On Apr 13, 2006, at 12:12 AM, Loren Wilton wrote:
I'd like to venture the suggestion that the percentage of spam from XP
isn't
necessarily an indication of inherent buggyness. It is more an
indication
that it is an OS for Clueless Noobs who haven't a clue about
maintaining a
system, avoiding a virus, or even able to tell if they have a viruis.
Thes
are the machines that turn into zombies.
While I don't disagree with your assessment of XP systems, I have a
different hunch about why such a large percentage of the mail coming
from XP systems is spam, and a smaller percentage of mail coming from
the other systems is spam:
a) In general, XP systems are not servers, and therefore, are not mail
servers.
b) Due to (a), if you do your mail/spam/virus scanning on machines that
do not receive direct connections from your own clients
(mail/spam/virus scanning at the border), OR if you do not have a high
percentage of XP clients in your domain, then your scanning systems
will not receive many (if any) legitimate direct connections from XP
clients ... because a legitimate mail sending process on an XP system
will be directly connecting to their own domain's mail server, and not
to YOUR mail scanning systems.
c) Thus, if you meed the conditions in (b), and if we accept (a) as
true, then the vast majority of connections you receive from XP
systems, on your mail scanning systems, will be from spam/virus bots
trying to directly submit spam or virus laden messages to your mail
gateways instead of submitting it to their own mail servers (as bots
are known to do).
We would expect to see a lower percentage of spam from server type OSes
(or OSes that can be clients or servers) because a higher percentage of
those platforms are used as legitimate mail servers.
The other factor here is: while I _hate_ linux, how much of the spam
being submitted by linux boxes is merely a mail server relaying on
behalf of one of their infected clients? (same with the unix systems,
and the 2000/2003 systems) And thus not at all indicative of the
quality of linux systems administration out on the internet.
I think this is one of those cases where "the statistics work as blind
observations of behavior, but attempting to describe _why_ the
statistics works is not something you can sum up with a simple an
straight forward explanation". Kinda like QM.
