I think you have touched a very important issue. The lay users of PCs may not be aware of what causes the daily avalanche of mails promising an orgasmic utopia to be achieved by linear expansion of vital organs.

The role of buggy Windows has been vividly underscored by you.

I wonder if my own PC has been compromised and being exploited as a botnet!

Is there a way to detect it?

Thanks and regards,

S.K

You said:
"...the only conclusion I can make is that they are waging a war -- not against spammers, but against email."

Napoleon allegedly said:
"Never ascribe to malice that which can be explained by incompetence."

I'm with Napoleon! (Allegedly...)

Or you could simply switch to Linux. No viruses, no botnets, no worms ... no worries.

With Microsoft we generally get the best of both. Incompetent malice.

You need a gmail account. I also get a lot of spam, but I never have to look at it. 99.9% of it has been filtered successfully by gmail for a couple of years now. Cheeers.

Oh, I have plenty of other accounts that I use for testing, which was how I ran across this in the first place.

Yes, an obvious answer is to run (linux|freebsd|osx), but that's not going to alleviate the larger problem unless everyone does it, which is another discussion altogether.

As far as Napoleon goes, I think RLP nailed it.

There is a petition to get MS to change their practices, you can see/sign it here

Perhaps we could find a way to identify the OS that an email was sent from, and then filter based upon OS? After all, I'm sure that no one is sending legitimate email from a win box. If they are, shame on them!

@RLP:
Shouldn't that be the WORST of both?

Oh please. Microsoft is trying to kill e-mail. Yeah, and next on their hit list is the PC. What purpose would all this serve?

I suppose that anonymous support on the Internet has nothing to do with this? Also, the profit motive for criminal Spam Kings is completely irrelevant? It's disassociated with the fact that the Web is so successful, it has brought people with entirely different agendas, lifestyles, attitudes and cultures into contact with each other? That greedy, lonely, naive and otherwise vulnerable clients have no role to play whatsoever?

You have equated Botnets with Spam. This is an error. You have dismissed the numerous security advances that Microsoft has made in recent years, most recently and notably with Vista. This is an error. You have disregarded the fact that Microsoft has always been the company to go to for software that's inexpensive and easy to use (NOT high security). This is unrealistic. You have failed to mention the fact that Microsoft has one of the most active, aggressive patching systems in the world. This is studiously ignoring reality.

Let's conduct a thought experiment. Microsoft, in unrealistic perfect world, creates technically perfect security. Will the spam stop? Will the scams slow down? Even a little? Not likely. What will happen then is that social engineering, misrepresentation, and misdirection will completely take over. Hey lady, I've got a nice piece of Florida swampland for sale. Hey man, get yer valuable, exclusive, time-limited share of the Brooklyn Bridge.

If the IP address can be traced then the trickster simply persuades a mule to host the spamming service for him. Or uses Web e-mail. Or uses DHCP behind a NAT firewall on someone else's network. Or hosts out of a foreign jurisdiction where they don't have extradition agreements. Or uses an anonymizing service. Or... the avenues are as infinite as a motivated human's imagination!

It's plain fraud at heart, and it's been around forever. Confidence men, scammers, cheats and liars. The only difference is the mechanism for delivering the message.

None of this excuses Microsoft for being caught napping on the security front. We should be farther along than we are. However Microsoft executing 100% to your criteria (not their own) still wouldn't make the Internet a particularly safe place.

This has nothing to do with MS trying to get rid of email. MS is trying to make the current virus, trojan, spam and malware environment as painful as possible so they can convince gullible government types to pass laws making it possible for MS to shove Trusted Computing down our throats. Sadly, the hapless windows users will embrace it with open arms.

Wow. I love these "unbiased" reports popping up online. Can't see this article for what it truly is... Nothing but a bash fest on Microsoft. I stopped reading your mindless rants and drivel after reading your "Microsoft's massive security failures" line. Sheesh!

Jump one and all to Linux or Macs and ye will be saved! Right? Well, that is until you garner enough market share to be a viable target for those masterminding these exploits and attacks. You linux and mac fanboys should shut the h3ll up and be thankful your "security through obscurity" has kept you realitively safe thus far.

And before anyone labels me a M$ fanboy, let me say this. I happily utilize several OSes and applications from a wide variety of vendors, and I have my likes and dislikes with all of them, including M$. But I would NEVER try to pin all the security problems of the Internet on any one vendor.

BLAME SECURITY PROBLEMS ON THOSE WHO ARE CARRYING OUT THE CRIME!

Now back to the "tech writer" and his "wonderfully" written piece. This is just like that ESPN guy who ripped on Brett Farve's career. Or any other article that is created to go against the grain. You wrote this crap to get hits on site. Nothing more and NOTHING LESS.

You should be ashamed of yourself. If you cannot be impartial, don't write to the masses. Spread your proganda where it is should be spread, in a dung heap with the rest of your work.

I will no longer read your articles - because I am sure my unbiased nature would not be welcomed anyhow. Tell me I am wrong, Paul.

Oh wait, I am not going to read your work anymore so don't bother!

@ig

"No viruses, no botnets, no worms"

1. there are linux worms ... google for ramen
2. you still have to deal with all the crap spewed out by botnets and viruses regardless of your platform.

Its like smoking or obesity a public health problem largely resulting from the actions of greedy multinationals whose only goals are shareholder profit. The system is broken and there are rich and powerful people who don't want it fixed and making sure it doesn't get fixed because its making them very very rich (and power is intoxicating).

E-mail is now being referred to in my peer group as "E-Fail" for all the reasons listed above.

http://tantek.com/log/2008/02.html

We have started using wikis instead - problem solved.

The best answer I have found for this problem is EnterTo.com email. You get ALL of the email you are supposed to, no spam, and you don't lose any email to your spam/bulk folder. They don't have one and none is needed.

In Linux, I get one or two spam mails every day. I can can live with that. It's like my little sister crying when my little brother is teasing her. I can live with that, too. If you don't want virusses, spam, botnets etc anymore, then don't use Windows anymore. Windows is "dominant but inferior - inferior but dominant".

This article is EXTREMELY biased. Most of your statements are inaccurate and inflamatory. You say that 99.9% of your incoming mail is spam? that would mean that for every legit email you get, you get 999 spams. If youre getting that much spam it's not microsoft's fault, it's your own fault for publishing your email address on the internets or for signing up for too much porn.

Also, there is no such thing as Exchange 2008, you probably meant Exchange 2007.

You also say that ALL spam servers used as SMTP relays are Windows based. The is inaccurate, and impossible to prove.

Almost all security issues including viruses and especially spam can be avoided by practicing safe browsing. This means not accepting communications from people you dont know, and not providing your email address to questionable web site or online form. Im not using my REAL email address to post this becasue I dont want to get spam. I have never gotten a single spam message in my work email because I dont publish it.

You should check your references before writing articles that are meant to inflame people. If you want to bash microsoft, you need to use accurate information or i makes you look like someone jumping on a bandwagon who doesnt know what they are talking about.

Accurate Geek?

1) 99.9% of the incoming mail to my mail server is spam. I've written about this in gory detail for several years now, publishing statistics and code that I've written to combat it. It's overwhelmingly dictionary-based spamming, and thus not to a single address. I'd wager nearly all three-letter domains experience this simply because they've been around for a dozen years at least, and there's a relatively small number of them. Had you read anything else from this very blog, you would have known that.

2) You completely missed the point of the Exchange 2008 reference.

3) I never said all spammers run Windows. In fact, I even stated that there are spammers out there that don't use botnets. I said all botnets are comprised of Windows systems, and botnets are currently the number one source of spam.

4) Again, you've completely missed the point, and apparently aren't aware that dictionary spamming even exists.

Check my references? I AM the reference. This is a blog post, not an article. These are my experiences.

For someone posting as "Accurate Geek", you seem to have missed the mark across the board.