On Sun, Feb 09, 2003 at 06:41:23PM -0500, Chip Old wrote: > On Sun, 9 Feb 2003 11:43 -0500, Alan Brown wrote: > <abusive message snipped> > Unfortunately an increasing number of people are doing that, both for worm > e-mail and spam e-mail. Even worse the practice has actually been > recommended in various PopTech media. It's incredibly stupid because the > sender address on virtually all spam and most current worms is forged.
This discussion is confusing spam and viruses which are two seperate issues. Spam: The laws on spamming, or the selling of huge "authenticated" mailing lists, are nowhere stringent enough. It should be made a serious criminal offence since it amounts to theft. I also have the same view on cold-calling from companies who find my name in a phone book and try to sell me something I do not want, that is theft of my time. The forging of email addresses should be treated as fraud as well. On this subject however Spam is a great annoyance but will not usually damage anything except your temper. There are many good spam-trap programs available. If a spammer uses an open-relay that he has discovered then not only is he negligent but so is the person running it. If that person knows enough to set his system up for mail relaying then he has no excuse for not knowing how to prevent open relaying. Viruses etc: These are completely different. These are at the least meant to cause inconvenience and at worst serious, possibly even very dangerous damage. 99% of the blame for these diseases comes from one single company, Microsoft. How they have gotten away with selling software that is so easy to misuse, so easy to break and so easy to allow the spreading of virii is amazing to me. Since they have made so little effort to seriously review their programs on this level, and with the effective monopoly and criminal malpractices they have been invoved in, they should at least be forced to provide gratis a virus checker that will be auto-updated without any charge. On the question of what to do with viruses you are making the false assumption that every virus you may receive has originated directly from it's author or his cohorts. After that viruses are spread by people who have no evil intentions, but may be termed illiterate on the subject. They send some cool attachment or program they got to their friends, who spread it to their friends etc etc. This negligence, of not even running basic virus checking also beggars belief considering the publicity it is given. This is how viruses spread as well. Not just from the criminal mind that wrote it, but a lot of innocents on the way. So what do you do ? If you discard the message silently without reaction, that is fine if it is from a genuine miscreant. What if it is from an innocent, who may go on spreading it without knowing he is doing so. Would it not be a good idea to let him know ? I don't know the solution to this except I believe the place to halt viruses is at the ISP level. I can see no other place that coud be more effective...what action they then take is ... well.. you tell me. The second thing is to encourage the use of verifiable digital signatures perhaps. Whatever. To characterise an information email to someone about a virus in an email that appeared to be from them, but was not, is quite possibly a price, among the many others, that has to be paid for being on the Internet...until it is stamped on and governments take it seriously. To threaten someone that they will be accused of mail-bombing, threatening them with legal action for which there is no applicable law (sending of informational messages about viruses) is merely pathetic. Until this problem is solved by any or all of the various measures mentioned then people will just have to accept that they may get false reports of them apparently sending viruses. With some effort put into header and body checking of the mail you receive you should be able to get a pretty good idea of what these reports look like, and discard them automatically...I mean it is no different from the checks that Spam blockers use, just different, highly structured messages. I think this is a subject to which there is no answer that will make everyone happy. But if there is going to be a debate about it, although I am not so sure this is the right place to have it, both sides of it need to be seen. As a last thought the abolishing of webmail might be a good start ... :) > At the least, replying generates large numbers of bounced messages. At > worst, it floods innocents' mailboxes with messages having nothing to do > with them. In either case it creates a lot of unnecessary traffic. It's > a really stupid thing to do! > It may be stupid, but as I have pointed out some people may think it is sensible. While I think about it I have disabled my virus checker from sending messages to the sender or "apparent" sender of virus laden mail. I would point out that I once detected a virus that one of a member of a huge private mailing list ( that I am on ) had accidentally sent out, my warning to them all at least got it disinfected before they passed it on even further to their friends and their friends' friends... -- Regards Cliff Sarginson The Netherlands [ This mail has been checked as virus-free ]
