Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling]
From: James A. Thornton (jamest_at_u-238.infinite1der.org)
Date: Tue, 3 Feb 2004 18:07:45 -0500 (EST) To: Gadi Evron <firstname.lastname@example.org>
On Tue, 3 Feb 2004, Gadi Evron wrote:
> 3. I think we look at the whole problem in the wrong way, allow me to
> The AV industry is built on reaction rather than prevention. Adding
> new signatures is still the #1 tool in the fight against malware.
> With spam and mass mailers clogging the tubes, causing us all to waste
> money on bigger tubes, as well as our time dealing with the annoyance
> (more money), shouldn't the problem be solved there (at the main tubes
> themselves) rather than at the end user's desktop?
> If backbones filtered the top-10 current outbreaks, with non-intrusive
> means such as for example running MD5 checksum checks against
> attachments, or whatever other way - wouldn't it be better? True, it
> may cause a cry of "the government spies on us, but with the current
> economic troubles outbreaks cause, can we really use that excuse
> anymore? Doesn't the police regulate speeding?
Filtering at the backbone level is contraditory to 3.3, as the provider
would have already sent the data out their Global ( or even National )
Peer so they're already paying for the increased data on the pipes. Also,
the feat of filtering every packet, MD5'ing it, and dropping it would be
an engineering marvel. (De-capsulation and re-encapsulation alone would
require vasts amounts of processing power for that much data. ) Not to
mention the end user resubmitting his request once he realizes that the
recipient never got the message the first time.
> If I were to take the conspiratorial side, perhaps backbones like it
> when people pay for tubes they don't need, which are used to deliver
> 90% junk.
> Nobody wants to deal with "you are reading my mail!" or with "sorry,
> now people will pay for smaller tubes", perhaps even at the ISP level
> - "why should I pay for more filtering when it isn't demanded of me?".
> They are right, it isn't currently demanded of them.
> I would like to refer you to SpamCop (when it comes to spam) or
> MessageLabs (for malware), it works. But you need to pay to get (most
> of) their services.
There ARE ISP/provider level AV/Filtering products out that alleviate most
of the sources of unwanted incoming and outgoing mail traffic. Of course,
purchasing and implementation is up to the provider...
James A. Thornton UNIX System Administrator Atlanta, GA
GnuPG fingerprint: 5A4E FF38 F255 78D2 EABC 63A5 6248 FBAB 293F EC0A