[geeks] Odd uptick in spam...

Mike Meredith very at zonky.org
Fri Sep 7 08:52:10 CDT 2007


On Fri, 7 Sep 2007 15:58:07 +0300, Geoffrey S. Mendelson wrote:
> On Fri, Sep 07, 2007 at 07:34:39AM -0500, Jonathan C. Patschke wrote:
> > "not much we can do about it"?  How about someone convinces a judge
> > somewhere to prevent Microsoft from selling their bug-ridden garbage
> > until they make it fit to see the light of day?
> 
> I'm not sure that any other operating system would be better. While
> *NIX derived or look-alike operating systems are more secure, if
> about 85% of the computers ran one of them, there would be an
> enourmous effort to break it.

The counter to that argument is that Unix *has* been attacked, found
wanting and fixed. No doubt there are new vulnerabilities to be found
if the 85% suddenly started running Unix (or Linux) but I doubt it
would be as bad as Windows.

However, the Storm worm is a social engineering attack, so
fundamentally the problem is at the 'meat layer' rather than the
operating system. Whilst the Storm worm uses Windows vulnerabilities to
try and hide itself, it's actions aren't anything that couldn't be
emulated with an unprivileged account under Linux or MacOSX.

Time to start punishing the 'meat layer' for being stupid enough to
allow their machines to get compromised. I don't know of any ISPs who
do it, but many Universities quite commonly detect and quarantine
infected resnet users (and work's connectivity provider will detect and
warn us of flows that look like infected machines that we don't detect
ourselves).

Sure ISPs have millions of customers rather than tens of thousands of
users, but this can be pretty much automated ... look at netreg/Epidemic
for a start.

-- 
Mike Meredith (http://zonky.org/)
 By the way, you DON'T want to see what a meat layer buffer overrun
 looks like.... (mjr on fw-wiz)



More information about the geeks mailing list