We all know that a large amount of spam comes through personal computers which are connected to the Internet, and which have been hijacked – turned into “zombies” – by viruses, Trojans and the like.
But did you know that, according to SpamHaus, nearly 70% of all spam comes from hijacked Windows machines?
But wait, there’s more.
According to sources at major ISPs, at least 80% … that’s right, 80% of all Windows machines out there are infected! Think about how many PCs that is – it’s mind boggling! For just the top four ISPs combined that’s easily more than 100 million infected PCs. Just here in the United States.
Think about it. Millions of computers which are either already silently spewing out billions of pieces of spam, without their owners knowing, or which are waiting quietly on standby for the spammer with the keys to turn them into silent spammings machines.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
What do we do about this situation? Obviously user education of the home PC user isn’t working.
So, the question being put to you today is, what do you think that ISPs should do, if anything, with respect to their customers who have infected PCs which are injecting some of that 70% of all spam into the Internet, usually without the customer having any idea that something is wrong?
Should they cut them off? Isolate them? Behead them? Slap them on the wrists? Do nothing?
The Internet Patrol wants to hear from you – and we promise that we will pass this information back to our industry friends at the major ISPs. So now is your chance, dear readers!
What do you think that ISPs should do about their customers with infected PCs?
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
We each should tackle the spam problem the way some did with segregation, homophobia, anti-Semitism, and other severe social problems. First, work on yourself, install firewall, antivirus, two antispyware, one real-time, an antirootkit, and a HIPS, maybe a virtualization program; second, you tell your immediate family, friends, and acquaintances about what they may do, how to do it, and where to find information, download programs, especially the freeware; third, spend some time in advocacy, at minimum one e-mail a month to your ISP, local, state, and federal legislators about the spam problem, or join an online association or local group; fourth, Give a personal gift of freeware security programs that you recommend and the urls for the commercial security programs you like burnt on a cd to your family and friends. It could be in addition to the usual ties, socks, Prince cds, etc that you give. You could include on it detailed instructions of how to clean an infected computer and maintain it. The first year that I did it, I was surprised and joyed by the reception. One friend gave cds he burnt along with the holiday bonuses to his employees. Some friends and family simply copied the one I gave them and passed on the information. It has become a chain cd of security programs and information. I collected the information from the places most geeks know like Eric Howe’s pages, now at Spyware Warrior, www.firewallguide.com, Castlecops, Wilderssecurity, Technet, GRC, Fred Langa, Bleepingcomputer, TomCoyote, TechSupportAlert (Gizmo’s informative mag and site), Tektips, Secunia, Freeware Forum, Decent Downloads, Nonags, Windows Sysinternals, Lockergnome, PCPitstop and PCPitstop Forum, and AlisonMack.com, and others. Make the cd. You know that some folk will put the cd in, say, install SpywareBlaster, Zone Alarm Free et cetera, who would not follow a url. It is also an inexpensive gift to give; you can expand your gift-giving. A hundred cds are cheap. I burn one a day as a habit, and usually have a couple of dozen around at minimum. I change the info and programs to match the changes in malware and technology. Now the commercial antiviruses I suggest are NOD32, Kaspersky, and Bitdefender, plus some other top AVs. I include links to a seven commercial ones, supplemented by links to objective tests and reviews. I don’t want my friends and kin to just accept my opinion. I include your opinions.
What ISPs can do is reward folk who work to make the internet safer. They can collected the freeware security for which there is a consensus about efficacy, like Spybot Search & Destroy, Zone Alarm Free, SpywareBlaster, Spyware Guard, CWShredder, Trend Micro’s Sysclean, et cetera for their customers to download. They should have the URL to the site on each bill; they should send the LINK to the site on each email communication to the customer. It would also benefit them and the customer if such a support disk was given to each new customer, and an updated disk each year to all customers. Customers could copy that one for gifts.
Great! A virus to protect against malware! A PERFECT IDEA! And Let’s get the government involved, so it can become just another ‘big-business-only club’. That’ll solve EVERYTHING!
But that’s EXACTLY what it will come to; because, you guys are absolutely right… You’ll never get ‘Joe Average’ to think it’s HIS responsibility (be it SPAM, illegal filesharing, or whatever); and you’ll never get ‘BigISP Inc.’ to do ANYTHING unless there’s a significant profit to be made (or lost). So, I guess all that’s left is some kind of legal intevention. The only question left to answer is: “How much will it cost to establish a world police organization to deal with all of those obnoxious countries who don’t feel obligated to obey United States law?”
But all that’s just so much hot air; because, ya know what? SPAM doesn’t bother ME! I HAVE all of the security software in place; and I HAVE all the filtering rules set up properly; and I KEEP TRACK of all of the latest exploits, etc… So, while you ninnies decide who’s to blame for your own incompetence; I’ll just sit back and enjoy the show (for however long it lasts).
ISPs are the point at which all of the malware enters the net – they are making money, and they have technical staffs to manage their equipment – they have the perfect opportunity to block unwanted traffic (viruses, Trojans, keystroke loggers, worms, spam, port scans, and etc.). ISPs should be held responsible for what they allow onto the net – they have business addresses and bank accounts – we know who they are and where they live. To control foreign ISPs, we should require all of their traffic to come through a US ISP unless the foreign country signed a treaty which implemented and enforced laws of at least equal severity to those in the US – and whose government was also collecting postage. If necessary, the government could get involved to provide enforcement teeth by charging the ISP $.01 USD ‘postage’ for every address to which an e-mail is sent onto the net – the money collected could be placed in a revolving fund to pay for monitoring and enforcement at the ISP level as well as for any administrative overhead and oversight by the government. A similar scheme could be used to pay for packets and/or bandwidth. Once the costs begin to fall on the consumer of the net resources (e.g. – spammers) – the business model will not support their theft of bandwidth, disk storage, and the recipient’s time. Trying to fix these problems at the individual computer will never work because all the end users will never be able to update and patch their computers effectively – especially as less technical people are added to the world community.
I know that many people don’t want the government more involved in the internet, but, the freeloaders of the world are not going to show any restraint and the end user cannot take any effective action. We have been through these things before with trusts and anti-competitive business models, with racketeering, and now with terrorism – new and/or diffuse threats to which the victims cannot effectively respond.
Another area that could also be addressed would be to write or co-opt self propagating software which would search out and destroy the malware on PCs. If the end user does not want an outside agency to do this for them, then they should protect their computers. Unprotected and/or infected computers should be fair game to be cleaned and patched from the outside – either by the ISPs taking care of their connected customers, or by an enforcement group who can actively search for and destroy the potentially dangerous networks of zombie computers already in existence. It is clear that the owners of these machines cannot do the job and these computers have become a danger to the rest of us. The same legal framework that keeps people from storing hazardous materials on their property should apply here – similar to the local fire department enforcing building codes or cleaning property of hazardous brush to protect the community.
I do expect my computer to work as easily as any other consumer item. However, I also take my role as a responsible citizen seriously. ALL of my consumer items that might possibly affect other individuals in this society I keep in proper working order. That means that my car’s brakes and lights are in working order… That means if my cordless phones mess up my neighbor’s phones, we work out a solution…. I think you get the idea.
Keeping your computer up to date with anti-virus and other protective software falls into the same category as making sure the car brakes are functioning properly. The computer industry has made some strides in making it easier for the novice to do this – just as Goodyear makes it easy for me to simply drive in and have them check out my car’s safety features. But just as it is my responsibility to either validate the safety features of my car or take it to a mechanic who can, it is the responsibility of the owner of each computer hooked into the internet to make sure their computer does not harm others.
One thing you guys seem to overlook is that people do have a right to expect computers to work as easily as any other consumer item… unfortunately the computer industry has managed to convince many people that it is different somehow from every other industry. People seem to believe they are somehow so superior as soon as they ‘know about computers’. What a load of self serving egotists so many have become.
I have so much security on this machine that I am surprised that it works at all. I do everything I can do to keep it clean and I absolutely HATE these people who do nothing but destroy the net for the rest of us. I agree that the ISP’s should bear most of the responsibility, BUT the individual owner MUST listen and learn too. If they cannot be educated then shut them down until they can find help to clean up their mess.
Some interesting (though unoriginal) ideas here about who to blame, but barely a whisper about how to fix it. The problem exists NOW, it is causing problems NOW, and that’ll only get worse unless we stop trying to decide who to blame and start working on how to fix it.
I know what I’m doing. What are you doing?
There are far too many Luddites out there who simply refuse to even learn about, much less install the proper prophylactic utlities on their home or business systems. The ISPs do need to take more pro-active attitude, but the root of the problem is the lack of accountability for the spam (or virus) origins, i.e., the domains that propogate it in the first place. Until ICANN forces its “Accredited Registrars” to maintain _current_, _complete_, and _accurate_ domain registration data, so that the criminals can be tracked to their REAL locations, nothing will improve. As it is now, with more than 200 registrars scattered about the world, and a relatively small group of them totally ignoring the weak existing requirements (particularly prime offenders like “Morethan1Cow”!)the flood of spam & viruses and scams will continue unabated. Those greedy & irresponsible Registrars knowingly accept totally false domain registration data with impunity. They should lose their authority!
It is in the ISP’s interest to monitor for heavy system usage. This can be spam, viruses, or business use.
1. If the system load gets too heavy, legitimate customers will get upset and leave. The ISP loses income.
2. If the heavy use is legitimate then that user should be classified as such and pay a higher rate for service. The ISP gains income.
The problem really starts with the operating system and quickly transfers to the system vendors. If the operating system is securely designed and the mass marketers ship machines that are protected by default with hardware and software that is effective for the life of the machine the problems will disappear. Unfortunately, we are more interested in “gee-whiz” than being responsible. Air bags don’t save lives because people order them. They save lives because they are there by default.
ISP’s should only have to clean up the screw-ups after the above is implemented.
I have reported IP numbers to ISP’s of users who are sending viruses and nothing was ever done, so what makes you think they’ll do anything about spam? My experience has been that most (not all) ISPs care about the money and couldn’t care less about what the user is doing over their network. If they did care they could monitor it themselves and sut it down. If they can monitor users who swap music and/or movie files, they sure can monitor the spammers. Like everything else in this world, money talks!
If my computer was sending out packets with spoofed IP addresses or e-mail with spoofed “from” addresses, I would expect my ISP to drop them at the very least, and alert me if the rate reached a suspicious level. ISP’s certainly have the ability to check these things — they know what IP addresses and e-mail addresses they have assigned to you have and should be allowed to require your computer to use them. Failure to do so indicates static on the line at least, if not virus activity or even deliberate attempts on my part to subvert the system. No customer, innocent or otherwise, should be allowed indefinite access to the Internet with software that is not playing by the rules. Contracts should allow ISP’s to insist that, if they detect problems with your computer, you either fix it, let them fix it, or they will be allowed to cancel your contract.
I would also support ISP counting e-mails and addressees. Few customers have legitimate reason to send out hundreds or thousands of e-mails a day and I, for one, would certainly want to know if my computer was routinely exceeding threshholds mutually agreed to. At the very least, an email-times-addressee count should be shown on the monthly bill. Most customers would see it as a red flag if this were a five-digit number, let alone seven or eight digits.
Internet access is more common than functional English literacy. This ‘moves’ the problem to ISPs by default. Until ISP service is offered that ‘automatically inoculates’ users from internet pitfalls, or, until ‘complete’ security software is offered in a single ‘no-brainer’ program, or, until Everyone is an expert in both computer and English literacy, …you have spam.
The power company provides electricty to your home. What you do with it is your responsibility. If you hurt someone using electricity, you will suffer the consequences.
A computer on the Internet can be a dangerous thing these days. I belive the end user, should be held responsible for what he does with his computer. There are far too many people who use this device without a thought that they may be hurting someone, and the sad thing is, most of them simply don’t care.
I work in IT, and I gave up long ago trying to educate people about the problems we have with the Internet, not only with spam, but all the other nasties out there as well. Joe public wants to turn on his computer like any other appliance, use it, and turn it off. Any kind of maintenance, security, or checks to keep him from adding to the problem, is just too much to ask. Joe is costing us millions of dollars eevery year, because he is too lazy too learn, or change his habits, and secure his computer.
I believe its time to license people who use the Internet. Either that, or impose fines on those who refuse to take this seriously. A small fee and a simple test would force this issue to be seen as important, and involve everyone, including ISPs. Of course known spammers, or anyone caught writing illegal harmful code should be punished, but in the end, it is the user who makes it possible to spread this stuff.
I agree the 80% is bogus. It is more like 90%. I am not talking about cookies either. I am talking about some sort of adware or spyware other than cookies. I work at several of the sites that help people remove this garbage as well as doing it locally. Those poor customers who have a zombie generating spam should be cut off until it the computer is cleaned. However the ISP’s need to be able to help them in the removal by using techs that are capable of actually doing so. This may actually take some effort using hijackthis, rootkit identification and removal, etc. This should be a free service to those customers. The typical answer lately is to provide some free garbage solution such as a McAfee or Norton suite installation which will not do the job.
I agree with Andy up to a point. I think payment of the cure should go to whomever is benefiting from the spam in the form of a class action suit. As Andy pointed out a lot of these people don’t even know there infected or understand how it happens.
FOA, the statistic that “80% of all Windows machines out there are infected” is bogus. Infected with what? Tracking cookies?
The ISP’s are the key to fighting spam. They always have been, but we like to coat the problem with a technical veneer. Any solution to spam requires ISP compliance to coherent procedures.
An ISP can measure all sorts of useful stuff, such as the number of e-mail messages sent via TCP port 25 (the standard SMTP port). If the number soars *and* a complaint is received, the ISP can isolate the account, provide a copy of the offending message and require the customer to certify disinfection via an ISP-run service before reconnecting. If the customer is found to be infected with spam-generating malware, the customer is charged for the service. The customer is responsible for disinfection, but may opt to use an ISP-sponsored service.
ISP’s would need to sign a charter, specifying adherance to such a procedure. Since offenders would actually be taken off line, spam complaints would soar. The zombies would quickly be identified and removed. Zombie-generated spam would disappear within a year.
The solution to spam lies with the ISP’s, who must get (imperfect) people to follow (well-written) procedures.
regards, Andy