RE: [Asrg] Viruses
"Bob Wyman" <bob@wyman.us> Thu, 26 June 2003 19:37 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA17868 for <asrg-archive@odin.ietf.org>; Thu, 26 Jun 2003 15:37:08 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5QJaec24792 for asrg-archive@odin.ietf.org; Thu, 26 Jun 2003 15:36:40 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VcXw-0006Rn-67 for asrg-web-archive@optimus.ietf.org; Thu, 26 Jun 2003 15:36:40 -0400
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA17846; Thu, 26 Jun 2003 15:36:37 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VcXJ-0006Jd-NN; Thu, 26 Jun 2003 15:36:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VcTg-00066J-HO for asrg@optimus.ietf.org; Thu, 26 Jun 2003 15:32:16 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA17571 for <asrg@ietf.org>; Thu, 26 Jun 2003 15:30:58 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19VcSR-0005DZ-00 for asrg@ietf.org; Thu, 26 Jun 2003 15:30:59 -0400
Received: from vmmrnat.verisignmail.com ([216.168.230.187] helo=vmmr8.verisignmail.com) by ietf-mx with esmtp (Exim 4.12) id 19VcSG-0005Bt-00 for asrg@ietf.org; Thu, 26 Jun 2003 15:30:49 -0400
Received: from ms3.verisignmail.com (ms3.verisignmail.com [216.168.230.176] (may be forged)) by vmmr8.verisignmail.com (Mirapoint Messaging Server MOS 3.2.2-GA) with ESMTP id AND26844; Thu, 26 Jun 2003 15:28:13 -0400 (EDT)
Received: from BOBDEV (pool-162-83-143-229.ny5030.east.verizon.net [162.83.143.229]) by ms3.verisignmail.com (Mirapoint Messaging Server MOS 3.2.2-GA) with ESMTP id AJM00782; Thu, 26 Jun 2003 15:28:11 -0400 (EDT)
Reply-To: bob@wyman.us
From: Bob Wyman <bob@wyman.us>
To: 'Barry Shein' <bzs@world.std.com>, asrg@ietf.org
Subject: RE: [Asrg] Viruses
Message-ID: <004801c33c19$20e62af0$660aa8c0@BOBDEV>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
In-reply-to: <16122.11883.895518.586214@world.std.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Content-Transfer-Encoding: quoted-printable
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 26 Jun 2003 15:28:30 -0400
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable
Barry Shein wrote: > For example, is it a FEATURE of all mentioned windows OS's > that any non-privileged program can add new .EXE files to > the system directory and modify the registry such that > those newly added programs autostart on boot? > Or is it a BUG which was exploited? The reality is that it is both Feature and Bug. The difference depends on perspective and timing not on technical details... What was once a feature would be seen as a bug if designed today. Times have changed. "Back then", many would have claimed that making software easy to install on Windows machines was appropriate. End users had trouble dealing with passwords, didn't understand security constraints, etc. and, Windows machines weren't "mission critical" -- they were just desktop front-ends to other more well protected systems. But, those times have changed. What hasn't changed very much is Windows' idea of security. It is the same with email protocols. I built my first email system in 1980 and shipped my first product containing email (DEC's ALL-IN-1) in 1981. (It had 54% market share for commercial Office Automation back in the 80's). I also participated in numerous international standards efforts related to email. However, I don't think I can remember a single instance during the 80's when spam was seriously discussed as something that should be addressed in email protocol design. It has always been with us, however, people trusted that folk would use the network well and that peer pressure could get people to stop sending inappropriate mail. This naïve and hopeful view of the world was shattered during the 90's... What we've got now is a legacy problem. There are thousands of software applications that rely on the virtually non-existent security in Windows to do what they need to do and we've got thousands of mail packages that rely on old protocols designed for a different era. It isn't useful at this point to tag things as "bugs" or "features." What we need to do is define what the correct behavior should be "in these times" and then deal with all the issues related to bringing all the old systems up to date. If Microsoft is to be faulted, it isn't for making the original design decisions in Windows. They should be faulted for not having addressed the issue of re-design more aggressively as the world changed around them. > I really believe we are nearing the actual > heart of the spam problem. Yes, the "heart" of the problem is that the people who designed the systems being exploited by spammers today had a very different worldview than they would have if they were designing the same systems today. The people who designed the systems in use today didn't anticipate fully how those systems would be used. These systems were designed during a "kinder and gentler" time. The world is a different place today. bob wyman _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- RE: [Asrg] Viruses Tom Thomson
- [Asrg] Viruses gep2
- Re: [Asrg] Viruses Vernon Schryver
- [Asrg] Re: Viruses wayne
- Re: [Asrg] Re: Viruses Steven F Siirila
- RE: [Asrg] Viruses Hallam-Baker, Phillip
- RE: [Asrg] Viruses Bob Wyman
- RE: [Asrg] Viruses Vernon Schryver
- RE: [Asrg] Viruses Barry Shein
- Re: [Asrg] Viruses Barry Shein
- [Asrg] Re: Viruses Bruce Stephens
- Re: [Asrg] Viruses gep2
- RE: [Asrg] Viruses Bob Wyman
- Re: [Asrg] Viruses Walter Dnes
- Re: [Asrg] Viruses Mark McCarron
- RE: [Asrg] Viruses Barry Shein
- RE: [Asrg] Viruses Barry Shein