ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] Maybe Senator Hatch had the right idea

2004-12-28 18:06:17
from [Walter Dnes] [Permanent Link] 
On Mon, Dec 27, 2004 at 10:46:20PM -0500, Barry Shein wrote


I did say in that note or another on the same thread that detecting
viral activity and fixing infected PCs has to become simpler and more
automatic (YOU'RE SENDING A LOT OF EMAIL -- YOU'RE PROBABLY INFECTED
-- THIS COULD COST YOU $3.47 -- CLICK [HERE] TO
FIX...bzzzbzzzbzzbzzz...THANK YOU YOU'RE CLEAN HAVE A NICE DAY.)

We're talking about near and likely futures.


  We're already at that future where, even without the user having to
"CLICK [HERE]" they're getting infected merely by viewing rougue
websites.  And if your idea came true, can you imagine the field-day
that phishers would have with it?
  "Dear Customer;
  our records ees indicatink that you computer ees sendink out 10,000
emails per hour.  Please goink to our outsourced virus cleanink site at
http://www.bad.example.ru/doink_it_to_me.html and clickink 'Yes'"


It doesn't seem helpful to drag out projections based on the behavior
of owners of 486/50's running Windows 3.1.


  Don't laugh, those people are almost totally safe.  KLEZ and SirCam
auto-execution capacity wasn't introduced until Windows95.


I'm talking more about people in some near future, you know, when all
this charging is deployed, who continue to resist upgrading their
computers etc. because they're too cheap or whatever reason. Ok,
they'll get infected, they'll incur nag charges, their choice.


  Note that the main problem today is that so many people don't know
and/or don't care that their home computer is cranking out spam like
crazy when it's idle.  Trojans are deliberately coded to be "under the
radar" so that people don't notice them and have them removed.  What
needs to happen is for accessories to criminal activity to feel some
pain, and to have a really big incentive to see to it that their
machines aren't compromised.

  American Senator Orrin Hatch advocated legalizing vigilante action by
copyright holders, up to and including computer-breakins and deletion of
files on computers illegally holding copyrighted material.  Maybe what
we need is destructive virus/worms to be released by some government.
I'm talking wiping data, low-levelling the hard-drive, and flashing the
BIOS full of garbage, to the point where a machine won't even boot from
a floppy without expenditure of several hundred dollars.  The insecure
machines, which likely are cranking out tons of spam, will be taken out.
Machines that are unaffected by the virus/worms will most likely not
have been compromised by spammers either.  I realize this proposal is
radical, but I consider it similar to amputating a gangrenous limb in
order to save your life.

  Unlike the email-postage ideas, this doesn't require a new public
infrastructure that everybody has to agree to join.  The only major
infrastructure requirements might be new landfill sites to handle all
those dead computers.

-- 
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
An infinite number of monkeys pounding away on keyboards will
eventually produce a report showing that Windows is more secure,
and has a lower TCO, than linux.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Spam, defined, and permissions, Barry Shein
Next by Date:  RE: [Asrg] Call for contributors to develop `pay per fraudulantmessage` I-D, code, Paul Lambert
Previous by Thread:  Re: [Asrg] Spam, defined, and permissions, Laird Breyer
Next by Thread:  Re: [Asrg] Spam, defined, and permissions, gep2
Indexes:  [Date] [Thread] [Top] [All Lists]