<<< Date Index >>>     <<< Thread Index >>>

Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling]




On Tue, 3 Feb 2004, Gadi Evron wrote:

> 3. I think we look at the whole problem in the wrong way, allow me to
> elaborate:
> 
> The AV industry is built on reaction rather than prevention. Adding
> new signatures is still the #1 tool in the fight against malware.
> 
> With spam and mass mailers clogging the tubes, causing us all to waste
> money on bigger tubes, as well as our time dealing with the annoyance
> (more money), shouldn't the problem be solved there (at the main tubes
> themselves) rather than at the end user's desktop?
> 
> If backbones filtered the top-10 current outbreaks, with non-intrusive
> means such as for example running MD5 checksum checks against
> attachments, or whatever other way - wouldn't it be better? True, it
> may cause a cry of "the government spies on us, but with the current
> economic troubles outbreaks cause, can we really use that excuse
> anymore? Doesn't the police regulate speeding?

Filtering at the backbone level is contraditory to 3.3, as the provider
would have already sent the data out their Global ( or even National )
Peer so they're already paying for the increased data on the pipes. Also,
the feat of filtering every packet, MD5'ing it, and dropping it would be
an engineering marvel. (De-capsulation and re-encapsulation alone would
require vasts amounts of processing power for that much data. ) Not to
mention the end user resubmitting his request once he realizes that the
recipient never got the message the first time.

> 
> If I were to take the conspiratorial side, perhaps backbones like it
> when people pay for tubes they don't need, which are used to deliver
> 90% junk.
> 
> Nobody wants to deal with "you are reading my mail!" or with "sorry,
> now people will pay for smaller tubes", perhaps even at the ISP level
> - "why should I pay for more filtering when it isn't demanded of me?".
> 
> They are right, it isn't currently demanded of them.
> 
> I would like to refer you to SpamCop (when it comes to spam) or
> MessageLabs (for malware), it works. But you need to pay to get (most
> of) their services.
> 

There ARE ISP/provider level AV/Filtering products out that alleviate most
of the sources of unwanted incoming and outgoing mail traffic. Of course,
purchasing and implementation is up to the provider...

_____________________________________________________________________   
James A. Thornton     UNIX System Administrator     Atlanta, GA

GnuPG fingerprint: 5A4E FF38 F255 78D2 EABC  63A5 6248 FBAB 293F EC0A