The *Only* Sure Way To Stop Spam (Langa)

With the holiday season here, the level of spam is going through the roof. This reader has correctly identified the one and only way to stop spam for good— and it’s not a filter, not legislation, and not anything exotic at all:

“Hi Fred! I hear more and more news about stopping spam; Filters, programs, and legislation. I read about Yahoo’s idea to use message authentication to stop unwanted email. I am concerned that the laws are completely un-enforceable, either due to loopholes or simply the capabilities of the technology. I am worried that additional security / authentication will increase cost and decrease performance. Too much security and authentication will stifle the medium.

IMHO, there is one way guaranteed to stop spam. We need to get the public to STOP BUYING THE CRAP IT ADVERTISES!

Spam is so cheap to send, one paying customer covers the advertiser’s cost for millions of emails. If we could just get everyone to ignore it, and not buy anything from the spammers, it really would go away. As soon as it is not profitable, it will cease to exist.

We need a public service campaign that starts out “Let’s face it, 100% of the stuff offered by spam-mail is utter CRAP. There is no miracle weight loss formula. No herbal remedy is going to make this part longer or that part fuller…”

Advocate that people make a simple personal rule “If it was advertised in an [unasked-for] email, don’t buy it.” Period. Ever. If it really sounds like a product you can’t live without or it’s a great deal, search for it on Yahoo [or Google]. If the maker is actually trying to sell the product, they’ll have a web presence [and you can buy it there, rather than in reply to the spam mail]. Just my 2 cents. Take care!

—Matt Lavigne”

Matt is right. Spam exists because it works, simple as that. Some percentage of people *do* respond to spam offers, and that’s more than enough to keep the spammers in business.

When you get spammail, just delete it. Don’t reply to be “removed” from their list. (It doesn’t work.) Don’t send back a fake “bounce” or “bad address” message. (It only helps spammers make their mailings more cost efficient.) In fact don’t do anything: Just delete the email, preferably unread. That— and only that— ensures that the spammer has just wasted a little money on you.

If enough people do this— if enough people force spammers to waste a little money— then the economics of spam will change, and it will no longer be lucrative. When spammers no longer can make easy money by spamming, they’ll stop and move on to the next scam.

Good spam filters can help you sort the spam for easy deletion. Good legislation can help apply pressure to the spammers where they live. But the ultimate solution to spam is to make it unprofitable.

Do your part to help drive the spammers out of business. Take the pledge: Never, ever, buy *anything* you see spamvertised!

Posted in Privacy, Security | No Comments

HijackThis And CWShredder Have Moved

Heads up for those who link to or recommend HijackThis, CWShredder, the Coolwebsearch Chronicles, or to any other file at http://www.spywareinfo.com/~merijn/. Merijn has his own web site now, located at http://www.merijn.org/. All of his files can now be found there.

Here are the most common files accessed on his site.

http://www.merijn.org/files/hijackthis.zip
http://www.merijn.org/files/cwshredder.zip
http://www.merijn.org/cwschronicles.html
http://www.merijn.org/htlogtutorial.html

Posted in Security, Software | No Comments

Open Letter To Dell Inc. From The Security Community

For Immediate Release. Please distribute as you see fit

December 2, 2003 — We in the antispyware, antivirus and security communities would like to express our disappointment with the new technical support policy in place at Dell Inc. Dell’s new support policy does a disservice to its customers and puts everyone on the internet at risk, including non-Dell customers, by discouraging the removal of malicious software.

Dell’s new policy came to light in a recent issue of the Lockergnome Windows Fanatics newsletter. This policy forbids Dell technical support persons from providing assistance to customers in removing infections of unwanted commercial parasites. This policy forbids providing removal instructions or recommending a spyware removal program. The policy even forbids mentioning informational web sites that can provide information about the spyware and how to remove it.

According to a Dell employee, the only acceptable response to a customer infected with spyware is to refer them to their Internet Service Provider (ISP).

A spyware-infected computer is not a problem for the ISP. This is a problem for the company that sold the customer an agreement for technical support along with their PC. Dell should honor that agreement, not pass the buck to overworked ISPs who correctly will refer people back to the PC vendor.

Dell claims that removing spyware may violate the license agreement of other software that may have installed the spyware and cites this as the reason for the new policy. Perhaps Dell Inc. is unaware that many spyware programs and most other commercial parasites are classified and targeted as viruses by industry-leading antivirus software.

Will Dell forbid employees from recommending an antivirus program? Will Dell prohibit their techs from suggesting a firewall because it might be used to block a spyware program from sending user data to its vendor? How far does this policy go before common sense prevails?

Countless thousands of people become infected with all manner of commercial parasites every day. Most of these parasites have no license agreement and exploit security flaws to install themselves. How can you violate a license that doesn’t exist? The parasites that do include a license agreement may not disclose the undesired effects they have on the user’s computer and may provide no means of removing it.

It is ironic that Dell Inc. would institute a policy forbidding advice about how to remove spyware. Dell itself includes an antispyware product on all Dell PCs that ship with a built-in DVD player.

According to Pacman’s Portal, “it seems that after Dell found out certain applications being installed from DVDs would report back information about what customers were watching, they decided to implement an anti-spyware service.” Specifically, an application called DVDSentry disables the spyware that may come with some DVD player software.

How can Dell justify a policy of withholding information from spyware-infected customers when they distribute an antispyware product themselves?

It is inappropriate for Dell to make decisions based on a license that might exist, associated with software that might be present, which might forbid removing the parasite causing problems for Dell’s customers. Dell is not associated with this software or their vendors, has no knowledge of what may or may not be in the license or even if a license exists at all.

It is understandable that Dell does not want to provide manual instructions on removing commercial parasites. Few people are qualified to provide proper spyware removal instructions today. It is probably not possible to give that sort of advice over the telephone. You need log files, links to specialized removal software and, most importantly, you need experience in removing these parasites manually.

What is not understandable and certainly not acceptable is that Dell requires its technicians to withhold information from paying customers. It is irresponsible to refuse to help a paying customer remove a parasite infection by pointing them to a site that can help them. That infected customer might infect someone else and Dell would be directly responsible for any damage that caused.

We call upon paying customers of Dell Inc. to contact Dell and ask them to retract this policy. One day it may be you asking for help and being told “Sorry, removing the virus popping up pornographic ads in front of your children might violate the license of other software”.

Dell Inc. should be more concerned for their paying customers than for persons who would distribute spyware and viruses. We call upon Dell Inc. to retract this misguided policy and allow their support technicians to refer infected customers to web sites that can help them.

Respectfully,

Mike Healan, SpywareInfo
www.spywareinfo.com

Tom Wilson, TomCoyote
www.tomcoyote.org

Bill Webb, CounterExploitation
www.cexx.org

Kevin McAleavey, Privacy Software Corp
www.nsclean.com

Mike Cashman
www.mjc1.com

Paul Wilders, Wilders Security Organization
www.wilders.org
www.wilderssecurity.com

A. Porter, SpywareGuide
www.spywareguide.com

J.Hertsens, XBlock
www.xblock.com

This letter is available in PDF format at http://www.spywareinfo.com/articles/dell/support_letter.pdf

Posted in Hardware, Security | No Comments

The Keyboard Organizer

MyKeyO’s Keyboard Organizer is the worlds first and only fully functioning computer keyboard that opens to have internal storage to organize the computer desk top area.

Posted in Hardware | No Comments

So Long, 4th Amendment. It Was Nice Knowing Ya

What if I said the FBI could order your bank, ISP and telephone company to turn over all records and logs relating to you without a valid warrant, then force everyone involved to cover it up?

That doesn’t sound right because the Fourth Amendment should prevent that sort of thing. Let’s say the FBI does an end run around the Constitution by issuing itself a so-called “national security letter” which states that the records they want are relevant to an investigation into terrorism. The FBI wouldn’t need to show probable cause, have any evidence of this or even consult a judge first.

The organization that is forced to turn these records over is issued a gag order and kept from revealing the subpoena’s existence to anyone, including the subject of the investigation. Violating that gag order would be worth a trip to federal prison for the offender.

If I were to tell you that, would you think I had lost my mind? Or would you think I needed to loosen my tin foil hat? Certainly someone has gone mad, but unfortunately it isn’t me. The outrageous scenario above is exactly what can happen now.

http://www.spywareinfo.net/nov25,2003#whatfreedom

Posted in Privacy | No Comments