[AUUG-Talk]: ACA says that Anti-spam laws are working...
Peter Jeremy
peter.jeremy at alcatel.com.au
Tue Jul 27 08:59:30 EST 2004
FWIW, I also think that the total amount of spam is increasing. I
don't bother to keep records of the real origin so I don't know if
there has been any change in the amount of spam originating in
Australia.
On 2004-Jul-26 17:59:34 +1000, Michael Paddon <michael at paddon.org> wrote:
>An interesting parallel is the anti-virus world. You either get to keep
>updating lame virus detection signatures for ever, or you switch to an
>operating system with a real security model.
Both the OS and the MUA have to be "secure". An insecure MUA can
still allow your computer to be infected with a virus. A secure OS
(eg Un*x) will just restrict the amount of local damage that can be
done. If I receive a virus that exploits a hole in (say) mutt on
FreeBSD/i386, it could still wipe all my files and set up a backdoor
daemon that runs as myself. Using cron (or similar) it could easily
survive reboots.
The gains are:
1) The underlying OS is far less likely to be infected and therefore
cleaning up is a lot easier.
2) The OSS and Un*x communities are generally more proactive about
fixing bugs rather than claiming they don't exist or aren't bugs.
3) Not running an MUA that goes out of its way to execute anything
that looks vaguely executable reduces the chances of infection.
4) A heterogenous target is inherently more difficult to attack than a
homogenous target (though the RTM Worm had payloads for both Sun
and VAX so this isn't a total panacea).
>The moral: you don't add security, you design it in at the start.
Agreed. The problem is that none of IPv4, SMTP or DNS were designed
with security in mind.
--
Peter Jeremy
More information about the Talk
mailing list