I’ve had some questions and a theory about spam running around in my head, so I decided to let them out here. To start with background reading, here are some spam statistics from 2003 and a whitepaper from MessageLabs. There as been a nearly three-fold increase in the amount of email sent (31 million per day in 2003 vs approximately 80 million per day in October 2004) and spam has risen from 40% of all email to over 75%. By further extrapolating my already tenous numbers, I figure that means about 60 million spam messages a day. I know I get my share, how about you?
What started me on this line of thought has been a sharp decline in the number of spam messages I’ve received since Christmas. Is this just a coincidence or is there a real reason for the abatement in spam? I’ve been trying to find the article, but I remember reading that a large amount of all spam comes from compromised home computers with broadband. These systems get infected with various bots, worms and trojans and are used as part of a spam bot-net. Unwittingly, families across the nation are contributing to the spam they curse on a daily basis.
Now for my theory: Along comes Christmas, and those same families buy new computers as their big gift for the year. Hundreds of thousands of old, infected computers around the world are being replaced with new, clean computers. The bot-nets are at least inconvenienced by the loss of the nodes, and it will take them a little longer to find replacements. Hopefully the new computers will have XP with the firewall enabled and some sort of anti-virus installed by default, further limiting the ability of the spammers to find new victims.
On the other hand, it could just be that my personal encounters with spam are just a statistical anomoly and spam continues unabated. But some times I like to be an optimist.
I thought the last couple of days sucked for me personally, but after getting to work this morning and finding out about the earthquake and tsunami in the Indian Ocean, my problems suddenly seem very, very small in comparison.
Yesterday, I locked myself out of the house, and with the rest of my family still on vacation, I had no easy way of getting back in the house. A broken window in the front door allowed me to get back in, but also taught me a valuable lesson in home security: locks and doors are only aimed at keeping the casual lawbreaker out of your house. A determined intruder will break in, no matter what. I guess the same goes for all the computer security we practice on a daily basis; a truly determined intruder is going to find that one host that’s improperly configured. Human error is still our biggest security threat.
Then, this morning, a truck kicked up a rock that almost shattered the windshield on my wife’s car. I hadn’t realized how bad the damage was until I got to work. Let’s just say that I was very lucky, because if the rock had hit a foot higher, I’m pretty sure I wouldn’t be here to post this. I’m hoping insurance will cover the majority of the costs for this.
But this was topped by one of my co-workers, who discovered on X-mas eve a short in his house wiring that was bad enough to blacken the wiring all the way out to the transformer on the street. His electrician is saying problem will cost over $5000 to fix. Luckily, home owner’s insurance should nearly cover all of it.
On the other hand, I’m alive, in good health, as are my family, and my house wasn’t hit by a tsunami or earthquake this weekend. I think I’ll take all of my minor problems and just be thankful.
Know Your Enemy — Trend Analysis
Boiled down, this whitepaper states that Linux systems are being compromised in months, whereas Win32 systems are being compromised in hours or minutes. The suprising statistic is that Linux systems are staying safer longer then they did a year ago. The paper suggests a couple of reasons, mainly that the installation of most Linux distro’s are coming out better secured by default.
I think the main reason is because a hacker is going to get more bang for their buck off a compromised Win32 system than off a Linux system. A Win32 user, on average is going to be less likely to even notice the comprimise and once they do notice, they’re going to be less likely to know what to do about it. Plus, the sheer number of Win32 systems almost guarantees that any vulnerability, no matter how small, will find unpatched hosts out there.
Which leads us back to layered security: Security is like an onion, it has layers. I was going somewhere with an obscure Shrek referrence, but I think I’ll sign off now instead.