[Sussex] Some more thoughts on the Microsoft/Novel deal

Sun Nov 19 17:53:57 UTC 2006

Steven Dobson wrote:
> Hi Desmond
>   

>> The problem is that as the cost of memory came down he did nothing to 
>> improve the security of the system and, in consequence we all have to 
>> suffer the consequences, many many spam.
>> Sensibly, the crude O/S would have been replaced (long ago) by a much 
>> better system in phase with the developing technology and then we would 
>> not now be having all this spam.
>>     
>
> I disagree here.  Better systems were available - think Unix, think
> OS/2.
>
> The masses don't want security.  XP-SP2 turned on a firewall by default.
> How many just turned it straight off again?
>   
Spam is a very distinct problem. The many thousands, even millions, of 
zombied Windows machines worldwide are a serious problem for spam and 
other security efforts. But until and unless the effectiveness of spam 
is outweighed by the cost of it, it will exist. I highly recommend the 
proceeds of the MIT spam conference, at http://spamconference.org/. The 
unsecured Windows home machines are a contributing factor, just as 
wastepaper is a contributing factor to garbage collection. But it's only 
one factor.


>> Unfortunately as all the providers are withdrawing support for 
>> anti-virus and firewall in line with MS ceasing support the whole 
>> problem is compounded. Just how many million Win98 machines will remain 
>> on the internet? The spammers will now find it even easier to take them 
>> over as bots.
>>     
>
> If anti-virus & firewall providers are dropping support of Win98 then it
> is because they are not seeing a return on investment.  You don't
> shutdown a profitable line just because the product is no longer
> available.  How long to Ford & Vaxhall produce spares for models that
> you can no longer buy?
>   
good point, bad analogy. The spare parts market for used or antique cars 
is pretty lucrative.


> The last botted machine I saw was an XP laptop.  It had been botted
> because the user had installed software from a site he should never have
> visited in the first place.  Users are not prepared to take the actions
> they need to take to secure their own systems.
>   
Amen. I've unfortunately seen corporate Linux servers rootkitted as 
well, although it's never been as widespread as the dozens of botted 
laptops I tend to find among sales staff who've never bothered to 
purchase anti-virus tools or permit me to update it when they bring it 
in because "it's not acting right".

>> So, it is important that users are offered at minimal cost a friendly 
>> Linux distro because until that happens spam will remain a constant 
>> feature of our lives.
>>     
>
> No, I disagree.  We need to change habits and that is much, much harder
> than changing an OS.
>
> Steve
It's an economic problem. There is almost no penalty for spamming, 
phishing, email worming, etc. The very few convictions, in any country, 
don't begin to discourage the thousands of spammers who enjoy quite a 
lot of immunity from pursuit and prosecution because the laws are 
non-existent or unclear, and their own ISP's can't be bothered to log 
the traffic or help kick them off. And blocking spam can cost you 
customers! Blocking port 25 outgoing from dialup or broadband services 
angers a lot of loudly complaining technical people, but really helps 
block a lot of email worm and spam traffic.