[Top] [All Lists]

Re: request discussion of two documents on SMTP relaying

2005-06-20 08:17:04

You're missing important point. The reason lots of spam is coming from
windows has a lot more to do with fundamental design flows in the OS
that let to it be vulnerable to various forms of compromises and takeover.

Not really. It's that people use it who aren't security aware, and it's a 
popular OS, so it's targetted by attackers.

The users are indeed part of the intertia that keep Windows insecure.
So are the people who write code for Windows boxes who ask users to do
things to make their computers less secure.   But MS has also
contributed to this problem by (for many years) deliberately making
their mail readers and web browsers less secure than permitted by the
MIME specification, by encouraging users to operate their systems in a 
less-secure-than-necessary manner by giving them inflexible security
settings in email readers and browsers, by making various choices to
favor insecurity in their operating system on the belief that it would
increase their market share, and (until recently) by failing to
carefully examine all of their servers and applications with an eye to

In a nutshell: MS started off with an insecure OS (DOS), then added TCP
support in Windows 95 without doing anything to make the system more
secure against attack from the network, then started shipping mail
readers and web browsers that violated the MIME specification's
security rules, while meanwhile providing more and more insecure
network servers, some of which were enabled by default.  By the time
they started to realize the error of their ways, the tremendous inertia
of the installed base - which includes not only the large number of old
versions of software being run but also the expectations of users and
code developers -have made it difficult to change things.

Of course, some of these mistakes were also made by other OS vendors.
But MS's huge installed base (resulting in part from various illegal
efforts to maintain their monopoly) has meant that any mistakes made by
MS were amplified.  That, and whereas the UNIX community got agressive
about trying to find bugs in server software after the Morris worm
alerted the UNIX community to the problems associated with network
attack, MS kept their heads in the sand about it for another ten or so


<Prev in Thread] Current Thread [Next in Thread>