Ed Price wrote:

"Robert Bonomi" bonomi@c-ns. wrote in message
link.net...
In article YEcdb.2567$La.801@fed1read02, Ed Price
wrote:

Exactly!! My company subscribes to a service like that; they get daily
updates for their filter software just like they get updates for their AV
file. At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75 to
100
Swens per day. (The first couple of days, I had over a hundred per day.)
Sure, there's a few variations, but the 106 kB attachment is a real
obvious
sign. Evidently, Cox doesn't care, and doesn't filter at all.

I don't leave my machine run 24/7, so the Swen IS a problem for me. Since
Cox only allows a 10 MB mailbox, about 90 Swens fills it. Then, Cox
graciously starts bouncing ALL my emails, since my box is now full. In
effect, an email DOS fringe benefit for the Swen.

My question is, why can't Cox afford a filter system for incoming email?
And
my next question is why don't all reputable ISP's have a filter on
outgoing
email? There's still a whole lot of the clueless who are yet to be
infected,
and Swen attachments will be flowing for quite a while to come.

The answer to _any_ question that starts off "why don't they..." is
*always*
"money".

How much more are _you_ willing to pay for your Internet access to cover
scanning of _your_ outgoing mail for viruses?

How much more are you willing to pay for virus-scanning of your incoming
mail?
The commercial filtering services get $3-5 per mailbox, per month, in
'whole-
sale' quantities. And even the best of 'em don't catch everything.

Since I'm already paying $40 per month for broadband access, would I pay an
additional $5 for a fast reacting spam & virus & worm filter? Yes.

And remember, a filter would work both ways. incoming & outgoing. Much of
the problem is caused by clueless broadband users whose machines are taken
over and used to propagate the attacks. An ISP should have the duty to
suppress these sources of contagion.

OTOH, how much would the ISP save in storage resources, system overhead,
overloaded customer service reps? And what would be the market value in
being able to claim a reasonably "protected" ISP service?

Further, if a company has maybe 5000 mailboxes, might not an ISP with
250,000 mailboxes be able to talk a better deal?

Ed
WB6WSN

At that volume they should implement it themselves, and just
subscribe to the update services.
--


Michael A. Terrell
Central Florida

On thing about this thread:

Posting on a group to get users to check for viruses is unlikely to
accomplish much, although I do have to say this one at least generated
a lot of discussion. Some of it has been down right educational.

OTOH, *most* computer users would never pass the definition for
computer literate, let alone computer savvy, unless the definitions
were made extremely lenient.

*Most* computer users do not know, or care how the thing works as long
as it does what they ask. You can point out the dangers inherent in
their way of doing things, but it has worked so far and they seem to
have that feeling of, "It only happens to the other guy".

Yes, MS operating systems are full of holes although many of the holes
were put there intentionally to enable the end user to do something.
The OS comes with most of the defaults turned on that put the system
in its most vulnerable state.

Lets say we could convince MS to turn off all those defaults. They
would be inundated with calls wanting to know why HTML didn't work,
why their macros didn't automatically execute, why animation didn't
work in their e-mail...and so on...That average user would just get
the defaults turned back on. Plus they'd be angry at MS for making
them have to figure out what was wrong.

LINUX and UNIX are computer people's OSs. Sure we can even make them
look like Windows, but that average end user wants all the
functionality they've been having and in the same manner.

IF MS went away tomorrow and produced no more OSs and was replaced by
fully end user friendly UNIX and LINUX we would still be plagued with
our current problems for a decade or more due to the old systems out
there. The end user wants a box they can turn on and it does what
they want. Never mind that the way they do things can create
difficulties for hundreds of thousands of other users.

_As_long_as_that_ mind_set_continues there will be a tremendous market
for the type of OS put out by MS. As long as that market continues
the rest of us will be plagued by the problems they create. Maybe our
systems will not become infected, but as shown by the recent flood of
mail and bogus bounced e-mails it can sure be an inconvenience and in
many instances cause a complete Denial Of Service (DOS) to many end
users, let alone ISPs. Some of us have the ability to change our
posting address as often as we wish. We can even use "tagged"
addresses when registering software and hardware. We can do that and
still keep private addresses for friends. However once some one with
your address had their computer infected, it's time to change.

True spam (UBE), rather than just cross posting is at unbelievable
numbers. Many ISPs are dealing with millions of messages per day.
Some of the larger ones are in millions per hour. It too can cause a
DOS once past a critical point.

I've always used a valid return address when posting although I do
change them. This last batch of viruses has me almost ready to quite
using valid addresses, but not quite. I don't want to give up the
flexibility of putting myself out of reach to where I post.

I would offer this suggestion for those who get so excited about
receiving the results of the viruses...get a couple of accounts with
the free e-mail services. Use those addresses as returns when
posting. Most of the current bots are quite capable of figuring out
nospam, remove whatever, and symbols. I followed one of the adds
about sending millions of e-mails per day, or even per hour. That site
told exactly how to set up the bots and how to filter the addresses.
It told what addresses to never use and how to filter out the real
address out of most "munged" addresses. They also run permutations of
munged addresses to try and find a valid one. They could care less if
they have to send 50 e-mails if one of them *might* turn out to be
real. If they only get a return of 0.01% that is still a 100 returns
for every million e-mails. If they send a million an hour that is
2400 returns per day. That can make a lot of people rich.

Once an account gets trashed, change it. 10 or 20 spam and maybe 10 or
20 of the bogus e-mails are not worth getting excited about. Remember
those on here who have been receiving over a 1000 a day...That is long
since the point of changing addresses.

So, although we can blame MS for putting out a crappy OS, and
justifiably so, they are meeting a demand from the unknowing and
uncaring end user. I seriously doubt if that is going to change any
time soon. Nor would changing to UNIX or LINUX change anything for
most on the news group who are being inundated with bogus e-mail due
to some one else's problems. THAT *stuff* needs to be filtered out at
the ISP level, yet you don't want any false positives.... Changing to
a more bulletproof OS can make you more immune to infection, but it
does nothing to prevent the bogus e-mails. Better filtering at the
user end can help if you have the band width, but probably not for the
poor user with a 28K modem and dial up service receiving more than a
1000 messages a day

As a parting shot: One of the Telcos removed access to their system
for every user with an infected computer. They will not be let back
on until they can show their systems are clean. (it was quite a few
thousand users too). Now if every ISP would do that as soon as a virus
was detected coming from that IP and share the information with all
other ISPs, "I think" it would do far more in a few days than any
amount of education we could give those users.

Monitoring for viruses at the source and terminating the user (or
just suspending their account) as soon as a sent message is detected
would keep the effect of viruses contained and the effect to a
minimum.

Roger Halstead (K8RI EN73 & ARRL Life Member)
www.rogerhalstead.com
N833R World's oldest Debonair? (S# CD-2)

On thing about this thread:

Posting on a group to get users to check for viruses is unlikely to
accomplish much, although I do have to say this one at least generated
a lot of discussion. Some of it has been down right educational.

OTOH, *most* computer users would never pass the definition for
computer literate, let alone computer savvy, unless the definitions
were made extremely lenient.

*Most* computer users do not know, or care how the thing works as long
as it does what they ask. You can point out the dangers inherent in
their way of doing things, but it has worked so far and they seem to
have that feeling of, "It only happens to the other guy".

Yes, MS operating systems are full of holes although many of the holes
were put there intentionally to enable the end user to do something.
The OS comes with most of the defaults turned on that put the system
in its most vulnerable state.

Lets say we could convince MS to turn off all those defaults. They
would be inundated with calls wanting to know why HTML didn't work,
why their macros didn't automatically execute, why animation didn't
work in their e-mail...and so on...That average user would just get
the defaults turned back on. Plus they'd be angry at MS for making
them have to figure out what was wrong.

LINUX and UNIX are computer people's OSs. Sure we can even make them
look like Windows, but that average end user wants all the
functionality they've been having and in the same manner.

IF MS went away tomorrow and produced no more OSs and was replaced by
fully end user friendly UNIX and LINUX we would still be plagued with
our current problems for a decade or more due to the old systems out
there. The end user wants a box they can turn on and it does what
they want. Never mind that the way they do things can create
difficulties for hundreds of thousands of other users.

_As_long_as_that_ mind_set_continues there will be a tremendous market
for the type of OS put out by MS. As long as that market continues
the rest of us will be plagued by the problems they create. Maybe our
systems will not become infected, but as shown by the recent flood of
mail and bogus bounced e-mails it can sure be an inconvenience and in
many instances cause a complete Denial Of Service (DOS) to many end
users, let alone ISPs. Some of us have the ability to change our
posting address as often as we wish. We can even use "tagged"
addresses when registering software and hardware. We can do that and
still keep private addresses for friends. However once some one with
your address had their computer infected, it's time to change.

True spam (UBE), rather than just cross posting is at unbelievable
numbers. Many ISPs are dealing with millions of messages per day.
Some of the larger ones are in millions per hour. It too can cause a
DOS once past a critical point.

I've always used a valid return address when posting although I do
change them. This last batch of viruses has me almost ready to quite
using valid addresses, but not quite. I don't want to give up the
flexibility of putting myself out of reach to where I post.

I would offer this suggestion for those who get so excited about
receiving the results of the viruses...get a couple of accounts with
the free e-mail services. Use those addresses as returns when
posting. Most of the current bots are quite capable of figuring out
nospam, remove whatever, and symbols. I followed one of the adds
about sending millions of e-mails per day, or even per hour. That site
told exactly how to set up the bots and how to filter the addresses.
It told what addresses to never use and how to filter out the real
address out of most "munged" addresses. They also run permutations of
munged addresses to try and find a valid one. They could care less if
they have to send 50 e-mails if one of them *might* turn out to be
real. If they only get a return of 0.01% that is still a 100 returns
for every million e-mails. If they send a million an hour that is
2400 returns per day. That can make a lot of people rich.

Once an account gets trashed, change it. 10 or 20 spam and maybe 10 or
20 of the bogus e-mails are not worth getting excited about. Remember
those on here who have been receiving over a 1000 a day...That is long
since the point of changing addresses.

So, although we can blame MS for putting out a crappy OS, and
justifiably so, they are meeting a demand from the unknowing and
uncaring end user. I seriously doubt if that is going to change any
time soon. Nor would changing to UNIX or LINUX change anything for
most on the news group who are being inundated with bogus e-mail due
to some one else's problems. THAT *stuff* needs to be filtered out at
the ISP level, yet you don't want any false positives.... Changing to
a more bulletproof OS can make you more immune to infection, but it
does nothing to prevent the bogus e-mails. Better filtering at the
user end can help if you have the band width, but probably not for the
poor user with a 28K modem and dial up service receiving more than a
1000 messages a day

As a parting shot: One of the Telcos removed access to their system
for every user with an infected computer. They will not be let back
on until they can show their systems are clean. (it was quite a few
thousand users too). Now if every ISP would do that as soon as a virus
was detected coming from that IP and share the information with all
other ISPs, "I think" it would do far more in a few days than any
amount of education we could give those users.

Monitoring for viruses at the source and terminating the user (or
just suspending their account) as soon as a sent message is detected
would keep the effect of viruses contained and the effect to a
minimum.

Roger Halstead (K8RI EN73 & ARRL Life Member)
www.rogerhalstead.com
N833R World's oldest Debonair? (S# CD-2)

"Robert Bonomi" bonomi@c-ns. wrote in message
hlink.net...
In article zJodb.2635$La.1152@fed1read02, Ed Price
wrote:



"Robert Bonomi" bonomi@c-ns. wrote in message
hlink.net...
In article YEcdb.2567$La.801@fed1read02, Ed Price
wrote:



"--exray--" wrote in message
...
Chuck Harris wrote:
Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and
a


That fails when the virus/worm/trojan is modified even slightly.
Ask
Norton, or McAfee why they have to update their virus scanners
almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email
the
person at the address and ask them? What if the from address
belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the
sender
that it was infected.


If you can determine who the sender really is. Sending email
messages
to the forged email addresses that exist in the sender field of
the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating
the
sender's email address. It has needed upgrading for about 15
years
now.


Earthlink delivers E-mail with no FROM: information in the
header.

If an ISP can't do this much, they need to go out of business.


Since no ISP can do what you are asking, I'd rather keep the
current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV


I'm not sure of the mechanics of how it is actually done but there
are
subscription services that ISPs can use to keep their mail services
clean and updated if they choose not to do it themselves.
Another "I'm not sure how it works" is with Mailwasher Pro...it will
not
bounce to invalid yahoo addresses. Apparently some 'trial' ping is
at
work, maybe in conjunction with Yahoo???.
Point being that these things can be accomplished although we are at
a
early stage of seeing it actually happen.
-Bill


Exactly!! My company subscribes to a service like that; they get daily
updates for their filter software just like they get updates for their
AV
file. At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75
to
100
Swens per day. (The first couple of days, I had over a hundred per
day.)
Sure, there's a few variations, but the 106 kB attachment is a real
obvious
sign. Evidently, Cox doesn't care, and doesn't filter at all.

I don't leave my machine run 24/7, so the Swen IS a problem for me.
Since
Cox only allows a 10 MB mailbox, about 90 Swens fills it. Then, Cox
graciously starts bouncing ALL my emails, since my box is now full. In
effect, an email DOS fringe benefit for the Swen.

My question is, why can't Cox afford a filter system for incoming
email?
And
my next question is why don't all reputable ISP's have a filter on
outgoing
email? There's still a whole lot of the clueless who are yet to be
infected,
and Swen attachments will be flowing for quite a while to come.

The answer to _any_ question that starts off "why don't they..." is
*always*
"money".

How much more are _you_ willing to pay for your Internet access to
cover
scanning of _your_ outgoing mail for viruses?

How much more are you willing to pay for virus-scanning of your
incoming
mail?
The commercial filtering services get $3-5 per mailbox, per month, in
'whole-
sale' quantities. And even the best of 'em don't catch everything.

Since I'm already paying $40 per month for broadband access, would I pay
an
additional $5 for a fast reacting spam & virus & worm filter? Yes.

And remember, a filter would work both ways. incoming & outgoing. Much of
the problem is caused by clueless broadband users whose machines are
taken
over and used to propagate the attacks. An ISP should have the duty to
suppress these sources of contagion.

Actually, it *wouldn't*. filtering -outgoing- e-mail puts performance
demands
on _completely_ different hardware (to prohibit bypassing the 'outgoing
filter'
machoines) and requires separate server-side services as well, because
outbound
mail *is* handled differently than incoming.

OTOH, how much would the ISP save in storage resources, system overhead,
overloaded customer service reps? And what would be the market value in
being able to claim a reasonably "protected" ISP service?

If they have 'storage quotas' on the mailbox, a flood of viruses doesn't
tax "storage" beyond what they've already planned for. 'full of garbage'
is no different than 'full of useful stuff' from their vantage-point.

There's some savings in 'system overhead', and other related resources,
but it's comparatively minor. Not big enough to be a 'motivating factor',
in general.


The 'market value' you talk about is a two-edged sword. If they advertize
that they have such protection, then they're at risk for complaints from
customers who had stuff get through, because the protection was "less than
perfect". *AND* for complaints when something gets blocked that the
customer
actually _wanted_. There's actually potential for _lawsuits_ here. Which
is why the existant filtering serivces generally _don't_ actually trash-
can *anything*. Instead, they re-direct the 'suspect' stuff to an
alternate
storage area. Where the end-user can 'inspect' to see if something that
they
_did_ want to get was mis-classified.

What complicates life *greatly* is that differnt people have different
standards of what is 'unwelcome' mail. some people actually _want_ to
get *some* of the mail that others would consider 'spam'. And, of
course,
anybody doing analysis of, or developing counter-measures againt, viruses
and worms, *must* be able to receive copies of them from other people.

This kind of 'special case' handling, as opposed to a simple "one size
fits
all" approach, makes offering 'protection' a *difficult* proposition.
It _can_ be done, but it requires =substantial= knowledge BY THE END-USER
in order for it to work effectively. Unfortunately, the vast majority
of end-users _do_not_have_ the required skill-set, and are not-interested
in, and/or *incapable* of, learning them.


Further, if a company has maybe 5000 mailboxes, might not an ISP with
250,000 mailboxes be able to talk a better deal?

Not significantly, unffortunately. 'Economies of scale' don't apply,
except to the "administrative overhead". Operational costs break down
into two major components: First, there is checking inbound messages
against the database of known 'unwelcome mail' (spam, viruses, etc.)
This scales roughly linearly with the volume of incoming mail, *but* it
also increases linearly with the number of 'identified' unwelcome mail
'signatures' that have to be checked. It does take 100 times as long to
check that a particular mail doesn't match any of 1000 spam 'signatures'
than it does to check that it doesn't match any of only ten such
'signatures'.

Second, there is the identification/classification of "new" (i.e.,
'previously undetected' spam, viruses, etc. This, unfortunately, is
*NOT*
a linear function. The costs related to this tend to escalate in
proportion
to the *square* of the _total_ number of messages handled. Not those for
a single mailbox, or a single cutomer, but based on the _total_ number of
messges that the service processes for _all_ customers. The more
mailboxes
they 'protect', the more expensive it is _per_mailbox_.

Of course, the bigger the 'aggregate' message volume they see, the more
effective they are at identifying cr*p, so the more valuable the service
is -- justifying higher pricing charging higher prices, because of the
increased 'efficiency' in catching problems.


Bob:

That was a marvelous and instructive romp through the woods. It's such a big
job, and there's always a small mouse that's gonna bitch about anything you
do. So, after all that, I still say that ISP's should be doing virus and
spam filtering, both directions. And when somebody tries to send 1000
emails in a day (arbitrary, but a trusted user could negotiate higher
limits), their account should get frozen for human intervention. For those
incredibly few people who "study virii", I'm sure they can find a bareback
ISP where they can continue to live dangerously.

Ed

"Robert Bonomi" bonomi@c-ns. wrote in message
hlink.net...
In article zJodb.2635$La.1152@fed1read02, Ed Price
wrote:



"Robert Bonomi" bonomi@c-ns. wrote in message
hlink.net...
In article YEcdb.2567$La.801@fed1read02, Ed Price
wrote:



"--exray--" wrote in message
...
Chuck Harris wrote:
Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and
a


That fails when the virus/worm/trojan is modified even slightly.
Ask
Norton, or McAfee why they have to update their virus scanners
almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email
the
person at the address and ask them? What if the from address
belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the
sender
that it was infected.


If you can determine who the sender really is. Sending email
messages
to the forged email addresses that exist in the sender field of
the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating
the
sender's email address. It has needed upgrading for about 15
years
now.


Earthlink delivers E-mail with no FROM: information in the
header.

If an ISP can't do this much, they need to go out of business.


Since no ISP can do what you are asking, I'd rather keep the
current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV


I'm not sure of the mechanics of how it is actually done but there
are
subscription services that ISPs can use to keep their mail services
clean and updated if they choose not to do it themselves.
Another "I'm not sure how it works" is with Mailwasher Pro...it will
not
bounce to invalid yahoo addresses. Apparently some 'trial' ping is
at
work, maybe in conjunction with Yahoo???.
Point being that these things can be accomplished although we are at
a
early stage of seeing it actually happen.
-Bill


Exactly!! My company subscribes to a service like that; they get daily
updates for their filter software just like they get updates for their
AV
file. At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75
to
100
Swens per day. (The first couple of days, I had over a hundred per
day.)
Sure, there's a few variations, but the 106 kB attachment is a real
obvious
sign. Evidently, Cox doesn't care, and doesn't filter at all.

I don't leave my machine run 24/7, so the Swen IS a problem for me.
Since
Cox only allows a 10 MB mailbox, about 90 Swens fills it. Then, Cox
graciously starts bouncing ALL my emails, since my box is now full. In
effect, an email DOS fringe benefit for the Swen.

My question is, why can't Cox afford a filter system for incoming
email?
And
my next question is why don't all reputable ISP's have a filter on
outgoing
email? There's still a whole lot of the clueless who are yet to be
infected,
and Swen attachments will be flowing for quite a while to come.

The answer to _any_ question that starts off "why don't they..." is
*always*
"money".

How much more are _you_ willing to pay for your Internet access to
cover
scanning of _your_ outgoing mail for viruses?

How much more are you willing to pay for virus-scanning of your
incoming
mail?
The commercial filtering services get $3-5 per mailbox, per month, in
'whole-
sale' quantities. And even the best of 'em don't catch everything.

Since I'm already paying $40 per month for broadband access, would I pay
an
additional $5 for a fast reacting spam & virus & worm filter? Yes.

And remember, a filter would work both ways. incoming & outgoing. Much of
the problem is caused by clueless broadband users whose machines are
taken
over and used to propagate the attacks. An ISP should have the duty to
suppress these sources of contagion.

Actually, it *wouldn't*. filtering -outgoing- e-mail puts performance
demands
on _completely_ different hardware (to prohibit bypassing the 'outgoing
filter'
machoines) and requires separate server-side services as well, because
outbound
mail *is* handled differently than incoming.

OTOH, how much would the ISP save in storage resources, system overhead,
overloaded customer service reps? And what would be the market value in
being able to claim a reasonably "protected" ISP service?

If they have 'storage quotas' on the mailbox, a flood of viruses doesn't
tax "storage" beyond what they've already planned for. 'full of garbage'
is no different than 'full of useful stuff' from their vantage-point.

There's some savings in 'system overhead', and other related resources,
but it's comparatively minor. Not big enough to be a 'motivating factor',
in general.


The 'market value' you talk about is a two-edged sword. If they advertize
that they have such protection, then they're at risk for complaints from
customers who had stuff get through, because the protection was "less than
perfect". *AND* for complaints when something gets blocked that the
customer
actually _wanted_. There's actually potential for _lawsuits_ here. Which
is why the existant filtering serivces generally _don't_ actually trash-
can *anything*. Instead, they re-direct the 'suspect' stuff to an
alternate
storage area. Where the end-user can 'inspect' to see if something that
they
_did_ want to get was mis-classified.

What complicates life *greatly* is that differnt people have different
standards of what is 'unwelcome' mail. some people actually _want_ to
get *some* of the mail that others would consider 'spam'. And, of
course,
anybody doing analysis of, or developing counter-measures againt, viruses
and worms, *must* be able to receive copies of them from other people.

This kind of 'special case' handling, as opposed to a simple "one size
fits
all" approach, makes offering 'protection' a *difficult* proposition.
It _can_ be done, but it requires =substantial= knowledge BY THE END-USER
in order for it to work effectively. Unfortunately, the vast majority
of end-users _do_not_have_ the required skill-set, and are not-interested
in, and/or *incapable* of, learning them.


Further, if a company has maybe 5000 mailboxes, might not an ISP with
250,000 mailboxes be able to talk a better deal?

Not significantly, unffortunately. 'Economies of scale' don't apply,
except to the "administrative overhead". Operational costs break down
into two major components: First, there is checking inbound messages
against the database of known 'unwelcome mail' (spam, viruses, etc.)
This scales roughly linearly with the volume of incoming mail, *but* it
also increases linearly with the number of 'identified' unwelcome mail
'signatures' that have to be checked. It does take 100 times as long to
check that a particular mail doesn't match any of 1000 spam 'signatures'
than it does to check that it doesn't match any of only ten such
'signatures'.

Second, there is the identification/classification of "new" (i.e.,
'previously undetected' spam, viruses, etc. This, unfortunately, is
*NOT*
a linear function. The costs related to this tend to escalate in
proportion
to the *square* of the _total_ number of messages handled. Not those for
a single mailbox, or a single cutomer, but based on the _total_ number of
messges that the service processes for _all_ customers. The more
mailboxes
they 'protect', the more expensive it is _per_mailbox_.

Of course, the bigger the 'aggregate' message volume they see, the more
effective they are at identifying cr*p, so the more valuable the service
is -- justifying higher pricing charging higher prices, because of the
increased 'efficiency' in catching problems.


Bob:

That was a marvelous and instructive romp through the woods. It's such a big
job, and there's always a small mouse that's gonna bitch about anything you
do. So, after all that, I still say that ISP's should be doing virus and
spam filtering, both directions. And when somebody tries to send 1000
emails in a day (arbitrary, but a trusted user could negotiate higher
limits), their account should get frozen for human intervention. For those
incredibly few people who "study virii", I'm sure they can find a bareback
ISP where they can continue to live dangerously.

Ed

In article ,
Roger Halstead wrote:


On thing about this thread:

Posting on a group to get users to check for viruses is unlikely to
accomplish much, although I do have to say this one at least generated
a lot of discussion. Some of it has been down right educational.

OTOH, *most* computer users would never pass the definition for
computer literate, let alone computer savvy, unless the definitions
were made extremely lenient.

*Most* computer users do not know, or care how the thing works as long
as it does what they ask. You can point out the dangers inherent in
their way of doing things, but it has worked so far and they seem to
have that feeling of, "It only happens to the other guy".

Yes, MS operating systems are full of holes although many of the holes
were put there intentionally to enable the end user to do something.
The OS comes with most of the defaults turned on that put the system
in its most vulnerable state.

Lets say we could convince MS to turn off all those defaults. They
would be inundated with calls wanting to know why HTML didn't work,
why their macros didn't automatically execute, why animation didn't
work in their e-mail...and so on...That average user would just get
the defaults turned back on. Plus they'd be angry at MS for making
them have to figure out what was wrong.

LINUX and UNIX are computer people's OSs. Sure we can even make them
look like Windows, but that average end user wants all the
functionality they've been having and in the same manner.

IF MS went away tomorrow and produced no more OSs and was replaced by
fully end user friendly UNIX and LINUX we would still be plagued with
our current problems for a decade or more due to the old systems out
there. The end user wants a box they can turn on and it does what
they want. Never mind that the way they do things can create
difficulties for hundreds of thousands of other users.

_As_long_as_that_ mind_set_continues there will be a tremendous market
for the type of OS put out by MS. As long as that market continues
the rest of us will be plagued by the problems they create. Maybe our
systems will not become infected, but as shown by the recent flood of
mail and bogus bounced e-mails it can sure be an inconvenience and in
many instances cause a complete Denial Of Service (DOS) to many end
users, let alone ISPs. Some of us have the ability to change our
posting address as often as we wish. We can even use "tagged"
addresses when registering software and hardware. We can do that and
still keep private addresses for friends. However once some one with
your address had their computer infected, it's time to change.

True spam (UBE), rather than just cross posting is at unbelievable
numbers. Many ISPs are dealing with millions of messages per day.
Some of the larger ones are in millions per hour. It too can cause a
DOS once past a critical point.


Tidbit: AOL, as of a few months ago, was _throwing_away_ (i.e., before
it even got to the user mailbox) in excess of TWO AND A HALF BILLION(!!!)
messages *per*day*.

I've always used a valid return address when posting although I do
change them. This last batch of viruses has me almost ready to quite
using valid addresses, but not quite. I don't want to give up the
flexibility of putting myself out of reach to where I post.

I would offer this suggestion for those who get so excited about
receiving the results of the viruses...get a couple of accounts with
the free e-mail services. Use those addresses as returns when
posting. Most of the current bots are quite capable of figuring out
nospam, remove whatever, and symbols. I followed one of the adds
about sending millions of e-mails per day, or even per hour. That site
told exactly how to set up the bots and how to filter the addresses.
It told what addresses to never use and how to filter out the real
address out of most "munged" addresses. They also run permutations of
munged addresses to try and find a valid one. They could care less if
they have to send 50 e-mails if one of them *might* turn out to be
real. If they only get a return of 0.01% that is still a 100 returns
for every million e-mails. If they send a million an hour that is
2400 returns per day. That can make a lot of people rich.

Once an account gets trashed, change it. 10 or 20 spam and maybe 10 or
20 of the bogus e-mails are not worth getting excited about. Remember
those on here who have been receiving over a 1000 a day...That is long
since the point of changing addresses.

So, although we can blame MS for putting out a crappy OS, and
justifiably so, they are meeting a demand from the unknowing and
uncaring end user. I seriously doubt if that is going to change any
time soon. Nor would changing to UNIX or LINUX change anything for
most on the news group who are being inundated with bogus e-mail due
to some one else's problems. THAT *stuff* needs to be filtered out at
the ISP level, yet you don't want any false positives.... Changing to
a more bulletproof OS can make you more immune to infection, but it
does nothing to prevent the bogus e-mails. Better filtering at the
user end can help if you have the band width, but probably not for the
poor user with a 28K modem and dial up service receiving more than a
1000 messages a day

As a parting shot: One of the Telcos removed access to their system
for every user with an infected computer. They will not be let back
on until they can show their systems are clean. (it was quite a few
thousand users too). Now if every ISP would do that as soon as a virus
was detected coming from that IP and share the information with all
other ISPs,

There's no need to 'share' the information with anybody else. Just
disable their access, "temporarily", and don't let 'em back on until
they 'prove' that the problem has been fixed.

"I think" it would do far more in a few days than any
amount of education we could give those users.


*ABSOLUTELY* YES!!!


Monitoring for viruses at the source and terminating the user (or
just suspending their account) as soon as a sent message is detected
would keep the effect of viruses contained and the effect to a
minimum.


There's the rub. That "monitoring". First, you have to 'detect' the
problem. *WHATEVER* approach you take to that monitoring/detection,
it takes resources, and costs money. There are some relatively simple
approaches, but they involve 'adding inconvenience' to the 'non misbehaving'
customer; the 'good-guy transparent' ones require a significant amount
of technical sophistication on the part of the provider, *and* a non-trivial
amount of high-priced equipment.

The ISP business is rife with cut-throat competition, and, literally, $1 or $2
per customer per month can make the difference between being in the black, and
bankruptcy.

In article ,
Roger Halstead wrote:


On thing about this thread:

Posting on a group to get users to check for viruses is unlikely to
accomplish much, although I do have to say this one at least generated
a lot of discussion. Some of it has been down right educational.

OTOH, *most* computer users would never pass the definition for
computer literate, let alone computer savvy, unless the definitions
were made extremely lenient.

*Most* computer users do not know, or care how the thing works as long
as it does what they ask. You can point out the dangers inherent in
their way of doing things, but it has worked so far and they seem to
have that feeling of, "It only happens to the other guy".

Yes, MS operating systems are full of holes although many of the holes
were put there intentionally to enable the end user to do something.
The OS comes with most of the defaults turned on that put the system
in its most vulnerable state.

Lets say we could convince MS to turn off all those defaults. They
would be inundated with calls wanting to know why HTML didn't work,
why their macros didn't automatically execute, why animation didn't
work in their e-mail...and so on...That average user would just get
the defaults turned back on. Plus they'd be angry at MS for making
them have to figure out what was wrong.

LINUX and UNIX are computer people's OSs. Sure we can even make them
look like Windows, but that average end user wants all the
functionality they've been having and in the same manner.

IF MS went away tomorrow and produced no more OSs and was replaced by
fully end user friendly UNIX and LINUX we would still be plagued with
our current problems for a decade or more due to the old systems out
there. The end user wants a box they can turn on and it does what
they want. Never mind that the way they do things can create
difficulties for hundreds of thousands of other users.

_As_long_as_that_ mind_set_continues there will be a tremendous market
for the type of OS put out by MS. As long as that market continues
the rest of us will be plagued by the problems they create. Maybe our
systems will not become infected, but as shown by the recent flood of
mail and bogus bounced e-mails it can sure be an inconvenience and in
many instances cause a complete Denial Of Service (DOS) to many end
users, let alone ISPs. Some of us have the ability to change our
posting address as often as we wish. We can even use "tagged"
addresses when registering software and hardware. We can do that and
still keep private addresses for friends. However once some one with
your address had their computer infected, it's time to change.

True spam (UBE), rather than just cross posting is at unbelievable
numbers. Many ISPs are dealing with millions of messages per day.
Some of the larger ones are in millions per hour. It too can cause a
DOS once past a critical point.


Tidbit: AOL, as of a few months ago, was _throwing_away_ (i.e., before
it even got to the user mailbox) in excess of TWO AND A HALF BILLION(!!!)
messages *per*day*.

I've always used a valid return address when posting although I do
change them. This last batch of viruses has me almost ready to quite
using valid addresses, but not quite. I don't want to give up the
flexibility of putting myself out of reach to where I post.

I would offer this suggestion for those who get so excited about
receiving the results of the viruses...get a couple of accounts with
the free e-mail services. Use those addresses as returns when
posting. Most of the current bots are quite capable of figuring out
nospam, remove whatever, and symbols. I followed one of the adds
about sending millions of e-mails per day, or even per hour. That site
told exactly how to set up the bots and how to filter the addresses.
It told what addresses to never use and how to filter out the real
address out of most "munged" addresses. They also run permutations of
munged addresses to try and find a valid one. They could care less if
they have to send 50 e-mails if one of them *might* turn out to be
real. If they only get a return of 0.01% that is still a 100 returns
for every million e-mails. If they send a million an hour that is
2400 returns per day. That can make a lot of people rich.

Once an account gets trashed, change it. 10 or 20 spam and maybe 10 or
20 of the bogus e-mails are not worth getting excited about. Remember
those on here who have been receiving over a 1000 a day...That is long
since the point of changing addresses.

So, although we can blame MS for putting out a crappy OS, and
justifiably so, they are meeting a demand from the unknowing and
uncaring end user. I seriously doubt if that is going to change any
time soon. Nor would changing to UNIX or LINUX change anything for
most on the news group who are being inundated with bogus e-mail due
to some one else's problems. THAT *stuff* needs to be filtered out at
the ISP level, yet you don't want any false positives.... Changing to
a more bulletproof OS can make you more immune to infection, but it
does nothing to prevent the bogus e-mails. Better filtering at the
user end can help if you have the band width, but probably not for the
poor user with a 28K modem and dial up service receiving more than a
1000 messages a day

As a parting shot: One of the Telcos removed access to their system
for every user with an infected computer. They will not be let back
on until they can show their systems are clean. (it was quite a few
thousand users too). Now if every ISP would do that as soon as a virus
was detected coming from that IP and share the information with all
other ISPs,

There's no need to 'share' the information with anybody else. Just
disable their access, "temporarily", and don't let 'em back on until
they 'prove' that the problem has been fixed.

"I think" it would do far more in a few days than any
amount of education we could give those users.


*ABSOLUTELY* YES!!!


Monitoring for viruses at the source and terminating the user (or
just suspending their account) as soon as a sent message is detected
would keep the effect of viruses contained and the effect to a
minimum.


There's the rub. That "monitoring". First, you have to 'detect' the
problem. *WHATEVER* approach you take to that monitoring/detection,
it takes resources, and costs money. There are some relatively simple
approaches, but they involve 'adding inconvenience' to the 'non misbehaving'
customer; the 'good-guy transparent' ones require a significant amount
of technical sophistication on the part of the provider, *and* a non-trivial
amount of high-priced equipment.

The ISP business is rife with cut-throat competition, and, literally, $1 or $2
per customer per month can make the difference between being in the black, and
bankruptcy.

On Sun, 28 Sep 2003 06:52:17 GMT, bonomi@c-ns. (Robert Bonomi) wrote:

In article ,
Roger Halstead wrote:


On thing about this thread:

Posting on a group to get users to check for viruses is unlikely to
accomplish much, although I do have to say this one at least generated
a lot of discussion. Some of it has been down right educational.
snip

There's no need to 'share' the information with anybody else. Just
disable their access, "temporarily", and don't let 'em back on until
they 'prove' that the problem has been fixed.

The sharing would prevent them from just getting on another provider
although that might not be necessary.

"I think" it would do far more in a few days than any
amount of education we could give those users.


*ABSOLUTELY* YES!!!


Monitoring for viruses at the source and terminating the user (or
just suspending their account) as soon as a sent message is detected
would keep the effect of viruses contained and the effect to a
minimum.


There's the rub. That "monitoring". First, you have to 'detect' the
problem. *WHATEVER* approach you take to that monitoring/detection,
it takes resources, and costs money. There are some relatively simple
approaches, but they involve 'adding inconvenience' to the 'non misbehaving'

I'm not even approaching the spam issue, but yes, it would have to be
something like Norton AV does. Scanning all outgoing mail and the
first of any virus or worm is likely to get through. It also means
being able to differentiate between a normal macro and one that is
malicious. It also means checking any attachment for some specific
functions, but you still can't take them all into account.

customer; the 'good-guy transparent' ones require a significant amount
of technical sophistication on the part of the provider, *and* a non-trivial
amount of high-priced equipment.

My wife and I are members of several clubs and handle the news letters
and member notification, so our ISP allows us to exceed the normal
mail limits as we may send out hundreds of news letters and
notifications. In a couple of instances the mailings exceed a
thousand, but those only happen a couple times a year.


The ISP business is rife with cut-throat competition, and, literally, $1 or $2
per customer per month can make the difference between being in the black, and
bankruptcy.


Sometimes it's less than that. However they still have to have enough
positive cash flow to stay afloat.

As I have my own dot com, but use an isp with web hosting the internet
costs are second only to the cost of flying which I also do.

Roger Halstead (K8RI EN73 & ARRL Life Member)
www.rogerhalstead.com
N833R World's oldest Debonair? (S# CD-2)

On Sun, 28 Sep 2003 06:52:17 GMT, bonomi@c-ns. (Robert Bonomi) wrote:

In article ,
Roger Halstead wrote:


On thing about this thread:

Posting on a group to get users to check for viruses is unlikely to
accomplish much, although I do have to say this one at least generated
a lot of discussion. Some of it has been down right educational.
snip

There's no need to 'share' the information with anybody else. Just
disable their access, "temporarily", and don't let 'em back on until
they 'prove' that the problem has been fixed.

The sharing would prevent them from just getting on another provider
although that might not be necessary.

"I think" it would do far more in a few days than any
amount of education we could give those users.


*ABSOLUTELY* YES!!!


Monitoring for viruses at the source and terminating the user (or
just suspending their account) as soon as a sent message is detected
would keep the effect of viruses contained and the effect to a
minimum.


There's the rub. That "monitoring". First, you have to 'detect' the
problem. *WHATEVER* approach you take to that monitoring/detection,
it takes resources, and costs money. There are some relatively simple
approaches, but they involve 'adding inconvenience' to the 'non misbehaving'

I'm not even approaching the spam issue, but yes, it would have to be
something like Norton AV does. Scanning all outgoing mail and the
first of any virus or worm is likely to get through. It also means
being able to differentiate between a normal macro and one that is
malicious. It also means checking any attachment for some specific
functions, but you still can't take them all into account.

customer; the 'good-guy transparent' ones require a significant amount
of technical sophistication on the part of the provider, *and* a non-trivial
amount of high-priced equipment.

My wife and I are members of several clubs and handle the news letters
and member notification, so our ISP allows us to exceed the normal
mail limits as we may send out hundreds of news letters and
notifications. In a couple of instances the mailings exceed a
thousand, but those only happen a couple times a year.


The ISP business is rife with cut-throat competition, and, literally, $1 or $2
per customer per month can make the difference between being in the black, and
bankruptcy.


Sometimes it's less than that. However they still have to have enough
positive cash flow to stay afloat.

As I have my own dot com, but use an isp with web hosting the internet
costs are second only to the cost of flying which I also do.

Roger Halstead (K8RI EN73 & ARRL Life Member)
www.rogerhalstead.com
N833R World's oldest Debonair? (S# CD-2)

On Wed, 24 Sep 2003 18:49:23 -0400, --exray-- wrote:

Henry Kolesnik wrote:

Any suggestions on a good ISP

On a more positive note than my last comment you can check to see which
ISPs in your area provide the ability to establish your own filtering at
the server so that if this ever happens again, and I'm sure it will,
then you can stop it (and other garbage) at the server based on your own
criteria.

I've been using a service like that which covers quite a few states.
They use filtering that has a core functionality and then you can add
your own choices on top of that.

If something slips through, I just forward the message back to the IPS
as an attachment and they add it to the blocked list.

It works pretty well and greatly reduces the load on my own filters.

Roger Halstead (K8RI EN73 & ARRL Life Member)
www.rogerhalstead.com
N833R World's oldest Debonair? (S# CD-2)

Just check the website homepages of the ISPs operating in your locale
and if they have such a feature surely they will tout it. More and more
are going in this direction.
As far as customer service, one of the ISPs I use has a fully automated
management system to add email accounts, change passwords, etc. There's
really no reason to ever have to call them.

-Bill M