At 07:33 PM 6/20/2003 -0400, Barry Shein wrote:
On June 20, 2003 at 18:10 research(_at_)solidmatrix(_dot_)com (Yakov
Shafranovich) wrote:
> So your bottom line is that the spam problem is based on "how spammers
> amplify their distribution channels while keeping costs nearly at zero."
I propose that if that is removed (or seriously diminished) the
problem will become mostly inconsequential and can then be dealt with
more in the manner of "consenting communications" via various methods,
mostly MUA, routinely mentioned here.
[..]
Let's start easy.
We've seen various blacklists. I consider them a mostly bad idea,
perhaps of some use to individuals, but it's something we should all
be familiar with.
Some of the more notorious black lists actively scanned the net with
software for systems which fit their notion of "open relays" and would
add these to the net as a hazard.
Now, would it be possible to scan similarly for systems infected with
Jeem or one of the other spammer slave bugs?
What would we do with that information?
That's probably not necessary to answer, unless someone doubts
anything good could be done. But, for example, inform the owner, an
ISP might quarantine or mail rate-limit a known infected computer
until it's fixed, block it entirely (from mail, from everything), etc.
This is something that Dshield.org is already doing - people are submitting
their firewall logs, and when enough evidence accumulates that an infested
computer is present, his ISP is informed.
Also, could these viruses be used as honeypots to gather information
about who is using them for both evidence and to just get those perps
shut down and/or blocked?
Anyhow, this all starts with whether it's possible to write a piece of
software which begins to scan the net for infected systems? I don't
know enough about these specific viruses right now to answer that
question: Do they use hard to guess passwords? Do they give failure
indications on use of a bad passwd which identifies the infection, or
listen on a specific port, etc?
I do not know if such scanner is possible since its behavior maybe be
though off as malicious since it will be using and scanning the same ports
that viruses are.
Maybe we should also issue an RFC that simply says that the days of
computer, including personal and desktop computer, operating systems
being vulnerable to viruses (within some problem definition) should
have been over years ago via widely distributed and well-known
techniques utilized in highly successful and comparable operating
systems software.
As such, any operating system which does not meet a minimum standard
of being viral resistant (obviously some detail is needed here) and is
connected to the internet is non-conformant to RFC XYZZY or however
that's usually worded and is a potential hazard to the net at large.
[..]
And do we seriously think that Microsoft would care about some RFC? When
was the last time Microsoft cared about an Internet standard when its not
in their interest? Take the HTML example and the various related
discussions as to changing the default MUA behavior as per HTML. What might
actually force Microsoft to make their OS more secure is increased
competition from Linux and other Unixes.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg