Asymmetrical Information

Which only goes to underscore the point that you should have anti-virus software installed on your Windows* computer with recently updated definitions, and that this software should be run regularly.

*Anti-virus software for OS X is, at the current time, a waste of money—something about there not being any viruses written for OS X right now. I'm sure the situation will change eventually, but for right now...

And if it's a friend, a quick email back to check that it's legit won't hurt anyone.

So I guess the next wave in viruses will be one that emails a reassuring followup?

Meanwhile, my e-mailbox is overflowing with that nonsense and Earthlink's spam filters aren't that effective.

Jane:
"And if it's a friend, a quick email back to check that it's legit won't hurt anyone."

PJ:
So I guess the next wave in viruses will be one that emails a reassuring followup?

Nowadays, the virus/worm generally isn't coming from the address in the 'From:' header. So it probably isn't is a position to send the followup.

Joseph Hertzlinger:
Meanwhile, my e-mailbox is overflowing with that nonsense and Earthlink's spam filters aren't that effective.

Jeez, mine too. I don't understand why they can't filter it since it's obvious at a glance (to me) which messages are bogus. There's not that many variations in the Subject and Sender, and the size is always either 143k, 155k, or 156k. I'm just hoping that I haven't lost any messages while my mailbox was over its 10M quota.

Is the current state of e-mail another case of the tragedy of the commons?

It was so cool just few short years ago, and now it's like a slimy algae infested pond.

Lots of spamming bottom feeders following their own economic interests and making everybody's life just a little bit uglier in the process.

A few (it doesn't take many) sociopathic losers trying to demonstrate to themselves they have power by screwing up strangers' computers.

I don't think I hate anyone as much as spammers. I mean it. I have raw visceral gut hatred of the people that clog up my mail box with their shit. You could dump them into vats full of ammonia and rusty razor blades and I wouldn't care.

Any libertarian solutions (beyond signing off)???

Michael Farris:
Any libertarian solutions (beyond signing off)???

So Far, So Good

(It's about a year now since A Plan for Spam. So far, filters are winning. This article analyzes the tricks spammers have tried to beat them, and offers some suggestions for the future.)

Bayesian filters are now common enough that we're starting to see spams designed specifically to get past them. So far these tricks aren't working. My filtering rate is still over 99.7%, and Brian Burton reports an astonishing 99.96% with his multi-word Bayesian SpamProbe. [snip]

In spam of the future, the sales pitch is pushed one step back. Instead of being contained in the email itself, as in an ordinary spam, it is waiting a click away on a web site.

This trend is encouraging, because it implies that filters are winning. Spam is literally retreating. (This is more than a symbolic victory; each extra step cuts response rates.)

See also
Filters That Fight Back

We may be able to improve the accuracy of Bayesian spam filters by having them follow links to see what's waiting at the other end. Richard Jowsey of death2spam now does this in borderline cases, and reports that it works well.

Why only do it in borderline cases? And why only do it once?

As I mentioned in Will Filters Kill Spam?, following all the urls in a spam would have an amusing side-effect. If popular email clients did this in order to filter spam, the spammer's servers would take a serious pounding. The more I think about this, the better an idea it seems. This isn't just amusing; it would be hard to imagine a more perfectly targeted counterattack on spammers.

Something VERY important that I've seen nobody mention here is to regulary go to Windows Update and get all the "critical updates" for your computer.

This worm that is flooding so many people (I've been getting 50 an hour for the last three days) exploits a hole in Windows that was closed by a patch released in March 2001 -- so anybody who gets infected by it hasn't updated his/her OS in TWO AND A HALF YEARS!

Frankly anyone who is that negligent deserves to get infected as a lesson -- but the rest of us don't deserve to be flooded by what they spew out.

Having a good up-to-date anti-virus program is NOT enough -- obviously, anti-virus programs can't recognize something as a threat until *after* it has been spread sufficiently to be detected and recognized, which may be too late for you. This worm got off to such a fast start because most anti-virus programs didn't recognize it until last Friday, when it was already well spread.

However, anybody who'd been to Windows Update in the last two years would be immune from this thing even if they had no anti-virus program working and opened every infected attachment that was sent to them.

Three self defense steps:
1) Anti-virus software, necessary but *not* sufficient.
2) Keep the OS updated -- protects against many infections (like this one) *before* the virus checkers do, as well as against ones the virus checkers may miss for various reasons.
3) Practice "safe hex", http://www.claymania.com/safe-hex.html
The anti-virus software or OS update hasn't been invented that will protect against "grey matter failure".

Correction:

Further study indicates that while Microsoft did indeed release a patch for the hole that this thing tries to exploit on its own, it is still possible to self-infect through the previously mentioned "grey matter failure" by actively clicking on the attachment and running it.

So my previous statement that anyone who has the patch is immune is "inoperative" (in the immortal word of Ron Ziegler). If you have the patch, do *not* click on the damn thing just to see what it looks like.

Techical advice that one gets through a blog comment section is worth every bit as much as one pays for it.

As was said the last time around,

... SoBig doesn't really exploit a specific fault in Windows. It spreads by exploiting a certain void in understanding found between the keyboard and chair.

something about there not being any viruses written for OS X right now.

Interesting - and another reason, I suppose, why Mac users are so much cooler than those of us in the PC world. "Mac: Too Intellectual for Hackers." ;-)

As Dvorak remarked some months ago, it's miraculous that virus hackers are antisocial enough to prevent any well-written bugged attachment from being circulated. It's all WINDOWS MICROSOFTE ARE SENDING YOU THIS HAKE PATCH TAKE NOW!!!!!! Or some nonsense about a "Wicked Screensaver." That cuts at least some of us out of the pool of likely victims.

Comments are Closed.