ISP wants to stop outgoing web based spam

Barry Shein bzs at world.std.com
Thu Aug 10 21:07:22 UTC 2006



Much of this misses the point about spam.

There is spam, and there is SPAM.

spam is when some jerk sends me an ad I don't want.

SPAM is when some jerk uses sophisticated, illegal techniques to send
a few hundred million ads a day.

The most effective technique currently uses zombie spambot armies; PCs
hijacked through security flaws, upwards of a million of them at any
moment. Why?

   a) Zombie spam armies provide nearly arbitrary quantities of
      bandwidth and compute power to send out spam. Far more than
      spammers' business models could ever actually pay for.

   b) Zombie spam armies provide address mobility. You can't block
      them like you might block a legitimate site you find obnoxious.
      It's whack-a-mole at near light speed in a Hilbert space.

The vector for these has been almost purely Microsoft Windows.

People can rationalize all they want about Windows being more common
or how in theory other OS's could also be hijacked but the simpler
explanation is that there have been horrible flaws in Windows,
including yesterday's high-prio security alert amplified by DHS
(MS06-40).

It's Windows. MS make tons of money off of spam. They make tons of
money off of spam by not fixing their OS except at their own pace and
as it fits their marketing goals to not interfere with profitable
software applications which may require flaws in their OS to operate,
or to operate more profitably. Their near-monopoly means no one can
effectively put any pressure on them to get their act together.

The best example of that is how they led every primary Windows user to
always have admin ("root") privileges on by default which meant that
any trick which could get any random user to run a little code could
do anything, overwrite any system file, install software, whatever,
without any warning or protest.

This allowed the installation of software, patches, updates, spyware
type programs, etc to go more smoothly and thus more profitably, more
friction-free as they say in marketing. No nasty secondary passwords
or scary messages like "What you are trying to do requires
administrative privileges [warning text], would you like to enable
them now? [OK] [CANCEL]"

Let's call a spade a spade.

We're not being firehosed by Mac OS machines. We're not being
firehosed by Linux/FreeBSD/Solaris or other Unix variations. Etc.

And it's not simply explained away by the numbers. There may be less,
but there are still millions of those machines on the net.

And to the best of my knowledge not a single one of them is part of a
zombie spam army.

I realize people react emotionally to the seeming one-sided blame this
implies and feel they make the universe more fair and liveable by
rationalizing some spreading of the blame no matter how nonsensical
and ungrounded in reality.

I realize some people make their living using Microsoft software and
these harsh realities make them feel bad and make them want to soften
the blow with argumentative responses. Cut yourself some slack, YOU
didn't write Windows.

But you know who agrees with me? MICROSOFT!

Why? Look at the dozens of patches they try to put out weekly to close
these holes!

Look at the changes, such as moving away from ``every user has admin
privs'' in recent and future releases of their OS.

That's the problem. It's being worked on, perhaps too slowly to save
the patient (e.g., not see the destruction of email), maybe too kid
gloved with their vendors and bottom line (at the cost of ISPs et al),
but let's not deny a problem that not even Microsoft denies.

Plug up the major security flaws, float Windows on a Linux kernel or
something (Apple did it on a FreeBSD kernel), and the problem will by
and large whither and die as a major problem.

Zombie spam armies running on compromised Windows systems are the
spammers stock in trade. Everything else is trying to deal with the
cause by treating the symptoms.

-- 
        -Barry Shein

The World              | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Login: Nationwide
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*



More information about the NANOG mailing list