Saturday, May 12, 2007

The Vista verdict

So Microsoft have finally launched the much delayed, much lambasted successor to XP Pro on the general public; who on the whole feel betrayed. So what's the big deal? Is the public reaction fair? I've decided to go into this for the non-techies as a general comparison guide.

Microsoft are well known for applying the "most secure Windows yet" tag to their new product, only to have hackers start finding exploits within days. It's a sales pitch, NOT an unbiased opinion. This time round Bill Gates has upped the ante on the sales pitch and declared Vista the "most secure of ALL operating systems". I didn't know Bill decided to go into comedy, apparently his debut was on BBC News.

Some of the design flaws of previous versions of Windows have finally been addressed apparently, so I can accept it is the most secure version of WINDOWS (for now, until the holes start to show). Many flaws are down in large part to the thinking of Microsoft, with any operating system you need to create a new user account for each person using the PC which allows them a private place for their files and access to programs they need. Until Vista that default user account was an ADMINISTRATOR account.

Let's put this in perspective here, with a normal (Windows calls this a "restricted") user account, the user is limited to what changes he/she can make and where they can store documents. This means they cannot install/uninstall programs, or delete vital system files. An "administrator" account is effectively a "God" account.....with it you can do ANYTHING on that PC even if you have no clue what you're doing. This means the average Joe playing with Windows can destroy their PC by clicking things. It also means that any malicious programs like viruses can act as an ADMINISTRATOR and destroy your security...it's EXACTLY what virus writers want you to do. Some parts are kept away from normal users for a reason.

This level of user permissions as a level of security has been standard in UNIX/Linux and the Mac (built on Darwin which is a deviation of FreeBSD UNIX) since before Windows 95 arrived on the scene, why has it taken until now to finally sort it? Is it because a user who destroys their own PC helps the local economy by employing an engineer to fix it for them, or the local PC shop by buying a new license for Windows and paying to get it reinstalled? Remember Microsoft are a huge commercial outfit, their business is to make money, their method of making money is sloppy products and support.

With both UNIX/Linux and Mac's the concept of viruses, trojans etc are practically unknown. They do exist but are so uncommon that there's no need to run all these protective programs, which are part of the territory with Windows, unless you are using it as a gateway for an unprotected Windows behind it. This is partly due to the success of Windows, after all if I were to spend time writing a key logger (a program which sneaks onto your PC, records every key you press....and sends it back to me without your knowledge, giving me your bank account details etc which would easily allow me to steal your identity) I'd write it for Windows. Why?

  1. Windows exploits are legendary, it's such an easy target compared to UNIX/Linux or Mac's due to the design bias of style over substance.

  2. Around 80% of people who visit your target zone (your infected web site) will arrive in Windows using Internet Explorer as their browser since it comes with Windows. Most of those will be clueless users who assume corporate superiority means IT security and foolishly believe themselves to be safe. In reality they are the most vulnerable.

Until Mozilla Firefox started to bite into the Microsoft domination of the browser market, they couldn't give a hoot about the user or the danger the user was in online. Too many people got sick of pop ups, programs downloading and installing without asking for permission etc that they abandoned Internet Explorer and switched to Firefox. I am one of the converted. They like to have control, something which Microsoft decided it's users didn't deserve. Late last year with Internet Explorer 7 Microsoft finally had an answer to Firefox, which is a HUGE improvement although has the trademark Microsoft talent for hogging resources. If you have to use IE, use IE7......if you don't need IE, then use Firefox.

Since Windows has been the target of a LOT of hackers you can understand them trying to lock down the kernel (the heart of the PC) to stop hackers changing things however, locking out third party security companies from being able to write programs to HELP keep you safe is a VERY bad idea, especially as you're then relying on Microsoft to protect you. To me that's like hiring Michael Jackson as a babysitter, and locking the doors. Microsoft got an unusually strong backlash from the IT community and in the face of a PR disaster had to rethink that policy.

They did however stick to another VERY controversial idea called DRM. This DRM is being cited as a primary reason why people across the world are refusing to touch Vista. DRM or Digital Rights Management to give it it's full name, is (in theory) a way to prevent piracy and ensure that movie studios and record companies get paid for their work. In practice it's much more insidious.

With DRM Vista looks at ALL media on your PC; your video files, your music files, your software etc. It looks at media in temporary (removable) media...CD's and DVD's to normal people. It then decides through a digital signature if this is genuine or not. If it decides it is, then your PC acts as it should and you can play them. If it decides to fail you then a range of things can happen.

  1. With video or music files (either on the hard drive or on a CD/DVD it can reduce the quality of the output, so the High Definition DVD you bought will look like a normal definition DVD, or the sound may be crackly. Or it may refuse to play altogether.

  2. Unless you have the right connector and cable leaving your PC (as judged by the movie studio) the same might happen as above.

  3. You will be restricted to only playing it on the PC itself, so transferring it to an iPod or blank CD is forbidden.

  4. If you want to use your PC as a streamer to a remote device under the TV to watch your movies on your TV it may decide not to let you.

  5. It may start freaking out, giving you errors, rebooting etc telling you that "piracy is illegal" etc.

Remember, this is what you live with EVERY DAY with Vista, you gamble your PC every time you buy a new CD or DVD that it'll be able to play the way you want, and that some part of the code on it won't be picked up as "pirated". It could be something as simple as the record company in question have not paid Microsoft yet for a DRM code......and the CD you insert is triggered as "pirated".

Along similar lines is WGA system first introduced in Windows XP to much criticism. WGA (Windows Genuine Advantage) is an update (bug fix) which by all legal and technical viewpoints is SPYWARE, but it seems that yet again Microsoft write their own laws. It is installed as a "critical update" on any unsuspecting Windows user's PC, and is used to check if the version of Windows being used is "genuine" and not a pirated copy. This is NOT critical.

In theory this would be fine, however it follows the usual Windows ethic of being badly written. It has come in for a flurry of complaints from genuine Windows users being told their PC's are pirated. Since it scans your hardware when it first registers you, any change like an upgraded sound card will appear to WGA to be a separate PC which will fail your test. It seems to get as many wrong as right. If it decides your Windows is pirated it can trigger all sorts of problems for you, which the only answer is to back up what you can and reinstall Windows......if you know how. Failing that, a trip to the local PC store to buy another Windows license is on the cards, despite the fact you already have a perfectly valid one.

This flawed system is at the heart of Vista and has been hailed by Microsoft as a victory against software piracy. In XP Pro you needed to have passed this WGA test to get updates. They did leave open "critical" updates to everyone; genuine or not as a security issue. This is only an issue when you're updating. In Vista they've went a whole lot more intrusive and now require the PC to contact the mothership VERY regularly to check it's genuine.....without asking your permission. No doubt they take a whole load of other data readings from your PC, like what movies are on it, what music is on it......as marketing info.

Between the DRM and the WGA systems your PC could potentially turn into a doorstop with flashing things on the screen at any time, with any provocation, all of which you'd be powerless to prevent and expensive to repair. This is not counting any missing data, downtime or useless CD's or DVD's. It means you're renting your PC, even although you own it....Microsoft can lock you out of your own PC at any time. For a more in depth look at Vista's DRM check this article out. A Cost Analysis of Windows Vista Content Protection.

This week Microsoft and Bill Gates have been doing the media interviews to sell Vista, these programs have had their own correspondents look at it and single out it's features. The new fancy 3D transparent windows which flip over when you mouse over them look great. This is not new, it's been standard fare on the Mac for a few years. It's also available through a free additional program for Linux. It's eye candy with very little value other than the "show off factor." The difference with the Linux version is that you add it on if you want it and want to spare the extra resources to run it......are you sensing the concept of "free choice" here yet?

With every operating system there are two sets of figures for us to keep in mind when judging if we need to upgrade or not; the "minimum" and "recommended" levels of hardware. As PC hardware advances it gets cheaper for the same or more power, it also means that a PC which was "cutting edge" last month has now been superseded. This is progress, it can't nor should it be stopped. It is however a marketing departments dream psychology to get the customers into. UPGRADE! UPGRADE! UPGRADE! However, for most people upgrading is not needed. There is no need for the very latest PC if you surf the web, send emails and write the occasional letter. You'd be amazed at what you can do with a Pentium 2 on an efficient combination of programs and operating system. These programs don't need to be very resource intensive......try telling this to Microsoft and they'll look at you as if your head had turned into an cartoon anvil. For that matter, try asking in a PC store for a PC without Windows installed, and you get the same reaction. It IS possible despite the blank looks you'll get.

With any operating system, it uses bigger programs, more RAM memory, more CPU time etc to deliver the fancy effects we like, which is fine up to a point. Vista has taken this to ridiculous extremes requiring 15GB just for the operating system (not counting any programs). Only a few years back a 20GB hard drive was seen as HUGE, and was very expensive...now that same hard drive would be 75% full with Vista. It recommends a whopping 1GB of RAM to see the effects. The same principle applies as before, many people have 512MB in their "new" PC's. The result of this, is that Vista requires you in many cases to go and give money to your local PC store to upgrade your RAM, hard drive and in some cases your CPU (apparently a Pentium 4 is borderline low) which it then steals any new capacity you have to run all the fancy eye candy, and assorted bumf you'll never use and are most likely spying on you. In my opinion when you buy new hardware you should have that capacity to use as you see fit....not to feed it to a bloated operating system running all sorts of extras you don't need. The end result of this, is paying for lots of new stuff and getting NO PRACTICAL advantage.

To give a comparison for hard drive capacity of other operating systems. Windows XP needed about 4GB, Windows 2000 needed about 2GB and Windows 98 sat happily on 1GB. Windows Vista (in the spirit of sloppy bloated programming) have decided they need a whopping 15GB. Remember this space is for the operating system only, if you want to actually do anything with it, you're gonna need space for programs too. The Microsoft Office suite (which requires an additional license at around £100) is around 500MB for the full installation. Assuming you want to save your work you're gonna need space for that too. Adds up huh?

Linux is a very different animal altogether, first it's available in many different distributions, which all vary in different ways. Second it's a complete system which includes many software packages you'd have to pay for with Windows. Even a fully stacked Linux installation would take around 3GB. By "fully stacked" I mean including around 15,000 software packages for everything from Python programming to the full OpenOffice suite to CAD programs. Since Linux software is as simple (in most cases) as opening a "package manager" and ticking them from a list most people tend to install packages for their own uses. I would have no need for many packages yet others would find them essential while others may have no need for an office suite while I need a word processor. This means that the average Linux installation is around 1GB INCLUDING software. In short, it's efficient......and free (in most cases).

An "at a glance" guide (in no particular order).

Windows

  1. On around 90% of the world's PC's through marketing monopolies.

  2. EVERY piece of hardware you buy is Windows compatible.

  3. Very versatile due to the sheer amount of software available for it.

  4. Anyone who's used a PC at work or a friends house, chances are, (unless you have a technically minded friend or a boss with some sense) it's Windows.

  5. Costs a fortune to continually upgrade and patch to keep ahead of the hackers. Virtually ALL of the nasty PC stuff online like trojans, viruses etc are WINDOWS exploits.

  6. For gamers there is really only Windows, other than using a games console like the XBOX 360 or Playstation 3.

  7. Rated highly only by people who have no IT knowledge or who rely on Microsoft to make a living such as PC stores, software and hardware developers.

  8. Every part of the system is aimed at selling you something.

UNIX/Linux

  1. Many different distributions are free (not free as in pirated, but LEGALLY FREE). Some charge a small fee, some charge only for support......the Linux ethos is free through the GNU General Public Licence.

  2. Most if not all distributions offer a full software suite free on installation. Packages which are not available on installation can be downloaded free afterwards.

  3. Linux is a workhorse operating system, it's ethos is substance over style. It's built with security in mind from the ground up.

  4. UNIX/Linux are the backbone of the internet, chances are most web sites you visit (including this one), mail servers dealing with your email or databases which check your login details are running either UNIX (FreeBSD) or a Linux distribution. It's an efficient high workload PC which effortlessly handles everything thrown at it meaning stability is better than Windows. Microsoft have recently tried to demonize UNIX/Linux and get into the server market but have failed miserably since the administrators who set up and run servers know the value of stability and security.

  5. Many distributions are awkward to learn and use....until recently with Ubuntu which is aimed at the novice user while still having a full powered Linux under the hood. Ubuntu is free, and is a dual use live / install CD which allows you to try running it from the CD without changing your Windows setup....if you don't like it, simply reboot. If you do you can install from the same CD.

  6. With Ubuntu Linux it's now as user friendly and versatile as Windows (if not more so) with a full package list that the normal user would need from Firefox web browser to Evolution (an Outlook type email and personal organizer), OpenOffice office suite which is fully compatible with Microsoft Office to GAIM (a multi network personal messaging client).

  7. Games are very limited on Linux, if cutting edge gaming is your PC's role in life.....forget Linux.

  8. It's a customizers dream.....EVERYTHING is customizable, it's YOUR PERSONAL COMPUTER, not anyone else's, and as such it should be able to reflect your needs. Desktop themes and widgets (little programs like stock counters or temperature guides) are endless with Linux, simply go look and install.

  9. All the usual brand names like Adobe, Macromedia etc generally don't do Linux versions of their programs however in many cases there are Linux community versions which do similar jobs, just differently. GIMP is a brilliant image manipulation program which is as good as Photoshop....this means getting used to working with different programs. The alternative is to use WINE which allows Windows versions of programs to run on Linux (this is not perfect but it works mostly).

  10. No need for anti-virus, anti-spyware programs....it's not required. Around 40 viruses affect Linux and none are in the wild compared to around 100,000 and counting for Windows, with around 1,000 new added each month.

  11. Works on most hardware except WINMODEMS and WINPRINTERS although don't rule out some tweaking issues with some distributions.

  12. With the software being free you can experiment with things you'd normally need to pay for...only to find it wasn't for you, losing you money. If you don't like something, just uninstall it with no loss. Who knows where your PC skills will take you.

  13. Most Linux distributions are community based, which means sharing and helping others. The communities are often stacked with people skilled in administration or programming who know their stuff and encourage you to learn and take part. You are welcomed into a HUGE new family.

Mac

  1. Aesthetically beautiful. It is NOT style over substance though as the Mac is built with Darwin (which is based on FreeBSD UNIX) which means that security and stability wise most of the Linux guide applies.

  2. It uses proprietary hardware which although excellent is expensive compared to others.

  3. Many software developers offer Mac versions of their programs, but not all. The list of software is MUCH less than for Windows.

  4. Mac's are only available in certain locations, the same restrictions apply to repairs and upgrades.

  5. Excellent for media manipulation, like video or music editing, but rather limited in range of tasks due to lack of software.

  6. Most IT professionals prefer one of the following UNIX / Linux or Mac.....none prefer Windows.

  7. It is still a monopoly situation, albeit a more ethically popular one.

  8. Did I mention aesthetically beautiful?

It all comes down to what you want or expect. Vista has went down like a lead balloon in many quarters; it's been slammed over so many issue in forums around the world. It's causing many loyal Microsoft customers to abandon them....in short, it's arrogance, incompetence and corporate greed have been exploited to new levels and the public have given it the thumbs down. Of course some will need to upgrade to Vista.....gamers will always require the latest kit and developers generally only see one show in town which is the latest offering from Microsoft. Even business is dubious at Vista, which is a major new development. They seem to have gotten it wrong on so many fronts in one product. I sense a "sounded like a good idea at the time" footnote being welded onto Vista's place in history.

I've stuck with Windows until now for a few reasons, first I am an MCP (Microsoft Certified Professional...PC engineer in basic terms) and I know I can fix my PC. Some of my hardware (my modem to be exact) are of the cheapskate and reliant form. It is a WINMODEM not a MODEM, I didn't know when I bought my PC there was a difference, I've since found out that not only are WINMODEMS popular but WINPRINTERS are also out there. This means that it allows PC bundles to be sold cheap as the components are not full, the software needed is built into Windows......which means that they won't work under any circumstances with any other operating system. Sneaky huh? This means I need to buy a REAL modem before I can get online with Linux. Anyone buying a new PC bundle, ask the sales staff if the modem and printer are the WIN variety, if they are...REFUSE it. By accepting this type of hardware it continues the Microsoft monopoly and you're denying yourself the choice down the line.

The final nail in the Windows coffin for me, is that when you try to do things right with user accounts and permissions....the stuff that should be built in to Windows from the start, it fights you every step of the way. I'm sick of having to log into the admin account to change a program setting, and remembering to set the "run as" on my clock so it works when I switch back to the normal user account. I'm sick of EVERY program needing admin rights to run, so I have to right click and "run as" EVERY TIME. The restricted user seems to be able to do nothing fancier than rebooting the PC. It seems to have the memory of an educationally challenged goldfish.

It's no surprise that Microsoft have been caught trying to pay a blogger to edit a Wikipedia entry on their behalf. The products are awful, the PR is largely deserved, and instead of spending time and money making it better, they use underhanded methods to try and fool the public by limiting the bad PR. Says a lot huh? Many people like to join the bandwagon, I have justified reasons for my views.

For the last couple of months I've been making plans to switch over to Ubuntu Linux and abandon Windows to it's fate....hence the lack of recent articles. I urge EVERYONE to abandon the Microsoft Titanic if they can.....try Ubuntu Linux, it's free and 100% reversible by simply rebooting and ejecting the CD when told to, or to a Mac OSX...either way you will be doing yourself and me a favour. What difference does it make to me? I get spam, like everyone else, the botnets which run these spamming campaigns are Windows which have been compromised by hackers....switching means one less Windows PC to get infected....which means one less potential node on a botnet spamming us.

Thursday, May 10, 2007

The SPAM WAR Manifesto

My blog has only been in existence about one week, and already it's been spammed 12 times by one company. This company have tried to post to some of my blog entries which have NO connection to their business. They may use Microsoft Vista, but their product has nothing to do with my views on it. They may use Meebo in some blogs, but again it has nothing to do with instructions on how to set up Meebo.

Online Pharmacy | onlinepharmacy@noprescription.com | noprescriptiondrugstore.com | IP: 205.211.216.53

They are gracious enough to include the words "this is a promotional message if you feel offended by it please delete it." Really? Well, this is a personal blog, and I DO feel offended by it, so please stop spamming it. Of course; whether you're offended or not is irrelevant, they will still feel justified in doing a drive by and spamming their "promotional message" anywhere they like. The latest was on April 8th, 7:55 PM GMT

I have been thinking over the last couple of days about how to fight this, and had decided to suggest that anyone who wants to kill spam should get several free email accounts from GMail, Yahoo, FSMail, AIM etc and spam the companies who benefit from spam. Spammers use botnets to spam from, they fake headers etc. This means that there will be no email account called hjgjgfjhdsag@ghdsjgfjds.com, yet this is apparently where it came from. They fake the mail servers paths too....so backtracking is very difficult. Often when you do backtrack, it turns out to be some poor sucker on Windows who has no idea the porn site he visited in Internet Explorer has allowed a programs to be installed on his PC and is now being used as a zombie.

What you CAN look at; is who benefits. You get 15 emails all from different addresses all pointing you to one URL...who makes the money if you're stupid enough to click on that link and buy from them? Right, that website. They want a respectable front where they can deny the spam campaign. They also have "sales" emails, along with "customer services" etc.

This is where you use the same subject and body details, and spam THOSE email addresses. Send them 100 for every 1 you receive. Overload their mail servers every time they check for incoming mail. After all, they WANT your incoming sales orders don't they? They have NO respect for your time or bandwidth, why should you have any for theirs? They continue regardless of the fact that users HATE spam.

After a while with some luck they'll be too busy emptying their OWN inboxes of spam that they won't have time to send another round of spam out to us. To add to this I'd suggest signing those emails up for lots of online fanzines, newsletters etc.....making sure to tick the "yes I'd love to get promo material from third parties" and "yes, inform me as often as possible of all new services and products" boxes. The point here is to teach the spammers a lesson. That if they want to flood us, we CAN fight back until they choose to stop.

I've created my own SPAM WAR email list of shame so the spambots can harvest some of their OWN emails, add them to the list and spam THEMSELVES......and each other. To help this effect going I'd ask everyone to do something similar.

Of course these free email accounts will at some point be closed for spamming, which is why you want to create accounts for that purpose only. I'd suggest avoiding using any title which gives away your intent, like ihatespam@yahoo.com, it may be blocked.....which kinda defeats the purpose. I'd also suggest a more casual rate of fire so that the scripts running these free email services don't pick you up as a potential spammer. When one account is closed, simply create another.

I googled "spam war" and found that two anti-spam sites were forced to close due to the spammers taking offense at someone daring to fight back and bringing down the servers with a DOS attack......from a huge botnet. This has led me to rethink my initial plans. I did however find a page which is more detailed, more measured and will probably get more results than my initial ideas. I've decided to post the whole lot below to help spread the message and encourage the fight back.

Everything below the horizontal line is copied directly from http://www.webweasel.com/spamwar.htm I have modified the content for display purposes only. It is now justified, with lists etc.....I have changed NONE of it's content.


THE SPAMWAR MANIFESTO

Unsolicited Commercial Email, Spam, is crippling the effectiveness of the Internet. Roughly 80% of the mail arriving in a typical email users' mailbox is spam. This is an incredible drain on users, involving millions of dollars of lost time for businesses, frustration for users old and new, and clogging system bandwidth and disk space.

Technology has not solved the spam problem, nor is it likely to. Filtering technology has been ineffective. Government will not enforce the laws that have been enacted until citizens start to demand action; so far, they have done very little. And the UCE industry has demonstrated a blatant disregard for the law of the land and common decency.

Therefore, we, the users of the Internet, are declaring war on spam. This war will continue until the UCE industry obeys the existing laws. We demand that the UCE industry:

  1. Provide functional opt out procedures,
  2. Stop forging return addresses,
  3. Label advertisements in the subject line,
  4. Comply immediately with 'do not contact' requests.

The FTC has announced that it is 'collecting' spam. You can refer spam to uce@ftc.gov. Since the government refuses to take action to enforce the laws, we will send every piece of spam in our inboxes to the FTC until they take positive action. There is a small underground movement of users who are already doing this on a case by case basis. The goal of SPAMWAR is to amplify this and give it a focused strategic goal. We will conduct this war email by email, making the lives of the spammers hellish until they surrender unconditionally. It is time for the users to take back the Internet.

SPAMWAR TACTICAL MANUAL

Rather than attempting to deal with the situation passively by simply attempting to filter spam, we will take massive non-violent action to clog the inboxes of the spammers.

Every spam solicitation needs some kind of contact point. The goal of spamwar is to identify that contact point and send them email. Lots of email. Just like they do to us. Each time you read your email, sort the messages you want from the spam. Move the letters you want to save into appropriate folders, and the spam into the trash, but don't delete the trash yet. Go through each message in your trash.

Although the reply addresses are forged in 90% of all spam, it is a useful exercise to probe them. A technique called the 'dead cat bounce' is useful. Send an email titled 'You are an asshole and your cat is dead' with an empty body to each spam, being sure to BCC yourself. Write down the address of each dead cat email or cut and paste them into a temporary document.

If the email address is functional, you will get the BCC but not an 'undeliverable email'. Cross off the ones from the list which bounce.

Next, sort out the commercially bulk mailed spams from the amateurs. The amateurs will typically be text messages only, often poorly spelled and formatted. The commercial ones will have lots of color, images, and elaborate (but bogus) unsubscribe links. Focus on the high-gloss spam, as they are the worst offenders who occupy the commanding heights of spamwar.

If they have any kind of web presence, there will be some evidence in the email. After all, the point of spam is to motivate you to visit some website. In some cases this will be the website of the spammer, or a temporary one set up to service the spam responses. Note the domain name of this web presence. Sometimes the domain will have a sub-domain, such as marketer23.spammers.com. Strip off the 'marketer23.' portion.

Now take a look at the amateurs. These will often be scams like work at home, chain letters, the old Nigerian bank account scam, pyramid or Ponzi schemes, and so on. Since these are patently illegal for the most part, forward all of them to the FTC spam collection:uce@ftc.comand be sure to cc: the sender.

Next for the active response portion of SPAMWAR.

Once you have some valid email addresses, and the domain names of some of the responsible parties, obtain a copy of the great literary classic Moby Dick. This is a one-megabyte file which is available widely on the Net, courtesy of the Gutenberg Project. The file is small enough so that it can be attached and sent over a dial up line in a few minutes, but big enough to be quite obnoxious if it arrives in someone's inbox. Do everyone a favor and strip the 'Gutenberg Project' fine print out of the file before sending it. I have posted a clean version of this file at http://www.webweasel.com/moby.txt.

Attach a copy of Moby to an email and start CCing each of the non-bounced email addresses. Do NOT BCC yourself unless you want to clog your own mailbox. Give the email an innocuous sounding subject line, such as 'Proposal for your consideration' or 'Here's the info you requested'. After all they do this to us, so turnaround is fair game.

Let's say spammers.com is the domain of one of the UCE websites. CC the following addresses at spammers.com:

root@spammers.com
postmaster@spammers.com
admin@spammers.com
sysadmin@spammers.com
spam@spammers.com
abuse@spammers.com
sales@spammers.com
marketing@spammers.com

Hit send. Repeat as required.

Some things to note:

  1. Use creatively abusive subject lines for 'dead cat bounce', but do not make any actionable threats. Note the difference between 'your cat is dead', and 'I'll kill your cat'. The first is acceptable (if distressing), the second could lead to legal action. Other good subject lines would be 'Your wife/husband/spouse is ugly' 'Your children are morons' 'Your wife/husband/spouse is having an affair', and so on. The point is to create mental distress for the recipient, as payback for the mental distress their UCE causes to consumers.

  2. If the spam only has a link to a remove page with a fill-in text field, fill in 'uce@ftc.gov' as your email. This will put the FTC spam collection email into their database.

  3. If the spam links to a fill-in form (such as 'get an insurance quote'), fill the form in with enough bogus data to fool the script (such as 'Joe Satan at 666 Evil Street'), and then give 'uce@ftc.gov' as your email.

  4. Often times the website will have contact information, including email addresses. Do a dead cat bounce on them and if they check out, Moby them.

  5. If you can locate the website for the marketer, but there is no contact information, go to the Network Solutions WHOIS database (http://www.netsol.com/cgi-bin/whois/whois) and look up the contact information for the domain. Then dead cat bounce the email addresses given (these are usually, but not always valid, since in order to set up the domain you have to have a valid email address). Dead cat bounce and Moby all of them.

  6. Sometimes spammers give a Web address only as an IP address (xxx.xxx.xxx.xxx). You can resolve this by using a good reverse domain lookup service such as http://www.amnesi.com/hostinfo/ipinfo.jhtml. This will give you the actual domain name and the contact info, along with email addresses which you can then Moby.

  7. If you have a company name for the spammer, type it into Google. Even if the company doesn't give a direct hit, there may be pages which tell you more information about the company. If there is a direct hit, and they have a web page with contact information, Moby them.

(email) bomb Nigeria!

We've all seen these, that is if you've had email for more than five minutes. Or own a fax machine. And it's been spotlighted in the media countless times. The 'Nigeran' scam is just an old reworking of an age-old confidence game. However it must work occasionally, probably because there is always someone who just got online, opens their email for the very first time and gets this astonishing letter promising filthy lucre.

The pitiful thing is not so much that the scam works occasionally, but that the Nigerians (or whoever is sending out these scam-spams) are so clueless about spam. It's like they have a big 'email-bomb me' sign attached to their asses.

They generally get a free account at a second-rate mail service. These accounts have a very small mailbox size limit (a few megabytes). In my experience, three or four copies of moby.txt will result in that wonderful 'mailbox full' autoreply.

Why stop there? Just forward a message to 'abuse@' the mail provider with a copy of the scam-spam, with a short note at the top to the effect 'Please shut down {email address} before some sap gets taken in'. I find that this usually gets honored by the mail provider.

So before the 'Nigerian' gets around to unclogging their shiny new account, all mail will be bounced from it, and then it gets shut down. It takes about five minutes of your time, and it could save someone with low resistance to Jedi mind tricks their life savings.

Also, it needs to be said that if you're Nigerian or live in Nigeria, please accept my deepest sympathy. It must be rough to live in a country with such an image problem, unlike certain superpowers I could mention....

Tuesday, May 08, 2007

Return of the mainframe?

The PC has evolved from being standalone machines which don't talk to each other, through dumb terminals which get their resources and documents from a central mainframe, to a combination of both as we have now. Our PCs are now more connected on OUR terms than ever before...although this may be another phase, if we all follow the Google marketing plans.

Microsoft have set the interaction method we are all used to with our PCs. They made us expect to see the “start” button at the bottom left, the clock at the bottom right etc. They made us expect the Office suite as it is. They don't innovate much, but rather buy designs from others, and brand them as Microsoft. This does not change the fact that they set the bar.

Many software developers over the years have tried to re-invent the wheel.....and have failed due to the interface being alien to what the customer is used to, leaving many to take time and effort adapting.....or deciding not to bother trying. This is why EVERY office suite looks and feels broadly like Microsoft Office.....it makes people feel familiar quickly. An office suite is mostly used in a professional environment where time is money, which means downtime to learn and adapt has a cost in output.

As PC's have evolved, where we store and work with those documents have evolved too. In a shared environment it's likely that the documents you work on will be in a shared folder on a server set up and administered by your own company. This allows people in different departments of your company to contribute to it, or read it (permissions permitting). These documents are created on your own workstation PC, by an office application like Word or Excel which is installed on your workstation. Google want to change the landscape, and take evolution a step further.....and I see flaws in their ideology.

The office suite is a killer application on any PC, no matter which operating system it's running, or which office suite it's used. Google have decided to build their own alternatives to the office suite, allowing you to make a presentation file (PowerPoint), write a letter (Word), prepare a spreadsheet (Excel) among other services.....all online. Those services being free after you sign up is a great way of undercutting the Microsoft monopoly, but I don't trust them.

Do we think that Google spend time and effort, not to mention the running costs of developing and running these services as a philanthropic gesture? Or is it more likely to be a marketing strategy? Google are the the most popular search engine by a long way, which in turn allows them to charge more on advertising. They've bought DoubleClick (an online advertising company).....in fact, they are seen by many as trying to make sure that there is no alternative to Google for advertisers......creating a monopoly.

They have branched out into Yahoo and Hotmail territory with a PM and email service and client.....which I have to admit is very nice (I abandoned Yahoo and Hotmail for Gmail because they seem helpless to stop spam). Unlike others, Gmail does not add it's own adverts to the footer of each email, but it does have a script which reads the BODY of your email and targets adverts to keywords it picks up. Let me explain the principle.

If I email someone and at some point in the body (not subject) I tell them “.....I got the new Sheryl Crow CD today, not as good immediate as her last one, but it'll grow on me......” I am likely to see an advert trying to sell me “Sheryl Crow” concert tickets, T-Shirts, DVD's etc. I have the “Customize Google” extension for Mozilla Firefox which let's me block adverts in ALL of Google's services, but all that means is that I am not seeing them in MY inbox. With the “Gmail Manager” extension it does make using the Google services nice and easy......but there's a cost that many seem not to have noticed.

Before Google, our data was created, saved and shared on our companies servers....it was all internal, meaning we (our or company admistrators) have total control over it. Google want us to transfer or work to THEIR servers, work with it on THEIR servers and have it on THEIR servers.....and of course, to make sure only you or those you allow can work with them, you need a free account with Google, which means you sign in to work with them. This covers not only the office functions, but email, PM, groups, schedulers, blogs, search history, bookmarks etc......ALL TIED TOGETHER TO ONE ID.

We know Google are happy to put profits before people; this was shown in China where they censor references to Tiananmen Square for Chinese users, or give identifying details of dissident bloggers to the Chinese government. This allows them to do business in China, and have access to the lucrative and growing Chinese market.

The US government are in a increasingly paranoid state, and see enemies EVERYWHERE.....they also demand all sorts of private data about US to help them track down potential threats to their domination. They have pressured Google for search engine history.....so far Google have resisted, although this may change. They may offer anonymous statistics, rather than identifiable statistics. This was at a time where all Google had on us was out PC's IP address, operating system, terms searched for, links clicked etc......the PC has evolved....the internet has evolved.

If you use a lot of Google services, it's like having a filing cabinet (with your private company and personal dealings) in Google's warehouse. Lets have a look at the type of data held on the GOOGLE servers....which could easily be collated and used for marketing, or handed to any government who wave enough money under the Google managements noses.

  1. Contact list (all your email contacts....not just email addresses, but business card details....often including real world addresses, phone numbers and names)

  2. Logs of every email conversation you've had with this service (including those contacts not on Google)....even deleted emails.

  3. Logs of every PM conversation you've had with the nifty little GoogleTalk program.

  4. Every draft of every letter, spreadsheet or presentation you create with them (do you do your taxes with it? Imagine the IRS being allowed legal secret access to audit you? They don't need you, just Google)

  5. Everything you ever typed into the search engine, as well as the links you clicked afterwards......not to mention the referring link you arrived from.

  6. Every video you've uploaded or viewed on MySpace (any sharing services like Flikr which Google buy fit inside this category).

  7. The IP address of your PC (or company proxy)

This list is only for the services I can see offhand. I've not been tracking what Google have bought or merged with in detail. The list could (and most likely will) be a lot more intrusive than just this. The privacy concerns are based on the principle of Google controlling it......selling it, or offering it as a trading commodity to a favourable government......it does not take into account if Google is hacked. Identity theft is big business, and most people have no clue that their daily lifestyle gives plenty for the trained eye to spot.....and replicate.

I have recently switched over from Windows XP Pro to Mandriva Linux. This is why my blog has been rather unattended for a couple of days.....I am still getting the feel for my new Linux, with a lot of configuration to sort out yet. I use OpenOffice.org for my office suite, which is free for EVERYONE, and available on Windows or Linux. It is an ideal free alternative to the costly Microsoft Office suite. This suite plays by the same security rules as most non-Google suites; ie everything is created on YOUR workstation, and saved either there or on YOUR companies servers. This is like having your filing cabinet on YOUR property, not GOOGLE's.

The idea of “mainframe” has returned.....and it's being run by Google, for the profits of Google. The more or their services you use, the more you rely on it, and the more they have on their mainframe tied in to YOU. I like some of the Google services, like Gmail, and with the Firefox extensions they are easy to use....but I will NOT be allowing one company to gather a LOT more information on me than they need to.

A free service is rarely a free service, but a trade off. When you pay for something, the cost is obvious. The trade off we accept for many free services are worth the price......but it needs to be an informed cost to make an informed judgment. Companies often have whole departments, budgets or sub-contracted companies to mine data and allow them to target their advertising......this data is like gold dust to them; they can never have too much data on potential customers.

This is the price of a free service.....the choice you need to think about is "how" you use those free services and maintain your independence, privacy and security at the same time. The first option would be NOT to put all your eggs into one basket....in his case Google's basket.