h1

Spam clock ticking

November 27, 2006

Nine out of every ten emails are spam now. It makes me think with bitterness about how Bill Gates said he’d solve the spam problem by 2006. I guess he’s still got a month to go, though. It could happen.

Maybe you think I’m being too harsh on Gates. After all, he’s not sending the spam himself! But look at the first line from that CNN.com article:

Criminal gangs using hijacked computers are behind a surge in unwanted e-mails peddling sex, drugs and stock tips.

Hmm. “Hijacked computers”? We all know which computers they’re talking about: Windows desktops that are infected with viruses.

It’s my belief that despite all the other the ideas discussed by Gates in the other article, the number one thing that can be done to curb spam is for Microsoft to fix it’s broke-ass operating system. The clock is ticking, Bill.

Advertisements

No comments yet

  1. Gee… what an excellent line of logic. I bet you think that women who wear revealing clothes deserved to get raped, and people who leave their doors unlocked deserve to get robbed too. Blame the spammers.


  2. Personally, I would settle for another layer on top of Apple Mail’s Bayesian filter, that could categorize as spam emails that contain nothing except an image attachment.

    Judging by the number of messages arriving in the Junk mailbox aech day, traditonal spam is caught by the filter with approximately 99.5% accuracy. But the image-only spam can’t be caught by word-based algorithms, and there’s no other check for suspicious or malformed emails.


  3. I’m not addressing this as an issue of moral culpability, Nick. Of course the spammers themselves are to blame from that perspective. However, you’ll never solve the problem with a “just go after the criminals” mentality. The real way to cut this problem down to size is to remove the opportunity. That, I maintain, means cleaning up Windows’ vulnerabilities.


  4. Scott – you still have me confused. How does “cleaning up windows” reduce or prevent spam? It’s like saying that the post office is to blame for junk mail. Malicious code within emails I would agree, but the intent to spam is created external to the OS and mail handling apps. If Windows was somehow magically “cleaned up” to prevent spammers from sending bulk emails, the spammers would still find a way to interface to the internet backbones to send emails up to and including developing their own OS.

    What are the “vulnerabilities” in Windows that allows spam? (or more precisely, would eliminate spam?)

    Most spam is advertising, I can see a major lawsuit against Microsoft if their OS and apps prevented companies from what they consider legitimate “advertising” through emails.

    Are their laws against spam? Right now it’s just a major inconvenience that eats bandwidth – spammers are not breaking laws. Similar to the “do not call” should their be a “do not email me” lists? Spam filters still aren’t to a level intelligence for my liking, I still have to check if legitimate emails have been blocked. Likewise, it’s a cat and mouse game between the spammers and filter developers and some new work around always gets through. Personally, I create multiple email accounts, one specifically for general public use when registering products, rebates, newsletters, etc. that collects all the spam. The others I guard and reserve for close friends and business contacts. Not the perfect solution, but it works for me.

    Target the spammers not the OS. Changes in the OS can help, but they are not the ultimate solution. For the majority of spammers, it is profitable to spam. Erode the profit and most will stop. Legal fines to spammers, fees on emails over certain quantities, fines to providers allowing spam, do not email lists, traceability tools to track down and report spammers, etc. International cooperation also needs to occur. Regardless of financial gain, a small group will continue to meet the spam challenge, to scam, to disrupt or to get out a message – these will be harder to stop.


  5. Are their laws against spam? Right now it’s just a major inconvenience that eats bandwidth – spammers are not breaking laws. Similar to the “do not call” should their be a “do not email me” lists?

    There are in fact laws against unsolicited commercial email, and some spammers have indeed been prosecuted under them. Do-not-call lists work because telephone solicitors are working for legitimate, if obnoxious, businesses. I suspect that putting my email address on a list which will then be given to spammers, along with the strict admonition that they should never, ever email me, is a policy initiative that will fail quite spectacularly.

    The problems with Microsoft that Scott is referring to have to do with the ease with which it is possible to defeat their OS security features, and thus use someone else’s computer to send out the spam (there’s no other way to effectively spam people). All of the other things you mention are being done as well, but removing the methods by which most spam is possible is a necessary step as well.


  6. To answer Bill S.’s question, the vulnerabilities that the CNN article refer to have to do with botnet’s that have been created using Windows computers that have been hijacked through various viruses and other mechanisms.

    Most ISP’s are beginning to crack down on IP address ranges that are sending large amounts of spam. That’s why spammers have turned to botnets which used to only be used to attack servers with DDOS attacks. By using botnets, the spam load is spread so its harder for ISPs to catch.

    Of course, the real problem isn’t Windows, but rather it’s users. Most botnets are setup using old versions of Windows that have patches available, but users never install them. Same goes with virus scan. You’d be shocked how many users never install virus scan on their computers. So how is Bill Gates responsible if Windows provides fixes, but nobody installs them?


  7. Ben and Nick, thanks for technical enlightenment. I should have read the article.

    I am not a big fan of Windows OS with it’s many known vulnerabilities, but my comments were aimed at balance since Scott, a die-hard MAC user, wants to blame all internet evils on Windows. Scott will probably argue that Windows should have gotten it right in the first place, and not require patches and fixes after the fact. There is some truth to this statement, but then new versions of the OS may stay in development years longer to predict and test all modes of vulnerability. Likewise, as stated by Nick, many users (especially those with high speed internet connections) are still not running the most current Windows OS, updating with security patches or even using AV software. It seems that stopping support for older OS is not enough to induce users to upgrade. What kind of market reaction would occur if Microsoft built in a use time limits into their OS license with a requirement to upgrade or the license expires and all functionality stops after a certain date? This concept would also obsolete PC hardware that could not handle the newer OS. Good or bad, Symantec and number of high-end CAD suppliers have gone this route. It might solve the botnets issue, but create furor and revolt in the user market.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: