[Top] [All Lists]

Re: request discussion of two documents on SMTP relaying

2005-06-20 03:10:11

At 21:51 18/06/2005, you wrote:

On Sat, 18 Jun 2005, Paul Smith wrote:

On Sat, 18 Jun 2005 17:55:25 +0100, Keith Moore 
<moore(_at_)cs(_dot_)utk(_dot_)edu> wrote:
I'd even go so far as to say we're going to continue to have massive amounts of spam as long as Windows is the dominant PC operating system.

I'm sorry, but that's just ridiculous. The only link between Windows and
spam is that lots of people have Windows, and it's relatively easy to use,

You're missing important point. The reason lots of spam is coming from
windows has a lot more to do with fundamental design flows in the OS
that let to it be vulnerable to various forms of compromises and takeover.

Not really. It's that people use it who aren't security aware, and it's a popular OS, so it's targetted by attackers.

There are security vulnerabilities in Macs, Linux etc as well. They're just less popular OSes so they're less targetted by attackers.

There's nothing stopping anyone writing a trojan for Linux which will act just the same as many trojans for Windows - eg mass mailers that spread themselves as email worms and then allow the PCs to be used for mailing out spam. But, no one bothers, because (a) there are less Linux PCs out there, and (b) Linux users tend to be more security aware than Windows users, so an attack like this is less likely to work.

If you say 'ban Windows, it's insecure', you'll just move the problem over to a different platform. The security issues will tend towards the platform where the least security aware people are. At the moment this is Windows - but this isn't necessarily because it's that insecure than the other platforms, just that the USERS are more "insecure". If you could force all the Windows users to use Linux, for instance, you'd most likely find that Linux would then be seen as the 'insecure' platform (eg a large number of users would run Linux as 'root' with a password 'of 'password' or '12345' etc). This isn't a problem caused by the OS, but by the users that use it.

If what you said was right then proportions of non-spammer use of
windows vs linux would be the same or clos to te spammer use.

Not really - see my argument above. *Currently* most Linux users are security aware, and most Windows users aren't, so attackers will target Windows PCs. If you're going to write an email worm/trojan, you'd obviously prefer to write one which could attack 1 billion PCs where only 50% of them will have working security protection, rather than one which could attack 100,000 PCs where 95% of them are protected. (The numbers are totally made up just as an example, but you get my point).

Paul                            VPOP3 - Internet Email Server/Gateway

<Prev in Thread] Current Thread [Next in Thread>