Help--I need a new newsreader

If you can use Filters or Junk controls or some other method in Thunderbird to get rid of all the spam showing up in the Wreck, I'd surely like to know how. It looks like you can create filters from existing messages, but I don't see how to get them to clean out the headers that have already been downloaded.

From an Agent user, used to using wildcards when sending to the killfile...

According to McAfee (and a large number of other sources) the "Join the Crew Virus" was a hoax.

"Larry Blanchard" wrote

Except for the last line, very well said ... however, I consider a box upon which I can't run my software of choice "crippled", no matter how "secure". :)

"Leon" wrote

Granted a bit of a simplistic overview, but IMO, the point being missed in many of the arguments being bantered about, and using the word "security", is the distinction therein between the "hacking" (for lack of a better term) or breaching of a system/network; and the act of spreading viri/malicious code by _exploiting_ sloppy programming.

Both fit nicely under the umbrella of "security" and are often used in conjunction to compromise a system/network.

The fact that MSFT operating systems, whether for server platforms or workstations, have historically shipped with defaults set to 'ease of use' instead of 'security against breach' has been a big problem with the first part above. Add to the mix the fact that sloppy coding inherent in a rush-to-market mentality (notably manifested in the infamous "buffer overruns") has been responsible for most of the known virus/malicious code exploits with MSFT products.

Now add those two, ALONG with their _ubiquity_, which you correctly mention, and you get the deadly combination we are currently in with regard to "security" as users of MSFT products.

I'm not a MSFT detractor, but in the realm of security they indeed shot themselves, as well as their users, in the foot in their headlong rush for market share, with "security" arguably not even entering into their thoughts until forced to do so by the obvious.

That MSFT still does not have their act together in this regard is amply illustrated by the number of "security updates" in yours and my "Windows Update" logs ... ... not to mention that this particular genie is VERY difficult to get back into the code base bottle. ;)

As far as the ease of effecting the "security" of a system/network with tools, knowledge, and an inherent, built-in capacity to do so, Larry Blanchard put it very succinctly in another post.

Yeah for the 3rd or 4th time I have down loaded and installed Thunderbird and an hour later uninstalled it because the Use filter is greyed out. Creating the filter was easy enough. Using help was a night mare.

And again I'll say that if Microsoft disappeared tomorrow the attention of the spamers would be dirrected at cracking the security on the other OS systems. I do not contest the fact that Microsoft created the Spammers paradise but having to crack the security of an OS is not going to make the millions of spamers go away.

Yes that is true. Path of least resistance. Take that target away and the tens of thousands or more people that make their living doing this now will look for the next easiest target.

I would know nothing about that. I'll take your word on that one, BIG BOY. ;~)

I totally agree and am not defending Microsoft at all. They created this problem. But like "nukes" the problem is not going to go away. An industry has been created and will continue with or with out an easy target.

If Unix became the next OS in every home like Microsoft is now, do you think that "everyone" would be able to do that fair amount of work to insure its security against spammers? I am only saying that Unix is strong because it does not appeal to the masses, a target not worth the time needed to crack it, today. If Unix replaced Windows in the future you have thousands and thousands of spammers that will have reason to go after the next easiest target. I suspect that Apple would be that target. I remember when Apple had no virus problems. Had Unix been the first OS to be in every ones homes perhaps Spammers would not exist today but now they do and they probably are not going to go away simply because the target becomes harder to get into.

^^^^^^^^

I think you read that one backwards, Leon :-).

I don't doubt that dedicated hackers could get into Unix. They have before, albeit most intrusions were of the "worm" and not the "virus" species.

But when every process runs in its own protected memory space, it does limit the opportunities for system-wide damage. And at least one Unix, OpenBSD, was designed specifically for security.

But your point is valid. There would surely be more hacking attempts, and successes, were Unix the predominant OS. I just don't think they'd be as frequent or as severe.

That's the point.

You can't get a virus just by reading email.

Or rather you couldn't until Microsoft began writing email clients.

Out sysadmin found out (the hard way) that a patch from HP reset our mailserver to an open relay.

Of course the documentation from HP didn't warn about that, it was obvious--to them.

Probably so. I have been on medication all week fighting an upper respitory infection transfered to me my my wife. She sent me an unsecured e-mail and I read it. ;~)

Larry Blanchard wrote on 03 Apr 2008 in group rec.woodworking:

I believe that Unix would be just as insecure if it was as commercially successful as Windows. I think Unix is secure because it has remained in the hands of informed and educated administrators and developers, mostly.

Big commercial success means lots of uninformed users who would demand whiz-bang applications like games. Programmers who crank out that stuff aren't particularly concerned with security -- they're concerned with getting the code out the door by the Christmas sales season and making pretty pictures, so they take hardware and software shortcuts.

Granted, Unix has architectural features that make it more difficult to access the privileged areas, but it isn't impossible. I used to be a VAX developer and administrator. That OS was well designed for security, but we had regular patches to fix security issues, and that was before the Internet was developed.

You are correct Leon. So much so, that CERT came into being over a hacked UNIX environment - not hacked Microsoft environments. Virus', worms, trojan horses, etc. were all very real threats in the UNIX world. One of the problem with open source environments like UNIX is that it is indeed easy to create malicious code. Apple has already seen the attention of the hacker community as well. Not to the degree that Microsoft has, but for all of the reasons you've listed.

messagenews: snipped-for-privacy@a70g2000hsh.googlegroups.com...

While 'tens of thousands' is not as wildly incorrect as 'millions' it is still way of the mark. There may have been a total of a few tens of thousands of email spammers since the inception of the practice, but the overwhelming number of those were chicken boners who almost certainly lost money by spamming. E.g. they paid for spamware and/or affiliate membership is some internet-based pyramid scheme, made no sales and got malletted within hours or days of sending their first spam. Almost every ISP will terminate the account of a spammer who isn't paying them a lot extra (e.g. the notorius 'pink' contracts with ATT and others.) The number making a living off spam today are no more than two or three hundred and never were any more than that.

There may be fewer today than at any time in the last ten years due in no small measure to organized crime offering deals their competition couldn't refuse.

Next time read your email while wearing a condom...

Fred the Red Shirt wrote: ...

...

Question I've never understood--how does anybody actually make any money? I can see the possibility (however remote) that somebody responds to the phishing, etc., but 98% of what I get is simply machine-generated gibberish it appears. What's up w/ that?

--

Yes.

But if you go back 20 some odd years ago when Unix boxes still outnumbered machines on the internet running microsoftware, what was the percentage of each that was compromised at any give time?

Despite the fact that the Unix machines were more lucrative targets, having faster connections and greater bandwidth, as well as outnumbering Microsoft PCs, wasn't the percentage of infected PCs much, much, higher?

It certainly jumped when Microsoft released its first OS/ email client combination that allowed a sender to install software onto the recipient's computer without notifying the recipient. That upswing was pretty much entirely a product of the technical aspects of the microsoftware and had almost nothing to do with it's popularity.

As a matter of curiosity, do you know if MS has begun using Code Data Separation?

Most of the machine-generated crap you see is virus/bot software trying to infect your computer and turn it into a spam zombie--some of the spam out there is phishing (as you've seen), some is for Viagra and random penis enlargement stuff (nearly all medical spam is actual for "herbal viagra" or what have you, which has nothing in common with the original), and some of the zombies are just there waiting to be called into action to DoS a company that isn't paying protection money. Yep, vulnerable computers are being used for big-money extortion, some of it against the major world banks and such corporations.

Colin