On Jun 01 2005, william(at)elan.net wrote:
If all malware messages were sent only from people on which computer
the malware is installed to the people on their whitelist, this would
greatly improve the odds that such malware would be noticed and removed
reasonably fast since people who enjoy letting rats run wild in their
house for long rarely have friends they can communicate with and invite
to their home [i.e. their friends would remove the address from their
whitelist as they would no longer wish to communicate with such person]
and would also face problems with pest-control agency [i.e. some global
blocklist] and would get ticketed [warning from ISP] and ultimately house
is condemned [i.e. account disconnected by ISP].
I think that oversimplifies the problem somewhat. Different people and
organizations have a wide range of behaviours and a wide range of
individual tolerances. Overall, it's safe to say that some people will
act immediately against infected people on their whitelist, others
won't or might not realize what to do or how.
So any one infected computer will be cleaned up after sending spam
only with some probability.
In that sort of scenario, whether an infection can spread becomes a
percolation problem. Such problems are notoriously difficult to
analyse, but one can generally expect that if the cleanup probabilities
are high enough, then spread is blocked, while if they are low enough,
spread is not hindered. And this argument goes for a scenario where
all malware are sent exclusively by infected computers. Extra
vectors should likely help.
--
Laird Breyer.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg