----- Original Message -----
From: "Keith Moore" <moore(_at_)cs(_dot_)utk(_dot_)edu>
To: "Paul Smith" <paul(_at_)pscs(_dot_)co(_dot_)uk>
Cc: <moore(_at_)cs(_dot_)utk(_dot_)edu>; <ietf-smtp(_at_)imc(_dot_)org>
Sent: Monday, June 20, 2005 11:16 AM
Subject: Re: request discussion of two documents on SMTP relaying
You're missing important point. The reason lots of spam is coming from
windows has a lot more to do with fundamental design flows in the OS
that let to it be vulnerable to various forms of compromises and
takeover.
Not really. It's that people use it who aren't security aware, and it's
a
popular OS, so it's targetted by attackers.
The users are indeed part of the intertia that keep Windows insecure.
But are they the reason for the SMTP exploits?
Lets assumed the MS world was perfect and it didn't have all the security
issues, would this eliminate or cut into the 60-80% of all malicious
transactions that begin with 100% exploitation of the SMTP weak points?
I think today, we understand that a compromised machine presents a different
set of issues that may not be related to Email authorization/authentication
R&D.
Anyway, I don't think Windows insecurity issues are not related to the SMTP
problem that exist for all platforms.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com