Bugtraq mailing list archives

Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling]

From: "James A. Thornton" <jamest () u-238 infinite1der org>
Date: Tue, 3 Feb 2004 18:07:45 -0500 (EST)



On Tue, 3 Feb 2004, Gadi Evron wrote:

3. I think we look at the whole problem in the wrong way, allow me to
elaborate:

The AV industry is built on reaction rather than prevention. Adding
new signatures is still the #1 tool in the fight against malware.

With spam and mass mailers clogging the tubes, causing us all to waste
money on bigger tubes, as well as our time dealing with the annoyance
(more money), shouldn't the problem be solved there (at the main tubes
themselves) rather than at the end user's desktop?

If backbones filtered the top-10 current outbreaks, with non-intrusive
means such as for example running MD5 checksum checks against
attachments, or whatever other way - wouldn't it be better? True, it
may cause a cry of "the government spies on us, but with the current
economic troubles outbreaks cause, can we really use that excuse
anymore? Doesn't the police regulate speeding?


Filtering at the backbone level is contraditory to 3.3, as the provider
would have already sent the data out their Global ( or even National )
Peer so they're already paying for the increased data on the pipes. Also,
the feat of filtering every packet, MD5'ing it, and dropping it would be
an engineering marvel. (De-capsulation and re-encapsulation alone would
require vasts amounts of processing power for that much data. ) Not to
mention the end user resubmitting his request once he realizes that the
recipient never got the message the first time.


If I were to take the conspiratorial side, perhaps backbones like it
when people pay for tubes they don't need, which are used to deliver
90% junk.

Nobody wants to deal with "you are reading my mail!" or with "sorry,
now people will pay for smaller tubes", perhaps even at the ISP level
- "why should I pay for more filtering when it isn't demanded of me?".

They are right, it isn't currently demanded of them.

I would like to refer you to SpamCop (when it comes to spam) or
MessageLabs (for malware), it works. But you need to pay to get (most
of) their services.


There ARE ISP/provider level AV/Filtering products out that alleviate most
of the sources of unwanted incoming and outgoing mail traffic. Of course,
purchasing and implementation is up to the provider...

_____________________________________________________________________   
James A. Thornton     UNIX System Administrator     Atlanta, GA

GnuPG fingerprint: 5A4E FF38 F255 78D2 EABC  63A5 6248 FBAB 293F EC0A

Current thread:

Re: RFC: virus handling 3APA3A (Feb 02)
- getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Gadi Evron (Feb 03)
  - Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] James A. Thornton (Feb 04)
  - Re: getting rid of outbreaks and spam (junk) James Riden (Feb 04)
  - Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] der Mouse (Feb 05)
  - Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Georg Schwarz (Feb 06)
- <Possible follow-ups>
- Re: RFC: virus handling Sascha Wilde (Feb 02)
- Re: RFC: virus handling Pavel Levshin (Feb 02)
  - Re: RFC: virus handling David F. Skoll (Feb 03)
- Re: RFC: virus handling Jeremy Mates (Feb 02)
  - Hysterical first technical alert from US-CERT Larry Seltzer (Feb 03)
    - Re: Hysterical first technical alert from US-CERT Valdis . Kletnieks (Feb 04)
    - RE: Hysterical first technical alert from US-CERT Larry Seltzer (Feb 05)

(Thread continues...)