Rant: Some people Windows... and Linux users suffer
Roy Schestowitz
===
SMTP error from remote mail server after MAIL FROM:<<MY ADDRESS>>:
host <<REMOTE_MAIL_DAEMON>> [IP ADDRESS]: 553 5.3.0 Message from
130.88.200.93 rejected based on external blacklist - See also
http://www.spamcop.net/bl.shtml
===
Going to Spamcop to run a quick lookup:
===
130.88.200.93 listed in bl.spamcop.net (127.0.0.2)
If there are no reports of ongoing objectionable email from this system it
will be delisted automatically in approximately 14 hours.
Causes of listing
* System has sent mail to SpamCop spam traps in the past week (spam traps
are secret, no reports or evidence are provided by SpamCop)
* SpamCop users have reported system as a source of spam less than 10
times in the past week
Automatic delisting
If you are the administrator of serenity.mcc.ac.uk and you are sure it will
not be the subject of any more reports of spam, you may cause the system to
be delisted without waiting for us to review the issue.
You may only do this once per IP! So please be sure that the problem is
really and truly resolved. If you delist your system and we get more spam
reports about it, you will not be allowed to expedite delisting again.
Delisting normally occurs 24 hours after spam reports have ceased.
You must be able to receive mail at one of the addresses below. Until you
have received and confirmed your request, it will not take effect.
Looking for potential administrative email addresses for 130.88.200.93:
130.88.200.93 is an mx ( 0 ) for serenity.mcc.ac.uk
130.88.200.143 is an mx ( 1 ) for mcc.ac.uk
===
Just informed the postmaster.
But here is the point to make:
* Some student and staff on compus still use Windows
* They waste IT staff's time and effort
* Their software licences drain the University budget(1)
* With maware/spyware and viruses(2) - they raise the level of traffic on the
network, thus slowing it down
* Their computers get hijacked and send SPAM(3) to everyone (Linux users
included)
* Their computers attack Web sites and enable criminals to demand ransoms and
raise hosting fees (for all of us)
* They get our outgoing mail server blacklisted, making communication harder
for everyone
To anyone who argues that Linux users are bitter, these may be some among
many reasons. There is no reason why money should be spent maintaining,
protecting, resending, and purging. That's just Microsoft's' gift to the
world. And it's getting worse every day.
___
(1) That must be well over a million pounds, which could help lecturers get a
decent wage. There is equally-capable free open source software, which
encourages collaboration -- a key area in research and learning.
(2) 9 in 10 Windows PC's is infected with spyware.
(3) 80% of all SPAM is sent from hijacked Windows PC's.
alt
> (1) That must be well over a million pounds, which could help lecturers
> get a decent wage. There is equally-capable free open source software,
> which encourages collaboration -- a key area in research and learning. (2)
> 9 in 10 Windows PC's is infected with spyware. (3) 80% of all SPAM is sent
> from hijacked Windows PC's.
That last item is what really toasts my bagel.... It is unconscionable
that Microsoft has been allowed to get away with producing such garbage to
the detriment of the rest of the world. They cost me on average 10-20
hours a week fine tuning my filtering rules just so I - and the companies
I do work for - can receive email.
Mark Kent
alt <spam...@lazyeyez.net> espoused:
This is all about societies and their attitudes to a) making money and
b) polluting and damaging the environment. We are no more concerned
with the pollution on the net than we are with the pollution of our
planet. Somehow, the oil companies are able to make enormous profits
whilst keeping a good distance from global warming.
It doesn't always work that way, though - in the EU, car companies are
being made responsible for unwanted cars, and computer companies might
be responsible for unwanted PCs (might be already, or might be soon),
but if you get oil out of the ground, or write software, then you seem
to be untouchable.
I'm sure that there is basic economics behind this - it's usually the
reason.
--
| Mark Kent -- mark at ellandroad dot demon dot co dot uk |
This is the theory that Jack built.
This is the flaw that lay in the theory that Jack built.
This is the palpable verbal haze that hid the flaw that lay in...
Roy Schestowitz
> begin oe_protect.scr
> alt <spam...@lazyeyez.net> espoused:
>> On Mon, 04 Sep 2006 06:12:23 +0100, Roy Schestowitz wrote:
>>
>>> (1) That must be well over a million pounds, which could help lecturers
>>> get a decent wage. There is equally-capable free open source software,
>>> which encourages collaboration -- a key area in research and learning.
>>> (2) 9 in 10 Windows PC's is infected with spyware. (3) 80% of all SPAM is
>>> sent from hijacked Windows PC's.
>>
>> That last item is what really toasts my bagel.... It is unconscionable
>> that Microsoft has been allowed to get away with producing such garbage to
>> the detriment of the rest of the world. They cost me on average 10-20
>> hours a week fine tuning my filtering rules just so I - and the companies
>> I do work for - can receive email.
I thought /I/ I was doing badly. Reassessing my filters is a time-consuing
process, but nothing compared with the time spent wading through SPAM. And
I'm still missing genuine mail. Luckily, none of the mail is from customer$
/per se/, so bitterness among businesses must be even greater. I can't
recall the figures which said how much money (and time, and mood) is lost
due to SPAM. I heard of a study back around 2002 when SPAM was said to
account for half the traffic. At present, it _by far_ exceeds these
proportions.
A guess: when Linux passes a usage barrier of, let us say, 30 per cent, then
businesses will loathe anyone who still uses Windows. It's hard to criticise
Windows for its impact on the Web unless you are 100% Microsoft-free.
Otherwise, it is a case of hypocrisy.
> This is all about societies and their attitudes to a) making money and
> b) polluting and damaging the environment. We are no more concerned
> with the pollution on the net than we are with the pollution of our
> planet. Somehow, the oil companies are able to make enormous profits
> whilst keeping a good distance from global warming.
>
> It doesn't always work that way, though - in the EU, car companies are
> being made responsible for unwanted cars, and computer companies might
> be responsible for unwanted PCs (might be already, or might be soon),
> but if you get oil out of the ground, or write software, then you seem
> to be untouchable.
>
> I'm sure that there is basic economics behind this - it's usually the
> reason.
Pollution is a good analogy. Make money now. Worry about unwanted residues
later.
William Poaster
06:12:23 +0100, Roy Schestowitz wrote:
Fortunately my ISP uses the SPEWS blacklist for email filtering,
(http://www.spews.org) so I hardly see any spam. I also do not use my real
email address anywhere on Usenet (as you know). Consequently, because of
those two things, I maybe get one spam email in three or four months (&
that may slip through my GMX email address). :-)
> To anyone who argues that Linux users are bitter, these may be some among
> many reasons. There is no reason why money should be spent maintaining,
> protecting, resending, and purging.
I agree, none at all.
> That's just Microsoft's' gift to the world. And it's getting worse every
> day.
As far as security on M$ Winders goes, Joe Public hasn't a clue, hence
all the zombied machines. Another thing too, ATM there is a promotional ad
on tv for (Dixon's) PCWorld for Tom-Tom & for a *wireless* Netgear router.
Would you like to bet that there are no instructions & warnings about
setting the thing up *securely*?
So the average "Joe Public" gets his wireless equipment home, plugs in
etc, & starts surfing completely oblivious that he broadcasting to all &
sundry.
Wanna bet too that there is NO warning in the package about how easy
wireless (WEP) is to crack *if* it's not set up properly?
> ___
> (1) That must be well over a million pounds, which could help lecturers
> get a decent wage. There is equally-capable free open source software,
> which encourages collaboration -- a key area in research and learning. (
> 2) 9 in 10 Windows PC's is infected with spyware. (
>3) 80% of all SPAM is sent from hijacked Windows PC's.
Yes. An old article, but still valid:-
http://www.theregister.co.uk/2004/06/04/trojan_spam_study/
A bit newer:-
http://news.bbc.co.uk/1/hi/technology/4369891.stm
At present:-
http://news.zdnet.co.uk/0,39020330,39281508,00.htm
I have no doubt the "Windows Apologists" will start making excuses about
all this.
--
Linux is not a desktop OS for people
whose VCRs are still flashing "12:00".
That eliminates a lot of wintrolls then.
Roy Schestowitz
Thanks for the references below. I left links out and used the most
optimistic figure (among more mouth-gaping statistics). Recent figures
suggest that, only 2 weeks ago, the number of Windows zombie rose by 20%.
That was in a _single week_.
> Yes. An old article, but still valid:-
> http://www.theregister.co.uk/2004/06/04/trojan_spam_study/
>
> A bit newer:-
> http://news.bbc.co.uk/1/hi/technology/4369891.stm
>
> At present:-
> http://news.zdnet.co.uk/0,39020330,39281508,00.htm
>
> I have no doubt the "Windows Apologists" will start making excuses about
> all this.
How long before we see threads like:
"My college doesn't permit Windows"
... the Dean says It ruins the network and becomes a support nightmare, which
costs too much.
Time will tell. That day will come.
Best wishes,
Roy
--
Roy S. Schestowitz | Windows is 'intuitive': go to 'Start' to finish session
http://Schestowitz.com | GNU/Linux Ś PGP-Key: 0x74572E8E
Mem: 514480k total, 476760k used, 37720k free, 7504k buffers
http://iuron.com - next generation of search paradigms
William Poaster
> __/ [ William Poaster ] on Monday 04 September 2006 08:56 \__
>
>> This message was posted on Usenet, NOT JLAforums, & on Mon, 04 Sep 2006
>> 06:12:23 +0100, Roy Schestowitz wrote:
<snipped for brevity>
>>>3) 80% of all SPAM is sent from hijacked Windows PC's.
>
>
> Thanks for the references below. I left links out and used the most
> optimistic figure (among more mouth-gaping statistics). Recent figures
> suggest that, only 2 weeks ago, the number of Windows zombie rose by 20%.
> That was in a _single week_.
It would be interesting to note (IMHO) when these sort of things occur.
For example, little Johnny's parents buy a shiny noo 'puter for Christmas.
Does it have an AV installed? Is it up to date? Do they have to pay to
*keep* it updated, & would they even bother to...or even think it's too
expensive?
IMHO it's obvious the "Average Joe" knows zip about computer security, so
their little Johnny gets online, surfs, & manages to get their PC 0wn3d.
(You take wild guess which OS is installed <grin>)
It *does* happen, my other-half (who's head of IT & security at her local
hospital) fixes her local township's computers for them in her spare time,
& I get regular reports from her about the nasties she finds on their
PC's. Now this is just one small Mid-West town, what do you suppose is
happening *worldwide*.
I was quite amazed at the so-called "Internet industry executive"
(whatever TF *that* is) who simply chucked his PC when it was loaded with
malware. What a shining example to all Windows users of......a complete
jerk, who *obviously* hasn't a clue what he's doing.
http://www.theinquirer.net/default.aspx?article=24690
So, he lets it load up with malware, *can't* be bothered cleaning it out,
& meanwhile it could be spewing forth all kinds of nasties. Furrfu.
As for him being an "Internet industry executive", at worst he should
have a 2" air gap between his PC & modem (to match the one between his
ears), at best he shouldn't be allowed anywhere near a PC.
>> Yes. An old article, but still valid:-
>> http://www.theregister.co.uk/2004/06/04/trojan_spam_study/
>>
>> A bit newer:-
>> http://news.bbc.co.uk/1/hi/technology/4369891.stm
>>
>> At present:-
>> http://news.zdnet.co.uk/0,39020330,39281508,00.htm
>>
>> I have no doubt the "Windows Apologists" will start making excuses
>> about all this.
>
>
> How long before we see threads like:
>
> "My college doesn't permit Windows"
I don't know, Roy, quite sometime I suspect. After all, ATM M$ is only
surviving because of people's apathy or ignorance of other OSs (thanks to
M$ being allowed to run as a monopoly for so long, though that's
slowly changing in the EU at least).
> ... the Dean says It ruins the network and becomes a support nightmare,
> which costs too much.
>
> Time will tell. That day will come.
:-)
Jim Richardson
Hash: SHA1
On Mon, 04 Sep 2006 08:09:41 GMT,
Handover Phist <ja...@jason.websterscafe.com> wrote:
> alt :
> Every morning my servers send me log files, and every morning I send
> spam reports to ISPs. It's become a part of my routine and I really wish
> it wasn't. That and brute force attacks through ssh burn my biscuits.
>
There are a couple of options to the brute force ssh attacks. Several
methods of tarpitting a host that tries multiple times on different
id's, or denying access to hosts who fail more than x times for a period
of time.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE/Hedd90bcYOAWPYRAjUdAKCaP2mo5q3Pzy9dW+ZmWV3nKrjxjwCg7wS6
yo3/UnTaaFfPgEuOsx9rt9E=
=DJ5i
-----END PGP SIGNATURE-----
--
Jim Richardson http://www.eskimo.com/~warlock
"The three principal virtues of a programmer are Laziness, Impatience, and
Hubris."
-- Larry Wall in den Perl5-Manpages
Handover Phist
> On Mon, 04 Sep 2006 08:09:41 +0000, Handover Phist wrote:
>
>> alt :
>> reports to ISPs. It's become a part of my routine and I really wish it
>> wasn't. That and brute force attacks through ssh burn my biscuits.
>
That looks quite promising, and has little in the way of dependancies.
Thanks for the tip!
--
Statisticians do it with 95% confidence.
alt
>>
>> Blockhosts can help with that: http://www.aczoom.com/cms/blockhosts/
>
> That looks quite promising, and has little in the way of dependancies.
> Thanks for the tip!
I've been using it on my servers and workstations for a while....
Mark Kent
You can set up iptables to do something on this, too. I'm looking at it
about now...
--
| Mark Kent -- mark at ellandroad dot demon dot co dot uk |
People who have what they want are very fond of telling people who haven't
what they want that they don't want it.
-- Ogden Nash
Lawrence D'Oliveiro
> On Mon, 04 Sep 2006 08:09:41 +0000, Handover Phist wrote:
>
>> Every morning my servers send me log files, and every morning I send spam
>> reports to ISPs. It's become a part of my routine and I really wish it
>> wasn't. That and brute force attacks through ssh burn my biscuits.
>
> Blockhosts can help with that: http://www.aczoom.com/cms/blockhosts/
Hmm, it looks like it actually modifies your system config files
(/etc/hosts.allow). I'm not sure I like that.
I wrote a Python script that adds temporary iptables rules and removes them
after 10 minutes. I thought that was safer than a permanent block. Most of
the attackers don't seem to come back after the 10 minutes is up.
I'd dearly love to try using the tarpit option mentioned in the iptables man
page. But I can't get that to work with the standard kernels on either of
the distros I've tried (SuSE, Gentoo).
alt
> In message <pan.2006.09.04....@lazyeyez.net>, alt wrote:
>
>> On Mon, 04 Sep 2006 08:09:41 +0000, Handover Phist wrote:
>>
>>> Every morning my servers send me log files, and every morning I send
>>> spam reports to ISPs. It's become a part of my routine and I really
>>> wish it wasn't. That and brute force attacks through ssh burn my
>>> biscuits.
>>
>> Blockhosts can help with that: http://www.aczoom.com/cms/blockhosts/
>
> Hmm, it looks like it actually modifies your system config files
> (/etc/hosts.allow). I'm not sure I like that.
It's not permanent. The changes occur between two lines that read:
#---- BlockHosts Additions
And they are flushed after a user defined period (24 hours for my systems)
If you set up the following in your hosts.allow it'll add new attackers
very quickly (as opposed to using a cronjob):
ALL: 127.0.0. : allow
ALL: <some approved net> : allow
#---- BlockHosts Additions
Blockhosts only changes this area.
#---- BlockHosts Additions
sshd: ALL: spawn (/usr/bin/blockhosts.py --verbose --echo "%c-%s" >> /var/log/blockhosts.log 2>&1 )& : allow
sshd: ALL: allow
>
> I wrote a Python script that adds temporary iptables rules and removes
> them after 10 minutes. I thought that was safer than a permanent block.
> Most of the attackers don't seem to come back after the 10 minutes is up.
>
> I'd dearly love to try using the tarpit option mentioned in the iptables
> man page. But I can't get that to work with the standard kernels on either
> of the distros I've tried (SuSE, Gentoo).
tarpitting is a nice idea. I just wonder how effective it is.
alt
> On Tue, 05 Sep 2006 21:55:54 +1200, Lawrence D'Oliveiro wrote:
>
>> In message <pan.2006.09.04....@lazyeyez.net>, alt wrote:
>>
>>> On Mon, 04 Sep 2006 08:09:41 +0000, Handover Phist wrote:
>>>
>>>> Every morning my servers send me log files, and every morning I send
>>>> spam reports to ISPs. It's become a part of my routine and I really
>>>> wish it wasn't. That and brute force attacks through ssh burn my
>>>> biscuits.
>>>
>>> Blockhosts can help with that: http://www.aczoom.com/cms/blockhosts/
>>
>> Hmm, it looks like it actually modifies your system config files
>> (/etc/hosts.allow). I'm not sure I like that.
>
> It's not permanent. The changes occur between two lines that read:
>
> #---- BlockHosts Additions
>
> And they are flushed after a user defined period (24 hours for my systems)
>
> If you set up the following in your hosts.allow it'll add new attackers
> very quickly (as opposed to using a cronjob):
>
> ALL: 127.0.0. : allow
> ALL: <some approved net> : allow
>
> #---- BlockHosts Additions
> Blockhosts only changes this area.
> #---- BlockHosts Additions
>
> sshd: ALL: spawn (/usr/bin/blockhosts.py --verbose --echo "%c-%s" >>
> /var/log/blockhosts.log 2>&1 )& : allow sshd: ALL: allow
That should read:
Lawrence D'Oliveiro
> tarpitting is a nice idea. I just wonder how effective it is.
Well, it can't be worse than blocking them. Pretending to accept the
connection, and then blithely ignoring any attempts to actually do anything
with it or close it, has got to lead the perps a merry dance...