On June 22, 2003 at 22:10 research(_at_)solidmatrix(_dot_)com (Yakov
Shafranovich) wrote:
Now, would it be possible to scan similarly for systems infected with
Jeem or one of the other spammer slave bugs?
This is something that Dshield.org is already doing - people are submitting
their firewall logs, and when enough evidence accumulates that an infested
computer is present, his ISP is informed.
Anyhow, this all starts with whether it's possible to write a piece of
software which begins to scan the net for infected systems? I don't
know enough about these specific viruses right now to answer that
question: Do they use hard to guess passwords? Do they give failure
indications on use of a bad passwd which identifies the infection, or
listen on a specific port, etc?
I do not know if such scanner is possible since its behavior maybe be
though off as malicious since it will be using and scanning the same ports
that viruses are.
[I chopped the above a little to try to get to the meat]
I thought you said above that Dshield.org is already doing something
like this? Or did I misunderstand?
Maybe we should also issue an RFC that simply says that the days of
computer, including personal and desktop computer, operating systems
being vulnerable to viruses (within some problem definition) should
have been over years ago via widely distributed and well-known
techniques utilized in highly successful and comparable operating
systems software.
As such, any operating system which does not meet a minimum standard
of being viral resistant (obviously some detail is needed here) and is
connected to the internet is non-conformant to RFC XYZZY or however
that's usually worded and is a potential hazard to the net at large.
[..]
And do we seriously think that Microsoft would care about some RFC? When
1. Is the criteria now that we should only propose work-product
(e.g., an RFC) which Microsoft approves or is likely to adhere
to?
2. Are there any other companies we should consider or only
Microsoft?
3. Or is the criteria you are now proposing that all companies (it
might affect) must be willing to adopt any work-product of this
group? So arguing (you don't really know what MS will do, do
you?) that just one company (in this case MS) might not adopt it
is grounds for rejection?
was the last time Microsoft cared about an Internet standard when its not
in their interest? Take the HTML example and the various related
1. How do you know what is in Microsoft's interest? Do you speak
for Microsoft?
2. Assuming you are correct, and you may well be, should we not
pursue the truth even if it's not entirely in Microsoft's
pecuniary interests?
3. Do any significant purchasers of MS (industry, govt) issue RFPs
which indicate that compliance with various RFCs form a minimum
criteria for a vendor to be considered?
discussions as to changing the default MUA behavior as per HTML. What might
actually force Microsoft to make their OS more secure is increased
competition from Linux and other Unixes.
Well, I don't know that I plan to "force" MS to do anything, in
particular via ASRG.
However, if it is true that a major source of spam is the exploitation
of viruses infecting vulnerable operating systems then it seems we
could, as a work-product, state that truth officially.
Even if it isn't in the best possible interest of Microsoft (something
which remains to be shown.)
If it's true that this group is to be bounded by Microsoft's pecuniary
interests, as you claim, then I think we have a real problem.
When did the IETF become a subsidiary of Microsoft?
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg