From: dan_oetting(_at_)qwest(_dot_)net
Subject: Re: [Asrg] How about we do something about spam?
Date: January 30, 2007 11:11:25 PM MST
To: gep2(_at_)terabites(_dot_)com
On Jan 30, 2007, at 9:07 PM, gep2(_at_)terabites(_dot_)com wrote:
[problem of botnets as spam originators]
The solution to the problem is actually AMAZINGLY simple... I know
that a lot of y'all have this fixation on IP-based solutions, but a
FAR better solution (rather than attempting to block spam AFTER the
botnets are recruited) is to block the virus/worm code-containing E-
mail messages BEFORE they infect those computers.
And that is really rather easy... you simply block any HTML or
attachments (and particularly EXECUTABLE attachments) that isn't
coming from a sender that is known and trusted by the recipient TO
SEND THEM EXECUTABLE CONTENT.
At the risk of giving the criminals more ideas, what if there is a
stealth virus that watches who you send executable attachments to and
every once in a while attaches itself to one of those emails by
infecting the application that you are already sending?
Note that MOST users (probably 98-99%) will not whitelist ANYBODY
to send them executable content in E-mails...!
From a quick survey, I would say that 90% of the participants on
this list don't even consider it a possibility that a silly windows
virus in an email attachment could infect their machine. Most of the
rest would be adequately protected. Some though may actively seek the
viruses so they can disassemble them. But then, this isn't a typical
user population.
A substantial portion of the net user population are actively
exchanging executable files. I even get the occasional executable
file from my dad forwarded through a long chain of friends. He
complains sometimes about not being able to open them at home but
forwards them to his office where they will run.
The other way that botnets are recruited are by people visiting
infectious Web sites, but that is a problem for a different list.
There are lots of other vectors for passing malicious code to
machines willing to suck it in.
But I don't believe in blocking legitimate activity to stop a few
criminals that also use that activity. If an ISP can block executable
attachments in the "hope" of preventing a users machine from getting
infected then they can just as easily unplug that users machine from
the net IF it gets infected and starts abusing the net. If an ISP
wants to be proactive they could supply anti-virus tools like a Linux
installer for their customers.
-- Dan Oetting
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg