post.
A lot of people out there by their machines for what they can do down the road, as opposed to what they can do right this second. Mac is virtually non-existent in the computer retail space. If it appears that there isn't a barrage of new stuff headed for it, it's hard to buy it under the idea that it'll be general purpose outside of what already comes with it.
That's what
From the article.... (Score:5, Insightful)
And what the article does not discuss at any length is that we have Microsoft security (or lack thereof) to blame for most of the spyware problems. If Windows had better security, then most of these problems would not be there to the same degree as they currently are.
Re:From the article.... (Score:3, Insightful)
Re:From the article.... (Score:2)
You should try OS X [apple.com] and see what you have been missing. You get security with true plug and play compatibility and ease of use.
Re:From the article.... (Score:3, Insightful)
Even if MS did remove some "features" to enhance security, 99.9% of the users wouldn't even notice - most pe
Re:From the article.... (Score:5, Insightful)
Re:From the article.... (Score:2)
No they would not be (and they are not). Operating systems should not allow root access or even administrator access for certain functions (like installing software) without explicitly notifying the user of said installation and requiring an administrative password or phrase.
Re:From the article.... (Score:2)
Unfortunately, spyware is smarter than Microsoft. The spyware installs even if the user has NO administrative rights. What makes it even harder is that to remove the spyware, you do need administrative rights, thus you can't have use
Re:From the article.... (Score:2, Insightful)
It's not a security problem; the users explicitly asked for the spyware to be installed. They just didn't understand what they were really in for.
Re:From the article.... (Score:3, Insightful)
Yet. I hate to say this on here ( this will get me killed THRICE in a very painful way ) but this can be done with proper DRM. It will stop users from installing stuff on their own PC that isn't certified by . That WOULD stop most spyware dead in it's tracks. Of course, we all know MS's history concerning bugs and sooner or later a bug big enough to
Re:From the article.... (Score:2)
Re:From the article.... (Score:5, Insightful)
Re:From the article.... (Score:2, Interesting)
Re:From the article.... (Score:2)
The point you make is valid, but applications should not have the degree of uncontrolled access to the OS as they currently do in Windows.
The improvements to Internet Explorer due to appear in Service Pack 2 should help stop the spread of spyware somewhat.
However, this
Re:From the article.... (Score:3)
Not to troll (I really like OSX) but Apple has been bad with this in OSX, requiring you to buy an upgrade to get some patches. MS is actually better about that - their patches are free. Yes, I know that the OSX upgrades have new features too, but sometimes I don't need them - I just need the bug patches.
Re:From the article.... (Score:2, Insightful)
The problem is the end user. Education keeps a computer clean. Li
Re:From the article.... (Score:5, Interesting)
Of course, such code would not have the luxury of tailoring itself to outlook/IE. It would have to learn to work with mail/Safari, neither of which are as instrusive as the MS counterparts.
I leave it as an excersise to the reader as to whether Safari is as much annoyware as IE, or if the OSS base of Safari gives it an edge.
Re:From the article.... (Score:4, Insightful)
Get real!
Like it or not - the basic security of the operating system greatly affects the total security for the computer. And like it or not MS Windows is not good in that regard.
One way to solve it - stop buying (Score:5, Interesting)
In most other forms of media, it seems that advertising has had its day. Television is no longer able to subject us to ads and is threatened, Radio ads in internet radio are able to be skipped. So we only have to deal with the advertisements that arrive in our inbox.
There are a variety of ways of dealing with this detritus, the easiest one is make it a social stigma to admit to buying anything from spam.
Have any enlargements or pharmaceuticals ever been sold using this method? Has anyone ever received one of these messages and replied and then eagerly waited for their postie to drop by with their delivery of "Hot Teens"?
Turn Spam purchasing into the Venereal Disease of the new century and it will cost these folks more to send the messages than is returned in sales.
Legislation is pointless in an area where geography is no longer a method of control.
Re:One way to solve it - stop buying (Score:2)
Re:One way to solve it - stop buying (Score:2)
Re:One way to solve it - stop buying (Score:5, Funny)
-Hey, nice pecker stretcher, and those pictures of the guy with the goat are really cool. Where'd you get 'em?
-I ordered them from a spam ad.
-You PIG!!!
rj
Re:One way to solve it - stop buying (Score:2)
Re:One way to solve it - stop buying (Score:3, Insightful)
I Allways say that tech control won't work. All the server-side control methods just doesn't work, not only for spam, but for anything. And when i say server side, i actually mean sender-side. For example: A Law that controls SPAM, the m$ idea that there only exists exchanger servers out there, while most of us are at sendmail or postfix, so they try to imposs a server side resitiction based on the false premise that people can modifiy software, and that everyone uses THEIR software
Your solution is unrealistic (Score:5, Insightful)
What world are you living in? In the one that I inhabit, advertising is a multi-billion dollar industry. All of that brain sapping drivel pushed out on network television every night creates a captive audience to push sodas, alcohol, cars, and everything else that makes the (Western) world go round.
The fact that you and your friends use Tivo or listen to internet radio stations is only slightly more important than the fact that you use Linux at home. The rest of the world still uses M$ products and buys things because a commercial told them it will get them more pu$$y.
As for e-mail advertising, this is the latest (not even latest, but relatively recent) intrusion of advertising into communications mediums. Until people are willing to PAY for things (e.g. HBO) instead of being cheap greedy hypocrites, advertising will continue to infiltrate all communication and entertainment mediums.
Even when people are willing to pay for things, the advertisements will become more subtle and embedded, with product placements as perfectly nailed in the movie The Truman Show.
And the reason advertising continues to happen in e-mail is that the costs to advertise are getting less and less to the point that now if 1/10000 people buys Herbal Viagra or whatever crap is being sold, then it becomes worthwhile. So good luck convincing 100% of the people to stop buying stuff. Let's come up with realistic solutions.
Few buy from spam anyway, but that's irrelevant. (Score:4, Interesting)
The boycott you propose has already been around for a long time. It's called the "Boulder Pledge". Unfortunately, it doesn't work.
The people who advertise through spam are fly-by-night operations. They typically hope to make a quick buck by shoving a message at a million people and getting a 0.0001% conversion rate. (Do the math.) Often they aren't even the ones with products to sell; rather, they're "basement operations" with little in the way of resources or business sense hawking merchandise on behalf of the less-reputable amongst affiliate programs.
The people who make the real money off spam don't make the money selling stuff through spam. Instead, they get paid by aforementioned fly-by-nights to send the spam. They are the few fat sleazeballs sitting at the top of the pyramid being supported by everybody else. Just ask Alan Ralsky (if you can get a letter through to him under the massive number of catalogues he receives).
This convoluted chain of middlemen is the reason why normal market forces haven't stamped out spam, even though spam is net unprofitable. Losers pour money into the spam system and are dealt out of the game with a high turnover rate; but there are always enough new losers coming in to keep the system afloat. Meanwhile, professional scam artists know every trick in the book to squeeze money out of an activity that truthfully causes a net loss for everybody else involved.
From the fly-by-nighters lured in by the promise of easy riches and duped into paying hard cash for spam advertising to the victimized ISPs and end users who have server, bandwidth, and support costs shifted to them, everybody else comes out in the red anyway. So how, exactly, is a boycott supposed to work?
Age-Old Solutions (Score:5, Funny)
Both problems, the spammer and the salesman, can be solved with the use of a good 12-gauge shotgun.
Trespassers will be shot. Survivors will be shot again.
It's getting sad (Score:5, Insightful)
I was visiting my parents when they got their Dell and out of the box it required over 20Mb of security fixes and had a virus scanner (Mcafee) that was set to explode after 90 days if they didn't subscribe and the firewall off by default. Oh and of course their account that they setup with the instructions made them an administrator. We got that patched up and hardened quickly but your average Joe who buys a system and plugs it in is just a sitting duck and he has no clue. It's pathetic that companies like Dell can't harden the things a little before shipping them out.
Can't we just let the economics sort this out? (Score:4, Interesting)
As for spyware, maybe it's just me, but how about say, not letting files download onto your local disk and set up with executable permissions? You'd think that maybe a modern OS would have some kind of setting to disable this kind of thing? Maybe even just lock out c:\program files\ from being able to create new directories? Yeah I didn't think so. I'm sure the new "security focused" development has better things to secure than the filesystem from malicious executables, because we all know this is a new and infrequent problem right?
One of these days I'll run into someone who gives you these "free offers to improve your life" and talks about how beneficial they are. Then I'll give them some nice theraputic blows to the face to increase the supply of oxygen giving blood to the skin. Look, it works! I can see it turning purple with extra blood now. You should thank me for preemptivly solving a case of skin irritation from lack of bloodflow. How about I remove some of those teeth so you're protected from dangerous cavities too?
Assassination Politics (Score:2)
Google it [google.com]
Bob-
The story of technology... (Score:5, Insightful)
The story of technology is the story of noble aspirations overtaken by a hard-core huckster reality.
I think that's a little too narrow of a generalization to make about all of technology. But it is a symptom of a larger truth about technology. The story of technology is the story of technical progress outpacing social progress. We have not, as a society, come to a consesus on privacy, security, information as property, and who should regulate these matters. Similar, perhaps tougher, problems in biotech. This characteristic of technology driving questions about social morality is something I don't think was ever seen before the 20th century.
See it all the time- (Score:5, Interesting)
Now that win2k (and winxp) is out, the stability issue has been resolved. Now the most common thing I see is tons of spyware slowing the PC down to a crawl (obligatory slashdot humor: The difference between a PC infested with spyware that crawls, and Windows XP hogging all the resources making the PC crawl, is sometimes hard to discern.)
And of course lovely viruses from that oh-so-wonderful default-installed e.mail program, Outlook Express.
Most (nearly all) the *major* spyware issues stem from PEBKAC, a little knowledge (on the end-users part) would go a long way, but much of the spyware out there cloaks itself in "official" looking popups, all happily Verisigned, which can sometimes even trip up sys admins.
The next version of windows is rumored to fix this (to what extent is unknown) but undoubtedly will introduce a ton of new spyware.
Now isn't it nice that we BeOS and *nix users are immune to all that crap? I know I'm glad I use BeOS.
Unix not immune.. Just not a target (Score:3, Interesting)
Sure, it wont effect other users directly, but it will still slow down the machine and waste bandwidth...
Sure, *nix users arent targeted yet so we are safe for now. But we cant *just* sit back and laugh...
Re:Unix not immune.. Just not a target (Score:2)
Why do you say you are immune? Ever hear of installing a program as a user, in your home directory?
For that to work, there are two requirements:
If unix become popular on the desktop there would be viruses. However, unix browsers and email clients tend to be more secure then Internet Explorer and Outlook. Hopefully, one wouldn't see the
Re:Unix not immune.. Just not a target (Score:3, Insightful)
That may help keep someone from running a spyware program called 'ls', but there are plenty of other ways to get someone to run a program.
True, and maybe reasonable for a work machine, but hardly practical for most of us.
I agree that right now, unix programs are generally more secure than t
Re:Unix not immune.. Just not a target (Score:2)
Re:Unix not immune.. Just not a target (Score:2)
Ha, jokes on you! My BeOS system will probably never have to deal with it and neither will my friend's OS2 system!
Gotta love nearly dead OSes!
Congress's misunderstanding (Score:4, Interesting)
Spam works by entirely different rules. It is not enough to deter MOST spammers. It takes only a sufficiently capable handful to bring the mail systems of the entire country to their knees. The economies don't work in the same way: a typical murderer affects the lives of anywhere between one and a hundred people; a spammer affects between one and a hundred MILLION every week.
So relying on a citizen to be rational -- to realize that it's not in his best interest to spam, given the consequences -- will not work. There are more irrational actors than it takes for spamming to remain alive and well. There must be some sort of technological barrier in place -- with the support of the law, I believe -- to ensure that even these irrational actors are incapable of spamming.
What are some examples? Require by law that all ISPs -- be they mom and pop shops, tremendous corporations, or colleges and universities -- provide information in an email sufficient to identify the sender. Then prosecute the ISP harshly if it allows a user to spam; hopefully, ISPs can be deterred more consistently than individuals. Overseas ISPs are obviously beyond this jurisdiction, but the FCC might take it upon itself to publish a list of overseas ISPs that comply, and recommend blocking all that don't.
Alternatively, institute a microcharge on email -- be it monetary or computational -- to disrupt the economies of scale. When a user receives an email from an address not on his whitelist, his computer (or the ISP's) responds with an NP-hard computation problem that the sender's computer must solve before the email is delivered. Solving one -- or one hundred -- such problems would be no problem for a user's computer, but solving one to one hundred million would be much harder. Spamming would require computation like Japan's Earth Simulator to pull off, and the amount of computation might scale each year according to Moore's Law.
Better spam solution. Ubiquitous encryption. (Score:2)
Alternatively, institute a microcharge on email -- be it monetary or computational -- to disrupt the economies of scale.
Spam is coming from zombied hosts these days, computational charges will be distributed to the point that they are useless. Monetary charges will destroy mailing lists like the numerous developer lists I subscribe to.
I believe there is a way to stop spam without any government intervention. We can make it so that spamming only costs the spammer money. I believe the widespread use o
stealing computer time (Score:4, Interesting)
Re:stealing computer time (Score:2)
Junk mail isn't a new problem. (Score:3, Interesting)
Before that messengers on horses of coaches had to be used. This had the effects that letter where relatively expensive and traveled very slow (4 months from east to west coast). And it was insecure due to hostile natives.
However all this changed with railway post transport. And so the amount of advertisment letter increased greatly. It even delayed the transport of legit letters, so that the post office had to use special (more expensive) rates for advertisment transport to keep to flood under control. Note that hiding advertisment letters as normal ones didn't work: the post offices clerk were allowed to open every letter and check which they really did regulary.
Help us identify spam sources (Score:5, Informative)
Re:Help us identify spam sources (Score:2)
I like this approach, and will likely participate, but I do wonder how the project can avoid malicious data poisoning using zombie submitters and forged examples.
Re:Help us identify spam sources (Score:3, Informative)
Data contributors are tightly controlled. All contributors are screened, and authentication is involved in any data injection into the database. There is no anonymous data submission, ever. Also, the database requires reports of IPs sending non-spam making it easier to locate abusers of the system (who deviate seriously from the norms). Yes, a
Good perspective... (Score:4, Insightful)
As for how widespread the spam problem is, I cannot really opine as to whether the problem deserves the kind of attention that it is getting, as I have had the same email address for well over three years, it is visible on several mailing lists and usenet, and "I have yet to recieve the floods of spam that I so poften see described here on
I'm not claiming to get no spam, as I do recieve two to three unsolicited comercial email adverts per month at my account, sometimes a few more (I once recieved six in one week), and this leads me to believe that there is probably something about one's user habits that either does or does not attract spam.
I'm also sure that one's email provider has an effect on how attractive that address is to spammers. I'm sure that GMX's anti-spam measures do make thier users less attractive to spammers (If you were a spammer, would you put much energy into spamming a domain of email users if you were certain that the domain admins were likely to adjust thier filters before your ad run was complete? or would you concentrate on those domains that left it up to thier users to face the onnslaught alone?)
Email providers would take common sense measures to protect thier users from the most obvious spam with poorly forged headers, email originating from unsecured proxies and open relays, large numbers of identical meassages targeting alphabet blocks of obviously generated addresses, and emails originating from known spam source IPs (not netblocks), as well as applying "learning" filters (Beyesian and/or whatever), allowing users to submit examples, but apparently few providers do this.
Why do people continue to use thier services?
Has anyone here abandoned an email address after it became such a spam magnet as to be nearly unusable?
Re:Good perspective... (Score:3, Interesting)
Well, my inbox consolidates my own account that has existed from 1995, and several support accounts, and I get around 1500-2000 spams per day in that inbox. Fortunately 99% of that is filtered by spamassassin, but it's getting worse and worse.
A Creative Solution to Spyware (Score:3, Interesting)
If there is spyware sending out packets, one could presumably see what IP address they are going to and maybe even reverse engineer their data format. Then someone could write a program which sends their servers spy packets containing meaningless or misleading information, thereby screwing up whatever market research they are trying to do. Maybe we can create some fake correlations between unrelated items, after all, unlikely correlations come up often enough in real life, like diapers and beer [google.com], that they may not catch on until long after their databases are completely cluttered with meaningless crap.
Irony (Score:4, Interesting)
http://www.nytimes.com/js/s_code_remote_samplin
This fetches a few pieces of data and sends it back to 2o7.net in the form of a URL for a 1x1 gif.
Anyone care to reverse engineer this code and see what it's reporting back?
Circumvent the whole issue .... (Score:5, Interesting)
I'm not trolling, nor am I evangelizing, but the truth of the matter is, out of the box, Macs are FAR less prone to be susceptible to any of these nefarious internet annoyances.
Spyware: practically non-existant for Macs, and any application needs to be manually copied or installed w/a password verification, so nothing gets by without you knowing it (assuming you trust every user of your computer).
Spam: Mac OS X's built in Mail client has an excellent and easy to use spam filter built in, and in the 2.5 years I've had my
PopUps - Not only can you block pop ups in the default browser Safari, most of the pop up ads are themed to look like Windows dialog boxes, so they're easy to spot as advertisements and whisk away with a single click.
Just my 2
Is there a correlation between spam and spyware? (Score:4, Interesting)
Does any spyware collect email addresses from adress books?
Does any spyware submit the user's address with it's data?
Do people who's machines are or have been infected with spyware get more spam?
Just wondering.
It seems that spyware that tracks a users web viewing habits would be a no brainer as a data feed for a targeted spam operation.
Read the license or web to avoid spyware (Score:3, Insightful)
Granted EULAs are usually long and cumbersome and rightfully so, that is what makes most end user just click 'accept' right away. Also if you search the program you want to install on the web you may come up with a review or someone else stating that spyware is installed with it.
A majority of spyware programs are installed with legally questionable software, file sharing. To minimize your chances of installing spyware do not install any "legally" questionable software and read the EULA!
Re:Read the license or web to avoid spyware (Score:2)
That isn't always an option. When I saw a Gator EULA pop up during a recent DivX codec install, I immediately clicked "NO". I got a second Gator EULA, and I clicked "NO" to that one, too. The fscking Gator crap installed anyway. I tried uninstalling the codec, which removed the c
Re:Read the license or web to avoid spyware (Score:2)
My simple solution to spam (Score:5, Informative)
The full write up [icarusindie.com] of my take on what I see as horribly flawed ways to combat spam and source code for the custom programs I use to strip links out of e-mails.
I have an example of spam posted there where everything is just a mess in the e-mail. The headers are forged, the text is all obfuscated. But there, clear as day is an "HTTP://"
Poof, killed the spam domain. And there's no way to circumvent my method except by not having links of any form in the e-mail. If you put a link in a spam, I will find it and I will block it.
Ben
Re:My simple solution to spam (Score:2)
Not without killing your bandwidth (Score:2)
It would take 10 months or more to e-mail a message with a 20KB image 25 million times on a typical high speed connection. By referencing images off of hosts they can send the same number of messages in a week and the hosts can serve up the bandwidth required in half the time it takes to send the e-mails.
Ben
'Conspiracy' of social factors (Score:3, Interesting)
Really, many things together contribute to this problem. In no particular order:
A rabid consumerist/capitalist economy. Everyone wants you to buy something. Everyone NEEDS you to buy something or the whole thing unravels.
As a result, advertising in general has become a tragedy of the commons. It's so pervasive that it's becoming ineffective. Nearly everywhere you turn, there's an ad for something. Most advertising doesn't even improve sales, it just keeps them from slipping. The culture of advertising has gotten so embedded in business that few have realized that superbowl ads are usually a net loss. Perhaps the crassness of spam would turn off the 1/10th of a percent who buy if all other advertising wasn't so crass.
A general acceptance of legalese. If products carrying a EULA over three paragraphs (normal paragraphs) long or using words that have not otherwise been in use for 3 centuries was simply rejected, there would be none. With EULAS cut short, there'd be no fine print on page 123 to hide the spyware disclosure in.
Another way to accomplish that would be for the legal system to admit that it's just not practical (or even financially possible) to hire a lawyer everytime someone shoves a document at you. Further, it should recognize that a contract must be understandable to an average person with an average amount available to devote to such things. Anything not meeting that criterion is null and void. Fine print on page 123 does NOT constitute disclosure.
Loosened community ties have opened the door to scam artists like never before. In a worldwide community where the number of people you actually know is vanishingly small, social shame is not very effective.
Society is well behind the growth of technology. When it becomes more socially acceptable to proclaim that you sell drugs to 8 year olds than to admit you're a spammer, much of it will stop (OK, they may not be that bad, but it's close).
We need for it to be socially and legally acceptable to spit on a spammer's shoes in disgust. It's good that we as a society are (slowly) learning to accept diversity, but at the same time, some things are NOT reletive. An obnoxious ass who deliberatly annoys millions of people a week does NOT deserve understanding, he deserves contempt. Nevermind jail, ostracise them.
Law enforcement. If you or I produced the very same spyware that's out there with the very same barely existant (or non-existant) disclosures, we'd be up on charges. Just because it's incorperated doesn't make it OK!
</soapbox>
Spybot Search & Destroy (Score:5, Informative)
People are getting fed up. Congress is listening (Score:4, Insightful)
Not only is the FTC now required to study a do-not-email list, there's even talk of the DMA's worst fear - a do-not-mail list for paper mail. Bills have already been introduced in New York and Massachusetts.
This is the year to go for a do-not-email list with teeth as sharp as the do-not-call list. It worked for fax. It worked for phones. It can work for e-mail. And it's an election year. Keep pushing on your elected officials and the FTC. Push the FTC to implement a do-not-email list. Insist that it include domain-wide opt-out.
And yes, it will work if the law goes after where the money goes. Any competent cop and prosecutor can find out where those Viagra orders get fulfilled and who collects the money. It just takes some routine police work and a few court orders.
Good business, bad rep (Score:2)
Personally, I don't see a problem with the idea that if I have to see advertising it would at least be tailored to my interests. If that means that an anonymous profile is put together on my Internet h
I blame anti-virus vendors (Score:3, Interesting)
Any one know of any free checksum-checkers-on-execute, preferably with some sort of centralized checksum database, for windows?
Re:Spam is not that big a problem (Score:2)
Re:Spam is not that big a problem (Score:2)
Re:Spam is not that big a problem (Score:3, Insightful)
After all, this IS the NEW YORK TIMES! (Score:3, Insightful)
NYT writers are well known for making things up, so I'm sure that any word about software that would indeed make things better would be considered obviously false and get the writer fired. One must not be quite so obvious about the fraud, so as to get awards rather than fired.
Bob-
Maybe in your world.... (Score:4, Insightful)
You have to look at this from an abstract viewpoint to realize why nothing works so far (except bayesian filtering - to a limited exent).
You own server X. Out on the internet are servers A, B, C, D, and E. You know that you don't want any mail from D and E because they're spammers. You *might* want mail from C, sometimes but not all the time (a retailer, let's say). Messages from B you'd like to let through because that's your buddy's ISP, but A is a server used by both your friends and spammers (for example, AOL).
Now then, give us a simple algorithm to make sure that you always block D and E as long as they're sending spam, sometimes/never from C, allow from B, and block some mail from A depending on whether or not it's spam.
If that sounds too hard, then just come up with a simple algorithm to determine whether or not an email is spam.
See why it's still a problem
Re:But the Solution to Spyware is ... (Score:5, Interesting)
Your post advocates a
(x) technical ( ) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Re:But the Solution to Spyware is ... (Score:2, Insightful)
"(x) Mailing lists and other legitimate email uses would be affected"
The most I have emailed in bulk is say 5o people. If my computer requires 15 minutes of computation to post to 15 people so what !!! My computer is multitasking, and if I were to send postcards it would cost me much more time and money
"(x) It is defenseless against brute force attacks"
Ammm we are talking Spam, but brute force would require that they do a computation for every post they send. (They not me)
"(x) Users of em