Bugtraq mailing list archives
Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling]
From: "James A. Thornton" <jamest () u-238 infinite1der org>
Date: Tue, 3 Feb 2004 18:07:45 -0500 (EST)
On Tue, 3 Feb 2004, Gadi Evron wrote:
3. I think we look at the whole problem in the wrong way, allow me to elaborate: The AV industry is built on reaction rather than prevention. Adding new signatures is still the #1 tool in the fight against malware. With spam and mass mailers clogging the tubes, causing us all to waste money on bigger tubes, as well as our time dealing with the annoyance (more money), shouldn't the problem be solved there (at the main tubes themselves) rather than at the end user's desktop? If backbones filtered the top-10 current outbreaks, with non-intrusive means such as for example running MD5 checksum checks against attachments, or whatever other way - wouldn't it be better? True, it may cause a cry of "the government spies on us, but with the current economic troubles outbreaks cause, can we really use that excuse anymore? Doesn't the police regulate speeding?
Filtering at the backbone level is contraditory to 3.3, as the provider would have already sent the data out their Global ( or even National ) Peer so they're already paying for the increased data on the pipes. Also, the feat of filtering every packet, MD5'ing it, and dropping it would be an engineering marvel. (De-capsulation and re-encapsulation alone would require vasts amounts of processing power for that much data. ) Not to mention the end user resubmitting his request once he realizes that the recipient never got the message the first time.
If I were to take the conspiratorial side, perhaps backbones like it when people pay for tubes they don't need, which are used to deliver 90% junk. Nobody wants to deal with "you are reading my mail!" or with "sorry, now people will pay for smaller tubes", perhaps even at the ISP level - "why should I pay for more filtering when it isn't demanded of me?". They are right, it isn't currently demanded of them. I would like to refer you to SpamCop (when it comes to spam) or MessageLabs (for malware), it works. But you need to pay to get (most of) their services.
There ARE ISP/provider level AV/Filtering products out that alleviate most of the sources of unwanted incoming and outgoing mail traffic. Of course, purchasing and implementation is up to the provider... _____________________________________________________________________ James A. Thornton UNIX System Administrator Atlanta, GA GnuPG fingerprint: 5A4E FF38 F255 78D2 EABC 63A5 6248 FBAB 293F EC0A
Current thread:
- Re: RFC: virus handling 3APA3A (Feb 02)
- getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Gadi Evron (Feb 03)
- Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] James A. Thornton (Feb 04)
- Re: getting rid of outbreaks and spam (junk) James Riden (Feb 04)
- Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] der Mouse (Feb 05)
- Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Georg Schwarz (Feb 06)
- <Possible follow-ups>
- Re: RFC: virus handling Sascha Wilde (Feb 02)
- Re: RFC: virus handling Pavel Levshin (Feb 02)
- Re: RFC: virus handling David F. Skoll (Feb 03)
- Re: RFC: virus handling Jeremy Mates (Feb 02)
- Hysterical first technical alert from US-CERT Larry Seltzer (Feb 03)
- Re: Hysterical first technical alert from US-CERT Valdis . Kletnieks (Feb 04)
- RE: Hysterical first technical alert from US-CERT Larry Seltzer (Feb 05)
- Hysterical first technical alert from US-CERT Larry Seltzer (Feb 03)
- getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Gadi Evron (Feb 03)