Is there anything that actually gets users to fix their computers?
Kee Hinckley
nazgul at somewhere.com
Sun Oct 5 04:57:31 UTC 2003
At 2:11 AM +0000 10/5/03, Suresh Ramasubramanian wrote:
>For more fun, consider that you are postmaster at somewhere.com, and get those
It's the anti-virus ones that drive me nuts. "Someone in your domain
sent us a virus which always forges the from line, but we're going to
tell you anyway because we'd like you to buy our software..."
>Reply to that and you will, as likely as not, get your reply sent back to you
>and your upstreams as a spam complaint.
When I moved somewhere.com to a new ISP, the very first thing I did
was contact the abuse desk there and warn them what to expect. That
was helpful when Universal Studios tried to come after me because
someone at somewhere.com (literally :-) had posted a stolen movie on
usenet. (Only one?)
>on that cc list for the same reason that you are - Outlook Express being set
>up to add all people that you reply to, to your address book.
> > been told right and left not to open mail from strangers (a
>> completely bogus concept, given that viruses tend to come from
>> friends). What I found was that they take that quite literally.
>
>Say what? I have received virii from people I don't know from Adam, from
>countries where I don't know anyone at all.
Those of us who post widely get that. But your average "just use
email to talk to friends and family" is more likely to get it from
friends--unless of course they forwarded a joke to everyone in their
address book, who forwarded it....
> > They either need to be contacted out of band, or their email software
>> needs to support a secure channel of communications that they can
>> really trust.
>
>Hotmail, for example, clearly marks mail from hotmail staff (service
>announcements etc) with a different colored text in the inbox ... I guess if
>you control the client your user uses (using a custom built web interface is
>one way, a customized browser / mail client is another way) ...
>
>But other than that, you could well ask for the moon.
Bringing this back to the more relevant topic. Is there something
that ISPs could do to notify users and get in their face more without
shutting off their connection? Perhaps a custom piece of
notification software that only took signed messages, and made some
attempt to keep its bits secure? Unfortunately I don't see much way
to keep it from being subverted without OS support. If it became
common enough, then the virus writers would just simulate messages
from it and disable the real one.
--
Kee Hinckley
http://www.messagefire.com/ Next Generation Spam Defense
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
More information about the NANOG
mailing list