Fact: Spam made up 94% of all email in December, 2006.
The Is Microsoft responsible for spam? article by Aral Balkan, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial 2.0 UK: England License.
Fact: More than 80% of spam comes from "zombie" machines.
Fact: Zombie machines are predominantly Windows machines. Microsoft's own figures state that 62% of all Windows machines they scanned are "zombie" machines.
Microsoft may not have created the spam problem we are facing but their insecure operating systems are the primary mechanism by which spammers are sending spam. Isn't Microsoft liable for this? Why aren't they being held accountable for it?
The Is Microsoft responsible for spam? article by Aral Balkan, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial 2.0 UK: England License.
Hmmm, that sounds like the “you make a knife, you’re responsible when someone uses it for evil”. Its an age old argument for sure, but i dont think you can really blame microsoft for missuse of its software. Yes their systems are being abused, i’m sure they’re the first to admit with hindsight they would do a few things differently, but in the same way you could argue the london transport were liable for the london bombings because their security systems weren’t sufficient to prevent the bombers entering the transport system.
Wow Aral, your attempts to make Microsoft look bad stretch further and further each day. I’m wondering what they did to you to make you have it our for them so bad. I used to read a lot of what you said with some respect, but this is getting ridiculous.
ktec – Nice try on a spin there… but.. consider that XP was sold as “secure”. Remember the addition of the built in firewall and how that was going to stop attacks cold? Remember the annoying alerts if you didn’t have a virus scanner monitoring your system? Remember all the marketing about how much more secure XP is going to be over W98?? I also seem to remember study or two that Microsoft paid for to show Windows as being more secure than Linux.
What we have here isn’t a “you make a knife, you’re responsible when someone uses it for evil” situation. What we have is a “Microsoft sold me a product that was supposed to be secure and yet they admit that 62% of the systems out there have been comprimised”. That’s a huge, huge difference.
Now, they’re selling Vista as being more secure than XP. It’s supposed to fix all of these problems. I’m holding my breath.
TJ, is Aral not simply posing the question and canvassing for opinions about that question? I’d say it’s the kind of inciteful thinking that we all have come to expect and appreciate from Aral…
And, if the facts are unchallenged then maybe he has highlighted something that we all need to consider. Personally, I don’t agree that Microsoft is responsible for this problem. That falls to the owners of these machines – or whoever is responsible for them. My opinion is that MS is sort guilty by association here, and that’s not particularly fair.
Disclosure: I’m a fairly long in the tooth mac user (with articles in mac magazines to prove it) so currently have no reason to defend MS.
Very strong words.
Hopefully, you won’t regret them if Appollo reaches 90% desktop marketshare as Windows has, and viruses start appearing targeting Appollo security.
Surely you won’t argue that the people who write the viruses are in fact the ones who should be held responsible.
incite me to make a post, it most certainly does
insightful, it most probably isn’t ;P
– eokyere :)
Simple fact: If you get rid of Microsoft spam and malware will still exist and be just as prolific as it is today. Placing the blame on a corporation is not going to fix anything. It’s a waste of breath and IMHO just makes you looked very biased.
I support Windows, Linux and OS X. I don’t think any of them are particularly secure or reliable (with the exception of FreeBSD, but look at how user friendly that is). They all have their pros and cons and I wouldn’t venture to say that as a whole any one oS is better than any other out there.
Simple fact of the matter spam is a result of a poor email specification and in order to correct the situation the very core of email technology must be reinvented. Anyone who knows anything about email protocols and how email works will attest to this.
Malware will always exist. And it will be prolific on the most common platform regardless of the vendor.
Well, apparently, there is already an effort towards holding software vendors accountable for security flaws.
@ktec: If you make a car and it is unsafe and causes accidents, you’re liable. If you make an operating system and it is insecure and causes damages to other people (spam, etc.) you should be similarly held liable.
I think the real issue here is that the problem is so big that we are blinded to it. We’ve come to live with viruses on a daily basis and we tend to forget that the lack of security in DOS and Windows basically founded the multi-million dollar antivirus industry.
@TJ: I’m not attempting to make Microsoft look bad — Microsoft looks bad, period. I mean, how can anyone defend their licensing and the DRM in Vista, for example. But, you’re right, it isn’t fair to kick someone when they’ve just shot themselves in the foot. Microsoft has done nothing for me except have me use their operating systems for about 20 years or so. Let’s just say that it wasn’t a pleasant experience.
@Kris: If Apolo has similar security problems, it should be held liable too. Something tells me that it won’t though if the history of the Flash Player security is anything to go by.
At the end of the day, here’s the deal: If Windows wasn’t as prevalent as it is, we wouldn’t have this huge army of zombie spam servers and, consequently, less spam.
@Aral MS didn’t make you use their OS, you elected to do so by yourself. That doesn’t, however, make MS less culpable.
As an OS vendor, moral obligations (talk less of a legal one) makes it imperative to make what is sold to millions of people worldwide as secure as possible.
Or has anyone forgotten why drugs are made to be tamper-proof for little children?
I realize you’re not making the accusation, it’s a valid question…car manufacturers are held accountable to anti-pollution standards, why not hold the worlds leading OS provider to anti-spam standards?
This is an issue that must be dealt with in my opinion. Spam has been out of control for far too long.
Can you imagine if you read every junk mail email that was sent your way? lol.
I can imagine some poor old lady out there, daily she’s pleased to see someone emailed her, and delightfully catches up with such topics as: Fix Your Tax Problems, Beauty Supplies, Government Money, Shopping Spree Confirmation!!, and the Complimentary SAM gift club! The internet is so thoughtful.
You’re funny Aral–I don’t get it. DRM is bad everywhere… iTunes included. As far as windows causing spam, contributing, making it easier etc… that’s the silliest thesis I’ve heard all day.
I’ll bet that more than 90% of spammers are men… please stop producing male babies. I’ll bet 90% of all spammers use the internet… please shut down the internet.
These analogies are just as silly. MS made one zombie machine and it multiplied… now the zombies are taking over…
You’re joking right Aral?
Neither postman nor Royal Mail are responsible for the junk mail I get, it’s the people who send it (as well as the people who still react to spam) that are to blame. As long as spam is profitable it will exist, even if there wasn’t a single vulnerable Windows machine in the world. Is Apache to blame for serving up a phishing site or IE for displaying it? One could argue that my browser isn’t secure enough to detect a phishing attempt…
To answer the question: no, Microsoft isn’t responsible for spam. It may be another story if they were negligent but I doubt that such an argument would get very far. That *potential* lawsuit sounds like a bit of a joke too, they seem to have a problem with the fact that Windows is popular, not that it’s less secure. I bet the ‘unsecurity’ of a OS is proportional to its popularity…
Phillip,
Agreed on DRM. In fact, it’s good that Apple’s being challenged on the DRM in iTunes in Europe. Apple’s no angel. But back to the topic at hand:
It’s due to the lack of security in Windows machines that they can easily be compromised and turned into “zombie” machines (i.e., controlled by someone else via a backdoor/rootkit). It’s these zombie machines that are responsible for sending out most of the spam that is out there. If Windows machines weren’t easily compromised, this zombie network wouldn’t exist and the actual number of spam messages (percentage of all mail that is spam) would be lower. Also, as it wouldn’t be as distributed, it would be easier to shut these people down or limit their effectiveness. I don’t see how it’s not clear that the lack of security in Windows is directly contributing to the ferocity of the current spam crisis.
Stefan brought up a good point. The US Post Office doesn’t seem to do anything about junk mail.
We need to change that.
We need more anti-spam & junk-mail laws, and punishment!!
Adedeji, I’m not saying they made me use it. Of course, I elected to. And, given the state of the other OSes at the time, I would probably have made the same decision again (OK, so maybe I would have gone Amiga -> Windows -> OS X :)
Doesn’t mean that I like what they’re doing today, though. It doesn’t feel like they have their user’s needs at heart at all — just their bottom line. In my naive hopes, companies would strike a balance between the two.
Okay, I still think you’re high but I see your point better–you’re saying that my machine could be sending out spam and I don’t know it. But, of course there’s no way to compromise any other OS to do the same? By the way, they don’t design these “features” for nafarious reasons–I might really want to help my mom configure her machine without going to visit.
You do beg one question right off the bat and that is you assume people who are responsible for the tools of spam are legally liable for the negative costs of spam. You assume that’s true and move on to the second part of the argument. I’m not sure the premise is true. Also, while I’m sure there are anti-spam laws around you also have to be careful because some things you’d call “spam” I’d call legit. But, I don’t want to argue about the definition of spam–I think we agree. Plus, I don’t even want to debate whether there’s a cost involved. But, I don’t know (I could be clueless) if there are laws in place.
Finally, if MS added these features (that set up the possibilty of zombie spammers) intentionally that’s one thing. Even if it’s simple gross negligence that’s something else. I think, instead, that it’s not even negligent. Rather, you’re not seeing the legit uses for these features. Maybe someone is batch rendering images that will cure cancer with such features. I really think it comes down to the people using these tools–not the people who make them. Here’s a (probably bad) analogy, I’m all for gun control but I think it’s odd when people “blame” the firearm maker. At least with zombie windows machines there are some uses that are legit where you could argue some guns have no use except to kill (though, I guess I’m not really trying to get into that argument). The point is that I think there are legit uses for this feature you think has no use but to annoy with spam.
Phillip, these machines are hijacked: how can they have legitimate uses? I’m pretty sure that these spam cartels aren’t hijacking people’s computers to run cancer research! :)
I think the backdoor that’s open and exploited, however, is a feature for letting people control machines remotely.
If a mac was used to print propaganda for something bad, would it be Apple’s fault? If a theif finds my car easy to hijack and then they go do some crimes should volkswagon be held accountable? I don’t recall American or United airlines paying for the World Trade Centers.
Your initial linear progression is so fallacious it’s funny.
Hi, I left this message about twelve hours ago, but guess it didn’t take…?
–
I don’t think Microsoft can be held responsible for all spam, but some of their prior choices have definitely led to its near-universal levels today.
(1) The original email protocols were “anyone can call anyone anytime”. We saw what happened with junkmail, telemarketers, and fax attacks, so the original architects of email should have had a clue what would eventually happen with email.
(2) In the mid-90s Microsoft was *one* of the companies pushing unsafe email technology, such as scripting from strangers, markup and web bugs, lack of verification of attachments. Microsoft Outlook also introduced the evil full-autoquote in reply, which eventually killed most mailing list digests. But other email vendors followed similar practices too.
(3) Microsoft’s security choices in the mid-90s led to Vista being late (the XP SP2 release chewed up their schedule), and most spam today definitely does come from compromised Windows machines.
Microsoft’s choices did lead to the degradation of email that we see today. They weren’t the only contributor, but I don’t see any other group whose choices have had so terrible an effect.
jd/adobe (speaking for myself, of course)
PS: Kris, you’re right, security is a very significant issue, and we have to be careful _in_advance_ of any actual exploits. If you bring up a security issue with Adobe software today, you will be heard, and your contributions appreciated. The lessons from the 1990s must not be repeated.
Dude Phillip you need to get passed lines like, “If a mac was used to print propaganda for something bad, would it be Apple’s fault?”, and, “if someone stabbed me in the eye with a knife, is Ginsu to blame?”
The point is, spam is a big problem, and if Aral is correct that a wopping 80% of spam is trafficing through some horrific 28 Days infected zombie Windows machines, well then what can the makers of Windows machines do about it? Can they do anything? And if they’re not, SHOULD they do something?? Clearly Windows is too powerful a machine in the hands of spammers. Give a bastard a windows computer and he suddenly has the power to congest the world’s inbox with news about the latest animal sex gone wild, and where to get really great deals!
Anyways, point is you’re quite rude, Aral’s subject is a very logical inquiry. And if tommorrow you’re shocked to find yourself wacked in the face 100 times a day, with 80% of these wack-happy objects being Apple Mighty Mouse’s, you should begin an inquiry about what Apple can do to stop their Mighty Mouse’s from being used to whack you in the face.
cheers.
A computer novice friend of mine was infected with a virus which quietly hijacked his machine, copied every email address he had in his address book, inbox and sent items, added them to a big spam list somewhere out there and then proceeded to start bombarding people (including me) with spam. Even after his machine was all cleaned up, by confirming those addresses this resulted in some of his contacts now receiving 100’s of spams a day, up from only a handful.
Now, is this Microsoft’s fault? Or his fault for not having sufficient security?
Personally, I think that domestic PCs should be made simpler and safer for novice users. Straight out of the box, without the need for extensive configuration or purchasing subsequent applications. I’m sure that (to paraphrase one of Aral’s favorite quotes) 80% of domestic users utilise only 20% of a PC’s features.
But I wonder… not that I would advocate this, but would it be possible to fight fire with fire? Create a “Zombie Killer” virus that, upon infecting an unprotected machine, did nothing but block all network access. The user would then be compelled to visit their local PC store and purchase a decent security package. Just a thought….
Lee, I’m not disrespecting Aral–not meaning to anyway.
Back to the initial claim. If Windows runs on over 90% of the world’s computers, should 90% of spam –on average– come from windows machines?
Also, holding MS responsible is one thing. But in fact don’t they post security updates? And, they distribute “Windows Defender” (spy/male ware protection) for free (and installed in Vista).
If people have specific useful solutions, great. And it’s actually fine to blame MS all you want. (Really I don’t mean to defend them except when the claim is so odd.) Hey, I have a solution… make macs the predominent OS and I can assure you you’ll see more viruses and zombie emailers on Mac. Then, who’s fault it is? MS’s for losing market share, or Apple for doing so good? Don’t blame the OS, find a solution maybe if you have one.
I sort of like Miles idea. I believe it would frustrate enough people, that SOMETHING would have to be done.
Sure, if Apple OS 9/10 had been in Windows shoes, as far as you and I know, there’s a good chance we’d still be burdened with excessive spam, and the facts would be flipped, 80% of spam would originate from zombie OS X machines. Or perhaps not.
I have to agree with the other posters. Its not M$ that is the real problem it is the way email works. The only real solution is to fix the root cause of the problem. One suggestion I read a while back ( and I think it came from M$ shock horror ) was that emails should have a digital stamp which would cost a few pence. If the email is deemed to be spam by the receiver then, the sender gets charged. If not, its free. Who gets the money? I guess the receivers email provider. For email which arrives without a stamp I guess you could send a challenge back with a capatcha. The only solutions are either a system of trust and/or a way to charge the sender for sending crap.
I’ve read most of the reply’s here and I can’t help but think that I either don’t do much with my Windows machine, and therefore don’t experience even 1% of what you people are talking about, or I’m just a very, very lucky guy!
But then again I’m an enjuneir…I don’t do things unless they add up!
Dead Bird | Dead Bird | Dead Bird | Jesus Christ Superstar!
Some of these zombies appear to be the users themselves. Anyone still got those friends who add your name to a chainmail? They’re an insult to zombiehood. God forbid MS goes wild with security all of a sudden and then gets slapped with an anti-trust suit for hogging that scene. One thing MS can truly be blamed for is making the modern PC sickeningly user friendly. This leads to widespread ignorance about what’s really going on on your system. All the while your desktop’s whispering sweet nothings into your ear.
Never mind how much i’d love to bash Microsoft and pretty much near all their tools, but this really is a lot of the user’s fault. I won’t get into the design of Microsoft’s operating systems, much less how much they left a lot of users to the wolves with removing 98/ME and soon 2k from the support list.
I find that most people around where I work in a computer store that does repair, and some new pc sales is that even $38.95 for two years of anti virus is too much. To make matters worse, even a free tool is too much for some older computers, but it sure can send a ton of spam.
Then there’s the people who constantly click on every link they see, and even more curiously, wonder what ‘Run and Open’ mean.