SPAM, Malware, Viruses: Wrong solution! Wrong target! Wrong thinking!

How 'bout a fresh look at the problem...

We are losing ground to the virus writers, THE MALWARE WRITERS, AND THE SPAMMERS. The reason is extremely simple - YOU are using the wrong model, shooting at the wrong target, fixated on a solution for the wrong problem.....(more?)

I just read a ZDNet piece. I found it interesting, but I think I can add a few verbs to the battle. The problem is that nobody takes the time to step-back from the "Problem" and look for real solutions.

In engineering, it is acknowledged that it is always better to stop a problem as soon as possible, and not have to fix up after it. "Fixing up" is what the current spam, malware, and virus model is focused on.

Maybe you can add your influence to a REAL solution to the spammer, malware, and virus problem (in one tight bundle). Here is my input to this issue:

Actually, ALL of the spam efforts (including the recent "canned spam" legislature AND Billy Gates' and Yahoo's money making email postage schemes) are aimed at the wrong target. It reminds me of a game that a friend delighted in playing with his dog. He would shine a laser pointer beam on the wall, and the dog would frantically try to catch it (I asked him not to torture the poor dog). The point, however, is the dog NEVER THOUGHT OF BITING THE HAND THAT WAS HOLDING THE POINTER!

You guys can try until the proverbial cold spell in Hades, and you will NEVER beat the spammers, malware writers, and virus writers. Virus writers have their own agenda, but the spammers and malware writers are just the beam on the wall. The hand that is holding the laser pointer (and paying the spammers and malware writers) are the unscrupulous advertisers who hope to get some responses to their advertisements.

DING! DING! DING! For spammers and malware, go after the advertisers! Look for embedded ISPs, mailto: and phone numbers. The spammers can change their email addresses every-minute-on-the-minute, and change their subdomains almost as quickly. Changing registered domain names takes a little longer, but they have nothing invested in those arbitrary domain names, either. ON THE OTHER HAND, the advertisers NEED to keep their return URL (don't forget to catch the mailto: and phone numbers also) until they can get a return on their advertising (spamming) expenses. In other words, use the same model to develop "spam signatures" as the virus industry does.

But after the signatures are published, here is where the virus model hits the wall!

THE SIMPLE ANSWER: Quit depending upon the dumb end-users who are trying to (or not trying to) understand the problem. Stop the problems at the input side. Consider the web as a cloud, with stuff on the inside, which works pretty well as it is. The point of failure is the "input" doorways. These are (or should be) controlled by the ISPs and by a few of the "doorway" web switching vendors. Require the ISPs and doorway portal operators to filter for and BLOCK inbound spam, viruses, and malicious packets using frequently updated "signatures."

The current model just lets the stuff fly "into" the web, and then hopes that EVERY end-user will be able to detect and throw it away, after it arrives. This is INSANITY! In the meantime, the web is melting-down, with garbage traffic, and nobody in the industry seems to be concerned with stopping it at the sources.

When you remove the profit motive from spamming, the spammers will look for other ways to exploit the internet - but our spam problems will die out to just a trickle. The same solution will also stem the flow from script-kiddies and out-of-control worm propagation, and from unsuspecting "zombie" end-user computers. A few HI TECH virus writers may slip through, but the same model, being self-correcting, will stop the spread of it, as soon as it is identified - in hours ... not months or years, as it is now

----------------------------------------------------------------------------------------------------------------

Somebody else's opinion - I agree with their pain, but not their solution.

Are Some of the Spam Cures Worse than the Disease?

We get 500 or more messages per day from WinXPNews readers. You guys are a prolific lot, and we love getting your mail. Much as we'd like to, as we've announced here many times before, there's no way we can personally answer all those messages. However, we do answer - or attempt to answer - a few messages privately each week, on a first-come, first-served basis.

Now, I only have one day per week available to devote to this, so when I send a private response, I'm off to the next one, trying to get to as many as I can. Almost every week, though, I get back at least one automated response telling me that if I want to send mail to this person, I need to go to a Web site and fill out a form to get myself put on his/her approved sender list. How annoying is that? The funny thing is, it's those people who write and say "I wrote to you about this last week and you never answered" who tend to then make it difficult for someone to answer. And they'll probably be writing again next week, wanting to know why I still haven't answered them.

Spam is a big problem for everyone and whitelisting can be an effective anti-spam tool. However, in my opinion, the solution is not to put the burden on legitimate mail senders; that's too much of a "guilty until proven innocent" philosophy.

Unfortunately, that philosophy seems to be a prevailing one when it comes to spam. Many blacklists block WinXPNews. Why? The newsletter is mass-mailed to a huge number of subscribers each week. To some folks, any mass mailing is automatically spam - even an informational newsletter. In fact, lots of anti-spam activists have advocated putting a tax on mass-mailed e-mail as a spam deterrent. Having to pay a penny or two per message might, indeed, stop some spam. It would also almost certainly mean no more free newsletters. When you have a subscriber base of a million people, a one-cent tax costs $10,000 per week.

Then there's the anti-spam legislation. Some bills have been contemplated that go so far as to make it illegal to send "unwanted" e-mail (not just mass mailings) to anyone. In essence, if you don't have a pre-existing relationship with someone, you can't send them e-mail. I'd hate to see that one become law, since most of the publications for which I write initially contacted me "out of the blue" to ask if I'd be interested in writing for them.

The problem with all of these spam "cures" is that they're worse than the disease itself. Making someone jump through hoops in order to reply to a message you sent, making newsletter publishers who are already providing a free service pay big bucks to do it, or making criminals out of people who want to start a business relationship with someone are all counter productive.

The right way to deal with spam is to install good "spam whacking" software such as iHateSpam <http://www.winxpnews.com/rd/rd.cfm?id=050301ED-iHateSpam> . The best way to reduce the amount of spam getting to user mailboxes is to implement anti-spam software at both the server and client levels. Kill the disease (spam), not the patient (e-mail communications).

What do you think? Do the pre-approved sender services annoy you, too? Should I just take the time to go fill out their forms and consequently answer fewer reader e-mails? Would you like to see a "spam tax" even if it means you'll have to pay to get informational newsletters? Let us know at feedback@winxpnews.com <mailto:feedback@winxpnews.com?Spam Curses Worse than the Disease> .

--------------------------------------------------------------------------------------------------------

Networking and Windows NT, 2000, XP, and 2003 Skills

On-site training and "Hired-Gun" consulting

My Guru's - Student Links

Will Harper, MCSE (Server 2003, W2K, XP, NT), MCSA, MCT, CCNA, CTT+, N+, A+, FOI Instructor

SPAM, Malware, Viruses: Wrong solution! Wrong target! Wrong thinking!

Somebody else's opinion - I agree with their pain, but not their solution.

Networking and Windows NT, 2000, XP, and 2003 Skills

On-site training and "Hired-Gun" consulting

My Guru's - Student Links

Chuck Hodge (http://www.charleshodge.com) "...It's a lot, but like Will Harper (one of the best instructors I've ever had) says, "I don't have a dream, I have a plan."