-----Original Message-----
From: asrg-bounces(_at_)ietf(_dot_)org
[mailto:asrg-bounces(_at_)ietf(_dot_)org] On
Behalf Of gep2(_at_)terabites(_dot_)com
The problem with such "reputation" approaches is that they
cut both ways. Aunt
Gertrude (presumably) HAD a good reputation, BEFORE her
system got infected with
a virus (in fact, spammers and worm authors probably COUNT on
the fact that the
system they're infecting HAD a good reputation; that's part
of what enables
them to wreak the havoc they do).
OK, there is more than one problem to solve. But we have to start somewhere.
How do viruses spread in the first place? Mostly through spam. So there is a
value in breaking the cycle. If you need a botnet to acquire a botnet then
the problem is limited to the existing botnets and new entrants are
excluded.
The fact that it IS infected today (and sending copies of
itself like mad, and
she maybe doesn't even know yet) doesn't make her LEGITIMATE mail she
occasionally is still sending out less legitimate or important.
OK HOW is it sending the spams out? Only way that is going to work is to
relay through the ISP so that the spams can take account of the ISP
reputation. It is not difficult to implement rate limiting at the ISP level.
Antivirus programs generally only trigger on KNOWN exploits
and KNOWN code; so
ALL viruses and worms are at their most virulent and most
dangerous BEFORE
they're detected by ANY of the flock of A-V programs out
there (not even talking
That is not our enerprise config, all executable content is blocked. There
is a small window of vulnerability due to bugs swuch as the JPEG bug but
these are easily fixed through SMS patch updates.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg