[Top] [All Lists]

Windows security (was Re: request discussion of two documents on SMTP relaying)

2005-06-18 14:01:48

On Sat, 18 Jun 2005 17:55:25 +0100, Keith Moore 
<moore(_at_)cs(_dot_)utk(_dot_)edu> wrote:

I'd even go so far as to say we're going to continue to have massive amounts of spam as long as Windows is the dominant PC operating system.

I'm sorry, but that's just ridiculous. The only link between Windows and
spam is that lots of people have Windows, and it's relatively easy to use,
so lots of spammers use it.

Well, Windows does have a well-deserved reputation for being easy to break into, and a lot of spam these days comes from compromised Windows hosts. Much of this reputation results from deliberate decisions on the part of MS to violate the MIME specifications - in particular, to allow the sender of a message to effectively be able to specify what application will be used to run a message (by specifying the filename extension) and to allow untrustworthy content to be presented (by running that application) rather than simply offering to save the content to a file. Maybe they've fixed this by now. I wouldn't know because I stopped using Windows several years ago.

In addition, Windows has some fairly deep assumptions about what a program ought to be able to do with (to?) a computer that make it less secure than other OSes. So yes, IMHO there are limitations to the security of Windows that are not shared by all other OSes, and the only way to fix that problem is for Windows to drastically break compatibility with previous versions of Windows.

So while there might be a bit of exaggeration to my statement, in the sense that it's possible to make an OS that's called "Windows" that is as secure as any other OS (as long as you don't care to make it terribly backward compatible), I think it's as correct as any one-sentence generalization about spam can be.


<Prev in Thread] Current Thread [Next in Thread>