Infected Windows PCs Now Source Of 80% Of Spam 778
twitter writes "The Register is reporting a study by Sandvine.com that blames Microsoft Zombies for 80% of all spam. The study goes on to claim that 90% filtering is not effective given the unprecedented volume and that sophisticated trojans are able to drop spam directly on end user's computers despite current efforts. Just another cost of supporting Microsoft, I suppose."
That does it! (Score:5, Funny)
Re:That does it! (Score:5, Funny)
Yet another completely biased Slashdot article (Score:3, Insightful)
Uh, no--how do trojan attachments and viruses that moron users open have anything at all to do with Microsoft?
I forgot, we needed an article that specifically made sure to say "Windows PCs" in the headline as though it being Windows has anything to do with it. If everyone used Macs today, it would be Macs, and if everyone used Linux, it would be Linux boxes. Uninformed users are uninformed users, and short of Microsoft showing up at your house and
You don't have to open anythign to get a virus (Score:5, Insightful)
You see, unpatched windows has exploits and all the script kiddies with porn sites know this. The most common viruses now scan computers on an IP range, find a computer prone to an exploit, and open up shop on your computer.
'What you say!' They could do that just as easily on Linux or a mac. Not quite true. OS X and Linux are both based on Unix which is considerably more stable and secure then windows (for oen thing they handle file premissions a lot better and more securly). Most importantly though, primarily where linux is concerned, there are constantly people updating and improving the linux kernel. These are often the same kinds of people who would take advantages of exploits back in high school and are now turning their knack for finding system weaknesses towards a constructive goal. Open source finds bugs faster (or so time seems to be telling us)
Last and not least, yes most people use Windows. Therefore most viruses are constructed for Windows and most computer illiterate users (many of whom don't even know what spyware or the like is) use it too. So there is saftey in obscurity.
But i beleive enough of the blame can be pinned on what a mess security in windows is and someone pointing that out isn't just a tinfoil hat wearing commie shouting witch at the Big Guy.
'Course in longhorn security is giong to be better. And everything is going to be fully integrated. Some how those two have never gone hand in hand. Only time will tell. But for now I prefer the Unix ideom of 'do one thing, do it well.'
(It also reaks less of monopoly then do everything and do it noticably)
Different OSes developed with different aims (Score:5, Insightful)
This is a widespread misconception, akin to saying that if everyone drove Volvos, just as many people would die in traffic accidents as they do now. Millions of Americans have purchased large SUVs that tend to roll over [suv.org] three times more frequently than other automobiles. Volvos, on the other hand, are built with safety [automotive...nology.com] as a primary goal.
By the same token, would you expect an OpenBSD server to have the same level of default security protection as a Windows 2000 server? OpenBSD is built with the primary intention of being the world's most secure OS [openbsd.org]. Nowhere on the Windows 2000 product page do we see anything at all [microsoft.com] relating to security.
You can't assign positive characteristics to an OS on one hand (Windows XP doesn't crash as often as Windows 98) and then dismiss negative comparisons (Windows is less secure by default than Mac OS X or Linux).
Blame users all you want, but there are millions of uninformed Mac users out there. Believe it or not, in spite of their uninformed nature, they don't have to deal with anything like the litany of security and stability issues that confront Windows users.
It's hard to believe when you've been struggling with Windows for years and have grown accustomed to it, but while Linux and Macintosh aren't immune to security problems, the trojan horses and viruses that plague Windows users are a direct result of Microsoft's development philosophy, which emphasizes market dominance over quality.
Re:Yet another completely biased Slashdot article (Score:4, Insightful)
Uninformed users are uninformed users, and short of Microsoft showing up at your house and forcing you at gunpoint not to open attachments or enable viruses, what do you expect them to do?
MS has spent a great deal of time and money making sure everyone believes that they don't have to be informed to use Windows. Apparently they were wrong.
I racall around the time MS decided to implement macros in various documents including email, MANY people stated in no uncertain terms that making email and Word documents executable was one of the dumber ideas they had ever heard.
MS could have asked itself why so much of the industry thought they'd lost their minds, but instead, they decided they were infallible and we were all too stupid to understand their brilliance.
Had they reconsidered way back then, the world could have been saved many billions of dollars in lost productivity. And they wouldn't have had to hold a gun to anyone's head to do it.
Instead they plowed ahead with their half-baked idea, and it has had exactly the result predicted by nearly everyone but MS.
I'm not saying the doubters are always right, but when they can name specific objections (documents often come from untrusted people) it is a good idea to consider carefully.
Re:Yet another completely biased Slashdot article (Score:4, Funny)
Re:That does it! (Score:5, Interesting)
My point is that you do what you can by...
1) Not giving out real email address in forms
2) Not posting un-obfuscated email address to the web
3) Securely running your OS
But if I follow point 4...
4) Don't give your friends your email address
Then really why do I have an email addy in the first place?
Most of my spam I get are actually those annoying bounce-back messages you get from anti-virus filters. "The email you sent had the virus W32.Blaster" etc etc. The problem is that I run a solely Linux household, so it's probably coming from a virus on someone else's computer.
And for my 2c, Thunderbird's spam filter isn't half bad, if you don't mind the spam hitting your box prior to filtering.
Re:That does it! (Score:4, Insightful)
Then really why do I have an email addy in the first place?
Yeah and my friends of the female persuasion can't help but put my email addy on all of those greeting card sites. I had one put my email addy to my cell phone on one of those sites once and I went nuts. 5 cents/email if I go over my limit....I was gonna have to turn my service off.
Re:That does it! (Score:3, Interesting)
>>4) Don't give your friends your email address
Here is a semi-interesting tangent.
I gave my wife and one son (both computer illiterates) each an e-mail address.
My wife gave her e-mail address to her sister, but my wife would not write any email (she prefers Long Distance phone calls.... argh!). However her sister emails her things, include some of those stupid 'pass this on to a friend' emails. Still, my wife doesn't even read her own email. After about a month,
Re:That does it! (Score:5, Insightful)
You can register a new domain, and it will start getting spam within a week to common names such as "bob@, sally@, john@, etc.". Not all spam is because someone actually has a verified address, but because it is a common name used. We get tons of spam hit our mail server that is addressed to people that have never had an account on our domain, but is instead a common name.
Also, I just started getting spam on one biz account because I had been helping a customer, and it appears they got infected, and since I was in their address book, I got hit with them.
Yes, plenty of people are stupid enough to sign up for every newsletter on the web, but blaming someone with a common email name (or inferring that they are stupid, as you did in your post) who DIDN'T sign up for anything, isn't solving anything or adding to the conversation.
Pikes would stop the sapm (Score:5, Interesting)
I've had spam show up at new accounts that were only registered, never used. I've even had spam arrive at an email account that was sent before I even created the account!
Then theare are the moron spammers who send out group addressed emails (the ones with 20-30 variants on spelling anything at all like your name.)
Anti-spam on the client is not the solution.
Sticking there severed heads on pikes outside ISPs would be far more effective and satisfying.
Or the traffic problem could be justifiably claimed as a result of poor engineering by Microsoft, and make Bill & co. responsible for the resulting expenses.
Or we could just make ISP's responsible for disconnecting any customer who has an infected machine connected. When the machine is cleaned, then they could reconnect, not before.
No, I don't care about people who can't afford to take care of their machine, buy hardware firewalls, virus scanners, etc. I don't care that people driving rust buckets can't afford better cars, either -- get the hazard off the public byways!
Backbone traffic volume (Score:3, Interesting)
The problem with front-end client spam filtering is that it does nothing to reduce the backbone traffic volume nor the data volume the email server has to process.
Someone is selling the products. They are illegally using home PC resources via spamnets. I fail to understand why the spammers can't simply be charged with theft, fraud, and locked up accordingly.
Or just shot if they happen to be in a country that permits such penalties. The genepool needs some cleaning...
Re:That does it! (Score:5, Insightful)
But this ignores the real issue. Spam is so bad and getting worse at such a fast pace, that servers are dying under the load. ISP's and businesses are installing really bad filters that do more damage than good, blocking lots of legit mail. A couple years from now and you can kiss email goodbye as it won't be functional. The current laws on the books are pathetically weak, the proposals to help (SPF, domainkeys, etc.) are insufficiant (no critical mass, basic design flaws, etc.) and quite clearly filtering can only catch so much before the false positives kick in. About the only thing that really works is challenge / response systems (and I HATE those.)
In addition, protocol enhancements (hashcash) or replacements are 5 - 10 years off due to deployment / critical mass issues.
Nope, I'll stick with my 2 year forcast of the death of email as a viable communications tool.
Obligatory (Score:3, Insightful)
Yes and (Score:4, Funny)
Re:Yes and (Score:3, Informative)
So instead of investing all this time and money (Score:5, Interesting)
Please note the sarcasm in the "unwashed masses" comment before modding me as a troll
I think MS is not the only one to blame (Score:5, Insightful)
Today you have to have a license to drive so why not learn how to play safe if your PC is connected to a public network.
Re:I think MS is not the only one to blame (Score:5, Insightful)
Symptom of the (near) mono-culture (Score:4, Insightful)
Yes, linux can be more secure than Windows, but the fact is that over 90% of these zombie PCs could have prevented infection by simply having (a) their firewalls enabled and/or (b) having intelligent users. By default, most linux distros don't come with firewalls enabled either (at least, the last time I checked; I think it's becoming more common for firewalling to be enabled though, as with XP SP2) and as for (b), well, we'll always have stupid users.
Re:Symptom of the (near) mono-culture (Score:5, Insightful)
It's more than that. Why do you need a firewall? Because your computer is sitting there listening for a bunch of crap that it doesn't need to be listening for. Install Windows XP, and then run Microsoft's Baseline Security Analyzer [microsoft.com]. It will tell you that you are about to be fried. Why is that? Why should the user have to be constantly vigilant against threats?
I've yet to see what XP SP2 does, and hopefully it does more than just turn on a firewall. Hopefully, it starts to take things more seriously. Hopefully, Linux starts to as well. It's nice than it can be made to be secure, but it's not exactly simple to do so.
Quit blaming the users for the shortcomings of the developers. You're putting the burden in the wrong place.
Re:Symptom of the (near) mono-culture (Score:5, Interesting)
remote scans of Windows systems? (Score:5, Funny)
"MBSA Version 1.2 includes a graphical and command line interface that can perform local or remote scans of Windows systems."
So Microsoft releases a GUI tool to remotely scan Windows installations for security vulnerabilities, and yet it includes virtually *no way* to automatically exploit those vulnerabilities to provide a remote login?
Typical of them to rush an inferior product out the door and rely on marketing muscle to sell it over superior third party alternatives.
Re:Symptom of the (near) mono-culture (Score:5, Insightful)
Can we change (b) to 'informed' users? It is possible to be intelligent about non-computer matters and still be running a zombie. It's about ignorance, not (necessarily) stupidity.
I continue to skeptical of the apparently widely held opinion on this site that (knowledge about computers/programming/security/[insert specific topic here]) == intelligence.
Re:Symptom of the (near) mono-culture (Score:5, Insightful)
No. This is not true, and a counter-example is enough to invalidate this very common theory. Actually, I have 2 here, but other
1. Web servers : Apache has twice the market share of microsoft IIS. but is far less taken as target.
2. Databases : microsoft SQL server has only around 16% of market share, less than Oracle, db2 and probably MySQL, but it is the most common target.
Targets are first chosen regarding the facility to compromise them. Popularity will come as a second point to consider. Of course this is true when the potentitial of targets is high enough, which is the case in my examples.
Yann
"Infected Windows PC's" (Score:4, Funny)
training (Score:5, Interesting)
Re:training (Score:3, Insightful)
In other news... (Score:3)
Unprecedented rates of infection (Score:5, Interesting)
The reason I believe it is Internet Explorer is that I have seen a machine that is behind 2 different firewalls (one of which is a very well configured PIX) get molested. It wasn't used for e-mail, no P2P programs for downloading and nothing else was used except the browser. I am SURE some people were browsing dodgy websites on that machine. So far, it is the only PC on that IP segment that has been infected so it wasn't from another machine.
Anyone else see this out there?
Re:Unprecedented rates of infection (Score:3, Informative)
I'm seeing nothing but and I'm making damned fine cash on the
Re:Unprecedented rates of infection (Score:5, Insightful)
Yes, the majority of inexpert computer owners I'v run into for the last few months have been wondering why their machines are running slow, showing lots of pop-ups and dialing premium rate or international numbers on their own. Small companys as well as home users.
I'v given up trying to educate people. They won't switch from IE and outlook. I don't want to get into a discussion about who used the
family computer to look at a porn site. They lack the basic understanding of what the computer is doing required to make a decision when personal firewall software asks if a connection should be allowed.
Re:Unprecedented rates of infection (Score:4, Interesting)
So what we have here is someone writing a virus that can get into a recent windows box that then looks for remote control connections and knows how to exploit them. Then it installs a different program that can scan and install a spam proxy on machines that can access the net and only machines that have net access.
That was about a year ago. MS came out with the pach many months after the box had been owned. After that, I've got a new rule, no pc can talk to anything else except the samba server by defautl. No PC has any access to the net except through squid. I don't set up default gateways now either. Default PC installs can't even ping anything but the samba/squid box. Too bad SAP Business one is forcing me to break some of this for some clients. Maybe they will port it to solaris like they said they would.
Oh, our new dev machines are made by apple.
Re:Unprecedented rates of infection (Score:3, Informative)
Except I no longer use 192.168.*.* since that seems to be built in to every virus on the planet.
Step One: Follow the money. (Score:5, Insightful)
Step Three: Follow the money.
Step Four: Take a wild guess.
I'm just going to keep on saying this, year after year, as it becomes more and more clear that those engaging in spam are operating outrageously criminal enterprises: If you want to stop spam, FOLLOW THE MONEY.
Find some Viagra spam. Buy some Viagra. Trace the shipment to you, trace the cash transfer from you, arrest. It's not that hard. It's just not very geeky. People, there's no magic technical solution to this -- there's increasingly illegal stunts being pulled, and the only people out there with the IP-layer mechanisms for tracing the attackers really can't afford to release that data as it would compromise rather more important investigations. But -- we've got a very mature infrastructure for tracing financial and mail fraud. We just need the political will to use it against Spam.
It's just not that hard.
--Dan
Re:Step One: Follow the money. (Score:5, Interesting)
Various jurisdiction's spam laws vary, but at least in
Even though the evidential burden in a civil case is much less (balance of probabilities/preponderance of the evidence) than in a criminal case (beyond reasonable doubt,) it still proves difficult to tie a spam purporting to advertise, for example, penis pills, to a purveyor of penis pills.
Penis pill guy sends his spam through a few thousand of 'fresh proxies' (spam guy terminology for freshly rooted or virused machines garnered from crackers or vx people), penis spam ends up in inbox with penis pill guy's contact details.
So far so good, but there's no causal link between A and B of any forensic value whatsofuckingever. Correlation is not causation.
I'd be more inclined to see a system which plugs into the MTA somewhere between RCPT TO and DATA, which performs a basic open proxy scan on the originating MTA (similar to what many EFnet servers are doing ATM,) and if the originating MTA fails the test, mail is refused (preferably with a '550 5.1.1 no such user' error as this may help get you off certain lists) and the originating IP is added to some form of distributed blacklist for X hours (i'd suggest 48... long enough to allow ample time for the machine's owner to find out that they have a virus or spam problem and fix it, not really long enough to cause a major problem.)
I'm actually working on building such a system at the moment... Details will be posted to my website when I have some half decent code that runs (instead of making postfix' smtpd dump core.)
On behalf of all responsible MS admins.... (Score:5, Interesting)
We keep our corporate networks nice and clean, we stomp on infections fast, we try to educate our users, we run filters and firewalls, we put in place policies and we try our damndest to prevent this stuff.
But if those users go home to an infected PC, then we've failed. failed badly. We don't get paid to keep home machines clean, but how much harder would it be to really educate our users? really?
What can we do? Well, we can impress on our users, as I'm trying to do, that thay can suffer real, genuine harm if they don't practice safe computing.
I have this idea. A user doesn't give a crap if they're not harmed directly by a virus. OK, they have a spamming trojan on their machine, do they notice? no, they don't.
So I make sure I tell my users that there are viruses out there which can log their keystrokes and, by inference, steal their credit card number or online banking details or any other personal information.
That makes them wake up. Once there's a chance they might be directly affected in ways other than a slightly slowed down machine, then they start to take notice.
I'd urge every other techie on a windows network to inform your users in the same way. make sure they know that viruses aren't just something that affects other people. then they'll wake up, and everyone else will be better off. really.
Sounds low to me (Score:5, Interesting)
We get the occasional hit & run spammer who signs up for one of the $9.95/mo services with a prepaid credit card (so we can't effectively fine them) and then spams the heck out of the connection until we cut them off, but 99% of spammer complaints (that aren't due to spamcop being fooled by well crafted headers from brazil, or confused by unpublished relay hosts in our spam filtering cluster) are traced to users who have been with us for some time, who have never given us any trouble, and who have called customer service frequently for fairly basic help with simple internet setup tasks -- usually an account shared by a family with several children, or used by an old lady who just wants to look at pictures of the grandkids on the intarweb gadget. Pretty unlikely spammers.
The accounting department doesn't like it, would prefer to shoot first with a $100 fine and let customers beg for forgiveness later, but i argue constantly that we should give them at least one chance to disinfect their computer. We go ahead and fine 'em if they don't fix their issue within a few days, though, and then accounting makes them prove they are disinfected before giving them their money back.
It's poor customer service, ultimately, but wtf is an isp to do? If we just pestered them with email they'd assume we didn't really mean it, and would never fix their systems.
I refer to this study in spam complaints (Score:5, Insightful)
I keep a text file with this message for easy pasting into the spam complaint.
Comment removed (Score:3, Insightful)
I know the solution for SPAM problem... (Score:3, Funny)
How long would it take for geek population to find the PHYSICAL sites where they are located. And no we wouldn't be interested proofing that they send THE spam we recieved, only fact that they send spam lots of it. Now get AK47 in large quantities, and some explosives and timing based detonators. If 50 or more email marketing sites are attacked at same time all-around the world. With those offices destroyed, and top spammers sleeping with the fishes, how many would think that the email marketing is easy and safe money making business. The punishment maybe on a hard side compared to the crime, but it would simply eliminate Spammers.
That is a study? (Score:4, Insightful)
Pretty flimsy but probably true.
It isn't THAT hard to avoid spam/adware etc. (Score:3, Informative)
For example back at home my dad and sister both have their own computers. Both of these computers are constantly just clogged with so much ad/spyware that they are a chore to use. After formatting them both and reinstalling Windows XP I decided to install Firefox for them to use as their browser. It's been several months since then and both computers are FAIRLY free of all malware. There is still some but it is a major improvement.
Anybody on a Windows machine plagued with stuff needs to drop Internet Explorer unless they can manage to avoid going to sites that are notorious for infecting your computer with stuff.
Not a Product Endorsement (Score:3)
With all of that said, I will also say that from what I've seen of the Barracuda, it's probably about 80% customized Linux and other OSS projects and 20% proprietary code. So, I think you can probably achieve this level of accuracy in your own custom built system using Linux and OSS. The main reason we went with the Barracuda is that I've just been too busy to research building our own custom solution. But... if you have the time, inclination and knowledge, it shouldn't be too hard.
The greatest benefit of bayesian filtering combined with whitelists, RBLs and antivirus (as in the Barracuda) at the network level is that you don't have to worry much about your user's PCs. That, and forcing them to use a web based client make for a pretty decent mail environment.
Yes, spam is up, but filtering actually does work. (Score:3, Informative)
Of course, that doesn't do anything about all the bandwidth and server resources that are wasted handling all of that spam.
TMDA (Score:3, Informative)
Of course, TMDA is probably not what you want to use for a business, but for personal use it is great!
Did you read the story? (Score:4, Informative)
As an ISP our biggest OS problem is Linux. Proportionally it causes far more problems than Microsoft. Why? Because Linux users sit around saying "poor MS user" and don't even know they've been hacked. And the majority have been hacked. If you say "Oh, that can't be" then you've just joined the crowd
Starting a class action against Microsoft (Score:4, Interesting)
So if you're a victim of Microsoft's negligence in making systems that can easily be converted to attack zombies, click here [lieffcabraser.com] to contact that law firm. The most effective victims would be those who run Linux, because they're not subject to Microsoft's EULA. For them, it's a pure negligence issue. A Linux-based ISP or hosting service would be the poster child for such an action. They're being hammered on, they didn't sign any Microsoft EULA, and they're clearly suffering sizable damages due to Microsoft's negligence.
It's time for this to become a major legal issue.
Take them now (Score:4, Insightful)
Re:Is this suprising? (Score:5, Insightful)
All the ISPs are going to start filtering outbound port 25. If you want to run your own mail server you'll have to route it through their mail server, or use non-standard port number to route thru a 3rd party mail server.
Re:Is this suprising? (Score:5, Insightful)
And the next generation of zombie programs will do a simple DNS lookup for the mailserver of the current domain and start sending spam through the ISP's mailserver.
With the side effect that in no time no single customer of that ISP can send mail because the mail server is on every blacklist you can imagine.
Re:Is this suprising? (Score:3, Informative)
Fortunately, this will not help, because most (bigger) ISPs have separate servers for incoming and outgoing mail, and there are no DNS entries for outgoing mail!
Re:Is this suprising? (Score:5, Insightful)
Re:Is this suprising? (Score:4, Insightful)
But the first thing that needs to be done is to prevent machines from connecting directly out to another ISP's SMTP server. Hopefully this is done by one of the proposed IETF standards and not by simply blocking port 25, but we'll see.
Re:Is this suprising? (Score:5, Insightful)
Re:Is this suprising? (Score:5, Insightful)
And guess what --- that's exactly what must happen. It'll serve to teach that ISP that they have to spam-scan outbound mail, too, to avoid being blacklisted by everybody else. Actually, that's the whole point of forcing all their customers' mail through the ISP's outbound mail server in the first place: to be able to scan for spam and worms before they unload them onto the general public.
Re:Is this suprising? (Score:5, Insightful)
Its time the Internet stopped being a slave to the dumb users and put control back in the hands of people who know what they are doing.
Alternatives to mailing huge files (Score:3, Informative)
Once again, I'll have to disagree with this. (Score:5, Insightful)
Security is not the same as marketshare.
The vast majority of zombies were infected via Outlook's ability to run executables from email.
In order for Linux to have the same infection rate as Windows, Linux would have to have the same (or similar) flaws. For example, the same email client installed, by default, upon every Linux machine and that email client would have to run executable content.
Windows was designed with "user-friendly" being far more important than security. So important that security would be compromised in order for a feature to be "user-friendly". That is why there are so many problems on Windows machines.
Here's an example. Grab the latest copy of WindowsXP, run it without anti-virus software. Why is WindowsXP still vulnerable to the same viruses that Windows95 was?
Re:Once again, I'll have to disagree with this. (Score:4, Informative)
> viruses that Windows95 was?
Hate to say it, but it's because Windows XP-generation and its apps still have the same objective as Windows 95 and its apps did.
Functionality first, security second, internet be damned
Win95 was a pre-internet age OS. yes, the internet was around, but the vast majority of machines with 95 installed were not connected, or were connected on crappy slow modems at best. Windows XP's ethos has simply failed to keep up with the progress in internet connectivity.
Now, some users have kept up - I could run a 95 machine as securely as an XP machine right now, but the market has grown out of proportion to the average computing knowledge of the market, partly as a result of the simplicity and availability of windows. Unfortunately, the default configuration, until Windows Server 2003, has not had internet security in mind.
A non-net connected, or well firewalled, XP machine is pretty safe, just as a 95 machine is.
Re:Once again, I'll have to disagree with this. (Score:4, Informative)
Going from a non-networked, single-user OS to the hyperconnected Internet client that Win 95 was supposed to be in just a few months must have been difficult... Probably not a lot of time for all those paradigms to be re-thought...
Re:Once again, I'll have to disagree with this. (Score:5, Interesting)
If 80% of the users had Red Hat 9 installed, they'd be sending out 80% or more of the spam. RH9's sshd is exploitable out of the box. Heck many distros CDs come with exploitable sshds and often sshd is the service that gets started by default.
The same people who don't patch their windows machines won't patch their linux machines.
In some stupid hacking contest half a year back, there were silly people who picked RH as their O/S, didn't know how to secure it and kept getting rooted. Either they didn't patch sshd or didn't patch OpenSSL.
The spammers won't really care whether there are 100 vulns or 1 vuln in one machine. All they care is how many vulnerable machines there are.
Heck, from my webserver logs I see that at least some spammers are trying to get apache's mod_proxy to send email. They are succeeding for some configs.
Here's a victim:
http://forums.devshed.com/archive/t-9903
Here's another incident
http://cert.uni-stuttgart.de/archive/bu
Re:Once again, I'll have to disagree with this. (Score:4, Insightful)
Umm same email client? Outlook doesn't let you run executables period. It doesn't even let you recieve executables(.scr .bat .vbs .exe), this has been a secuiryt feature since outlookXP(2002). New viruses zip their content and user must open the zip file and fun the executable. This is not a flaw in outlook, outlook express, eudora on any other mail program. Its a flaw of the user.
Outlook XP Default Security [winnetmag.com]
My doom email virus [symantec.com]
Re:Is this suprising? (Score:5, Insightful)
Yes, but the other 20% aren't coming from compromised non-windows systems, they're being sent by spammers who know they're sending it. If the other 20% were coming from trojan'ed *nix boxes, then I'd say you're on to something.
Fact is, 4 out of 5 emails that end up in my spam bin are there because (a) some sleaseball wrote a trojan to deliver them, and (b) someone else wrote a trojan-friendly OS to enable it in the first place.
I understand that some ISPs are now cutting off infected folks until they can show they've patched. I think that we'll be seeing more of this, and I can't say I disagree (as long as they understand what a Unix, Linux, or MacOS box is).
Re:Is this suprising? (Score:4, Interesting)
Re:Is this suprising? (Score:5, Insightful)
Re:Is this suprising? (Score:5, Insightful)
By "spammers" I mean those people who knowingly and deliberatly distribute spam, and usually make money by doing so.
The hosts and the networks they were connected to became discovered and mail coming from those hosts and networks was treated suspicious by black-list-based filters.
So the spammers use more and more infected zombie PCs. Microsoft Windows is on 80% or more of the desktops. And now these Microsoft Windows-based infected zombie PCs are sending 80% of spam, according to the article
However, this does not mean (which would contradict your "this is obvious" logic) that the x% MacOS X-based, Linux-based and *BSD-based PCs are as easily infected and effectively sending x% of the spam.
NO... (Score:5, Insightful)
Just another cost of supporting users who install the software. Most of these hijacked Windows boxes are a result of a user wanting to see Britney Spears naked.
CLICK HERE--ALL NEW PICTURES OF BRITNEY SPEARS NAKED
This has nothing to do with Windows security other than running an ignorant user as an administrator.
Re:NO... (Score:5, Funny)
In Linux if you click on a "rm -rf" virus ... (Score:3, Insightful)
In windows, click-to-infect is the norm.
It's not 80% _OF_ spam (Score:5, Interesting)
"After comparing those data points with the total volume of legitimate messages passing through the service provider's mail system, we are able to arrive at our percentage of 80 per cent",
It's like you'd go to a bar and observe that 80% of women leave with drunken idiots, and thus proclaim that drunken idiots are able to hit 80% of women.
There may be some causality and statistical significance, but it definitely isn't as clear as the article suggests.
Re:Not suprised (Score:3, Insightful)
I run Windows and there is only a single (known) exploitable security vulnerability - and that's only because Microsoft won't release a patch for it and the workaround is too messy for me to want to bother with it as I'm not stupid enough to fall "cleverly crafted" URLs.
Windows can be almost, if not as secure as Linux or OSX if you just know what you're doing and keep up to date with the patches.
Re:Not suprised (Score:5, Insightful)
This is always the solution that comes up. There are a couple reasons why Microsoft is always picked on for virus/worms.
1. They are the single most popular operating system to date. Therefore they have the most users and giving the spammer/cracker more chances to get personal info or crack their system.
2. Most Microsft users are users that do not always keep up with patches or updates to their system. Most really don't understand why they would have to do it. Not only that, because most new users start with Windows, it's easy for them to fall for most of the phishing attacks as well.
Now, will all of that said above if, hypothetically, everyone switched over to Linux or Mac OS I'm not sure it would change much. You can talk about how secure Linux and Mac are, but they STILL are only as secure as the user wants it to be. I could still see many new users run as root all the time, open unknown files and the rest of the tips that they teach you NOT to do on Windows. Just because you don't see any Linux viruses doesn't mean they don't exist. The fact is that most people who are USING those OSs are a bit smarter and care more about security than your average Windows user that these worms/viruses/spams are being sent to.
Re:Not suprised (Score:4, Insightful)
Mac OS X is a different case, but they have secure email and browser applications. (For the most part. The issues have pretty much been fixed by now.)
Re:Not suprised (Score:3, Insightful)
Oh? And which e-mail program on Linux or Mac executes embedded code without user intervention? Maybe if outlook and the crossover plugin combo take off, you'll see a problem. Also, opening unknown files under linux won't cause these files to execute (and infect your computer).
Running as root isn't a security issue, it's a sanity issue. You are no more or less exposed security wise by running
Re:Will only get worse (Score:3, Insightful)
Ah, never mind. It's just a way to complain about absolutely anything Microsoft does. If Microsoft discovered a cure for cancer and gave it away free, some /. reader would complain because all the pill bottles have the MS name on them, giving them a cure-for-cancer monopoly.
Re:Will only get worse (Score:3, Insightful)
Now that a significant number of machines can't be patched you can expect the percentage of vulnerable machines to increase. This will inevitably increase the load borne by all the legitimate machines. As time goes on and more vulnerabilities are announced it will get worse, since almost all illegal PCs will be ripe for Zombie-hood.
I can se
Re:Will only get worse (Score:3, Insightful)
No, it'll just fail to get much better. There's no way a bug patch can make it worse...
Come on MS, prove me wrong! I dare you!
Re:Will only get worse (Score:3, Interesting)
In summary, I'm waiting a few weeks between sp2 coming out and installing it on my PCs just in case.
Re:Will only get worse (Score:4, Funny)
You know, the 2K in Win2K is a pretty big even number...
j/k
Re:Will only get worse (Score:4, Funny)
Re:Will only get worse (Score:5, Insightful)
Re:Will only get worse (Score:4, Interesting)
Most people are using the OS that thier computer shipped with, whatever HP or Compaq or Dell put on there.
The people who are using a pirated copy, more that likely know enough about computers to actually keep a computer clean.
It's the other home users out there, joe blow, who gets his cable modem, his new PC and leaves it on all the time. That's the guy they are refering to in the article. Not someone involved enough to actually track down a pirated copy of XP, get a serial that works, and spend the time upgrading.
Re:Will only get worse (Score:4, Insightful)
Not if they received the pirated copy on the computer they bought from Fast Eddy's Discount Computer Emporium.
It won't make it worse (Score:5, Insightful)
That won't make it worse - the situation for those user's who can't or won't install SP2 will stay exactly the same as before. Those who do install it will improve. So, it will make life not worse, but better.
It would be interesting if a critical vulnerability were dicscovered that pretty much stops the system from functioning (like Blaster). If only those with licensed installations can get the fix, the rest might realize that you don't get a good OS for free by pirating Windows. Something, though, tells me that Microsoft will make critical fixes available to anyone, though.
Re:Will only get worse (Score:5, Insightful)
Re:Will only get worse (Score:5, Insightful)
Well, I tend to agree in some ways an disagree in some. If the problems with Windows security holes and such would only affect the computer in question then I would be all for not allowing the updates to be loaded on a pirated machine but with the current system the legimate users of Windows (and other internet users as well) suffer from the neglicence of the users of pirated software. It doesn't only limit to spam, but also network worms which can be a nuisance with the amount of network traffic they create. I think Microsoft would do a favor to all of the internet with allowing patches to be applied to non-licenses (pirated) versions of Windows.
<bad-analogy> I would compare it to stolen cars. For example, if a car would have a really really serious design flaw that would make it blow up during rush hour taking along with two blocks, would you want the car manufacturer to fix the car even though it was stolen? </bad-analogy>
Re:Will only get worse (Score:3, Insightful)
Nope, the software pirates allow the machines to stay online. Microsoft should make a deal with all software vendors to require them to put in code that checks to make sure all the latest updates are applied to the Windows box before you're allowed to install the sof
Re:Will only get worse (Score:5, Insightful)
Which is to say, none.
Microsoft should make a deal with all software vendors to require them to put in code that checks to make sure all the latest updates are applied to the Windows box before you're allowed to install the software.
That seems like a very unwieldy solution to me. Wouldn't it be simpler for Microsoft to fixtheir system, rather than have every other software vendor on the planet work around the problems with Microsoft software?
Re:Will only get worse (Score:3, Insightful)
This is a difficult choice for Microsoft. They lose either way, and can only think about minimizing the losses.
Re:Will only get worse (Score:5, Insightful)
Latest word from Redmond is that SP2 will follow a similar rule, except that installations using one of 20 corporate keys will be blocked.
If you used a keygen, SP2 will probably install with no problem. Microsoft have spouted a lot of FUD over their anti-piracy initiatives. For instance, Windows Update shouldn't work unless you are using a legitimately issued key on the MS database, but it obviously does.
To get back vaguely on topic, what SP2 will do to prevent spam is to (a) install a better firewall and turn it on by default and (b) turn on automatic updating. This should protect the most clueless users, but I suspect most of them were using legit copies anyway.
Anyway, to get vaguely back on topic, it's the second Tuesday of the month, so let's see what the MS patch fairy brings us today. Probably another exploit for those nasty spam trojan people.
Re:Not really (Score:3, Insightful)
Re:An Idea (Score:4, Informative)
Re:An Idea (Score:5, Insightful)
But you're talking about blocking _outbound_ STMP traffic. That has nothing to do with servers.
Outbound SMTP traffic can be generated by any mail server that only listens on internal interfaces, or directly by your favorite mail client.
What you're talking about is breaking the Internet even more than it already is now, turning it into a big client-server network where the servers are operated by the big media companies.
It is also, coincidentally, the lazy sysadmin approach.
Don't do it, don't go blocking big swipes of IP just because some of them do something wrong.
Be smarter, find a way to only block those that do something wrong!
- Erwin
Re:An Idea (Score:5, Interesting)
I can't send email to *anyone* at AOL now, despite running an OpenBSD firewalled Linux server for our business. It's doesn't even bounce, just disappears into the void. There are *no* Windows worms or spam coming out of my network, but some ass at AOL decided to block the whole ADSL subnet anyway. Nice way to break the Internet guys. And THANKS AOL for replying to my question about it - NOT! The arrogance of IT geeks and uninformed management strikes again. How about thinking a little harder about it, and implementing reverse host checks based on sender address, or rate limiting with temporary blocking - a real email server can cope with that just fine. There's lots of alternatives other than just shutting yourself off from a chunk of the Internet.
Re:An Idea (Score:3, Insightful)
Re:SPAM Masquerading as Me? (Score:3, Informative)
It can't be secured? (Score:3, Insightful)
Spybot result: 0 Spyware found.
The last time either of these found anything: Over 5 months ago. Give you a hint, I only switched to Moz 4 months ago.
The last time I ran an update on both: This morning.
Sounds like FUD spreading to me from both sides. Does it take effort to stop? You bet! Of course, I haven't had to put any effort into it for a long time now, but it is really simple to do as long as you use that squishy stuff between your ears.
Tired of microsoft (Score:3, Insightful)
Yes, spam affects me personally. Money I send my ISP is going into fighting spam that should not exist instead of providing me a real service. My ISP, Cox, blocks outbound port 25, and I have to put up with their crummy SMTP server performance after two years of problem free Exim use.
There are plenty of other evil and nasty things Microsoft does, but t