EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.10.10

Symantec Lies About GNU/Linux

Posted in GNU/Linux, Security, Windows at 9:56 am by Dr. Roy Schestowitz

Kent Hovind mug shot
Symantec: the Kent Hovind of security?
(mug shot of Kent Hovind courtesy of Escambia
County Sheriff’s Office after his arrest)

Summary: In order to sell some products, Symantec spreads GNU/Linux fear based on misinformation

EVERY once in a while Symantec aims its FUD pistol at some innocent element of computing which Symantec claims has a problem (and Symantec of course offers a solution to this problem). We have already explained this business strategy (using examples that misuse Free software [1, 2]), which characterises many quacks and pseudo-science. That’s why we put Kent Hovind at the top, for those who still wonder.

An issue which we discussed earlier today in IRC is the latest stunt from Symantec, which is probably best deconstructed and explained by Slashdot user “superapecommando” who submits:

The latest MessageLabs Intelligence Report from Symantec Hosted Services is filled with interesting and useful information regarding the current state of malware and e-mail borne threats as well as the trends over time. Of particular interest to me is the assertion in the report that “any given Linux machine is five times more likely to be sending spam than any given Windows machine.”

A pretty clear case of sensationalist metrics from a company which wants to sell their hosted security solutions to Linux box admins. But one interesting thing that comes out of the story is that many of the security researchers believe that misconfigured POSTFIX and SENDMAIL installations are cloaking the actual amount of spam coming from infected Windows hosts.

Desktops that unleash vast amounts of SPAM actually run Windows and one in two Windows PCs is believed/estimated to be a zombie (either active or not). GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM. Should GNU/Linux therefore be blamed? Of course not. It’s just very good at delivering mail.

“GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM.”Quoting Symantec a little further from its ‘report’ (which assumes bogus numbers about the market share of GNU/Linux), “by calculating a ratio of spam from a given operating system compared to the market share, we can get a “spam index” which shows relative to its market share, the likelihood that a particular computer is sending spam, based on its operating system. In the current spam climate, this index shows that relative to its market share, any given Linux machine is five times more likely to be sending spam than any given Windows machine…”

Another translation was sent to us by a reader who says: “Despite a total lack of evidence and being unable to detect the source OS of spam, we conclude that Linux machines are sending more SPAM because there are less of them.”

As our IRC logs will show later today (fragment posted below), there are even better explanations for that.


Techrights logo

IRC: #boycottnovell @ FreeNode: May 9th, 2010

Join us now at the IRC channel.

tessier__ http://www.v3.co.uk/v3/news/2262681/botnets-exploit-linux-owners May 10 09:29
tessier__ Someone is smoking crack. May 10 09:29
tessier__ crap May 10 09:31
schestowitz Windows is not used much for E-mail May 10 09:31
tessier__ There is something fishy about that website May 10 09:31
schestowitz Which one? May 10 09:31
schestowitz V3? May 10 09:31
tessier__ Not intentionally, no. But that’s what the botnets are doing with Windows: sending mail May 10 09:31
tessier__ Yeah May 10 09:31
schestowitz VNUNEt? May 10 09:31
tessier__ Have you heard of v3 before? May 10 09:31
tessier__ I never have. May 10 09:31
schestowitz Yes May 10 09:31
schestowitz Linux relays spam May 10 09:32
schestowitz It runs mail servers May 10 09:32
schestowitz It does what it’s supposed to do May 10 09:32
schestowitz Which is to relay requests May 10 09:32
tessier__ I cannot post a comment on that site. The captcha does not work. No matter what you put in there it does not accept it. May 10 09:32
tessier__ Linux by default is not an open relay. May 10 09:32
schestowitz I wonder what sends those requests though May 10 09:32
tessier__ No distro ships their mail servers that way. May 10 09:32
schestowitz It’s spammers May 10 09:32
tessier__ it will deliver the spam to you that someone injected via a Windows box though. May 10 09:33
schestowitz They use open relays May 10 09:33
schestowitz Running Linux because it’s better May 10 09:33
tessier__ Open relays are hard to find these days. May 10 09:33
schestowitz They get blacklisted May 10 09:33
tessier__ And spammers don’t run open relays either. They don’t want other spammers stealing their resources. May 10 09:33
schestowitz What was that list that gather IPs of spam relays? May 10 09:33
schestowitz many services used to look it up and in 2008 it had sustainability issues May 10 09:33
tessier__ Whenever I have investigated IP addresses that were sending me spam it was Windows boxes. May 10 09:33
tessier__ There are lots of DNSBLs May 10 09:34
tessier__ And they operate quite successfully May 10 09:34
tessier__ SORBS is one of the big ones these days May 10 09:34
schestowitz I can’t recall the one I think about. Articles about it were widespread 2 years ago. May 10 09:34
*schestowitz creates http://techrights.org/wiki/index.php/Facebook May 10 09:35
Techrights Title: Facebook – Techrights .::. Size~: 12.91 KB May 10 09:35
tessier__ There have been quite a few May 10 09:35
-BNtwitter/#boycottnovell-[popey] Mark proposes that 10.10 is released on Sunday 10th October 2010. Where 101010 = 42 = Meaning of Life / Universe / Everything! May 10 09:37
-BNtwitter/#boycottnovell-[nsisodiya] need a student volunteer for modifying C++ book #schoolos May 10 09:40
*benJIman has quit (Ping timeout: 252 seconds) May 10 09:42
-BNtwitter/#boycottnovell-[popey] There will be no public ISO of #Ubuntu Light with Unity, but will be tailored specifically for OEMs. May 10 09:49
-BNtwitter/#boycottnovell-[davidgerard] From @cracked – 5 Insane File Sharing Panics from Before the Internet – http://tinyurl.com/2ubthnw May 10 09:53
Techrights Title: 5 Insane File Sharing Panics from Before the Internet | Cracked.com .::. Size~: 81.74 KB May 10 09:53
-BNtwitter/#boycottnovell-[satipera] Liberal Democrat negotiations with Labour look likely if Brown goes quickly. May 10 09:55
*narendra (~79f5e1b0@gateway/web/freenode/x-xaqdkqksysommyyc) has joined #boycottnovell May 10 10:08
narendra where I can upload secrect document anonymousy ? May 10 10:08
narendra wikileaks is not working i think !! May 10 10:08
tessier__ http://موقع.وزارة-الاتصالات.مصر/Default.aspx May 10 10:16
tessier__ Awesome. May 10 10:16
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovell May 10 10:17
MinceR i’m not so enthusiastic about it. May 10 10:17
*benJIman has quit (Client Quit) May 10 10:17
tessier__ Why not? May 10 10:17
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovell May 10 10:17
MinceR because it allows even more domains that are difficult to type, read and compare May 10 10:18
MinceR IDN already lets you create identical-looking but distinct domains that can confuse users trying to check whether a certificate really applies to a supposedly secure connection. May 10 10:18
MinceR domain names used to be easy to handle (as such names should be) May 10 10:19
MinceR 7bit US-ASCII should have been enough. May 10 10:19
tessier__ SSL CA was broken from the beginning anyway. This doesn’t make things any worse. May 10 10:21
tessier__ Everyone just clicks ok regardless. May 10 10:21
tessier__ Although I am curious to know how you would work that sort of thing into a bind zone file. May 10 10:21
MinceR no, not everyone. May 10 10:26
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. your_friend said,

    May 11, 2010 at 11:03 pm

    Gravatar

    It is worth quoting Paul Wood, a senior analyst for Symantec Hosted Services, in full. This is so dumb, the Windows people will have to take if far from the source to make it stick.

    We found that more than 90 per cent of spam comes from Windows machines, which is not surprising. But if you look at Linux, it has only a one per cent market share but is responsible for more than five per cent of spam. So in a sense you’re more likely to get spam from a Linux than a Windows machine.

    There is not true in any sense. It is difficult to see how Phil Muncaster, the article’s author, could have taken this out of context and there is no forgiving Muncaster’s lack of critical thinking. If more than 90% of all spam comes from Windows, virtually all spam comes from Windows. Alternate interpretations have been debunked above, but the original statement was even dumber than its following missinterpretation by Muncaster.

    There are many good explanations mentioned above for what Symantic saw when they looked at, “the passive fingerprinting signatures of spam email traffic for the first time in this month’s report, in order to learn the type of operating system running on the infected spam-sending machines.” The most obvious are that GNU/Linux is efficient and well placed in networks. Windows’ poor network stack and zombie load mean that any Windows machine will only be able to do about 10% of a comparable GNU/Linux box. The later explanation, that most of the traffic comes because GNU/Linux is acting as a relay is even more damning for Windows – this means that GNU/Linux is just doing its job on networks where the administrators have made the mistake of using Windows on the desktop. The conclusion, backed by reasonable estimates of Windows infection rates and the fact that default GNU/Linux setting that preclude the bogus “open relay” explanation, is that all spam comes from Windows.

What Else is New


  1. Ahead of Supreme Court Decision, the Patent Microcosm is Trying to Scandalise PTAB

    The Patent Trial and Appeal Board (PTAB), which defends many businesses from bogus patents and patent trolls, comes under fire from protectors of the trolls (or those who profit from patent Armageddon/legal chaos)



  2. Benoît Battistelli's Misbehaviour Condemned the UPC to Death

    Press coverage regarding the cause for Germany's decision to halt UPC ratification, with suspension pending in part owing to the serious abuses in Munich and Berlin



  3. The Patent Microcosm is Pushing Hard to Weaken Alice and Revoke PTAB's Authority Using an Upcoming Supreme Court Case

    Patent profiteers (not inventors) continue their shameful campaign against Alice and PTAB now that software patents are in shambles and many get invalidated without them being used litigiously



  4. News About Patents Dominated by Patent Trolls/Aggressors, Their Press Releases, and Sympathisers

    A collection of news items from yesterday, demonstrating just to what degree the narrative of patent trolls (or aggressors) is being spread by paying for distribution



  5. Amazon's 1-Click Patent Continues to Tarnish the Image of the USPTO and of Patents in General

    Public ridicule and scorn over the shallowness of patents granted in the US is inevitable (Amazon has a patent even on white background in photographs), demonstrating that patent maximalism does nobody a favour, only a great disservice to both patenters and the public at large



  6. Bristows LLP Tries Hard to Maintain the Illusion That UPC is Alive, Using Media Placements and Paid Plugs

    Ever-so-desperate efforts to keep the Unitary Patent (UPC) in headlines, even though nothing is happening and nothing is likely to happen any time soon



  7. Links 22/8/2017: Linux 4.13 RC6, Mesa 17.1.7, Wine 2.15, Android O

    Links for the day



  8. IRC Proceedings: July 2nd – July 29th 2017

    Many IRC logs



  9. IRC Proceedings: June 4th – July 1st, 2017

    Many IRC logs



  10. IRC Proceedings: May 7th – June 3rd, 2017

    Many IRC logs



  11. IRC Proceedings: April 9th, 2017 – May 6th, 2017

    Many IRC logs



  12. Patent Scope Recognised as Essential For Patent Quality, But Software Patents Continue to be Granted

    Patents that are toothless, clawless lions are being accumulated by companies that should know various courts would scrutinise these enough to rule them invalid



  13. Litigation and Patenting Versus Research and Development

    reminder of who's 'stealing' jobs from engineers and who it is done for (who benefits from mass taxation rather than actual production)



  14. The Federal Circuit Has Become the Go-To Place For Patent Appeals Arising From USPTO Errors

    Patent appeals that come to CAFC as a result of bad Patent Office decisions now outnumber the appeals coming from district courts (an extraordinary situation)



  15. The Truly Odd Concept of Design Patents, Which the US Supreme Court Might Crush Very Soon

    The epidemic of shallow patents, which has already resulted in patents on mere designs, be soon end; but not before an unprecedented gold rush for such patents



  16. Quality of European Patents Has Sunk, Value Diminished

    The trouble associated with declining patent quality at the European Patent Office and early warnings about it from the staff union



  17. The Notorious 1-Click Buying Patent Expired Rather Than Invalidated

    As proof of the fact that many bogus patents (typically on software) are worthless but not invalidated, we now have Amazon's patents reaching their end of life



  18. PTAB Crushes Software Patents and Patent Extremists Are Not Happy About It

    The Patent Trial and Appeal Board (PTAB), a legal facility which invalidates many software patents, still faces opposition from those who profit from software patents (not software developers)



  19. Software Patents and Patent Trolls Are Almost the Same Problem (Still)

    Apple just got sued again, Microsoft-connected patent trolls continue serial litigation against Microsoft's competitors, and a bike shop gets sued using software patents



  20. Links 20/8/2017: KStars 2.8.1, Fedora Design Interns

    Links for the day



  21. Lack of Independent Judiciary Under the Unitary Patent (Like Boards of Appeal Under Battistelli, in Defiance of the EPC) Will Possibly Kill the Unified Patent Court

    Germany, a key player in UPC negotiations (most patents at stake), cannot proceed to ratification and Britain's expected exit from the European Union further restricts any progress



  22. The Staff Union of the EPO Has Long Warned About Declining Patent Quality

    The quality of granted European Patents (EPs) has been declining sharply and the EPO's staff representatives have warned about it for a long time, only to find themselves severely reprimanded for telling the truth



  23. The EPO's Management Needs a Perception of Security Crisis

    The EPO follows that familiar pattern of writing about every Islamic terror attack in Europe (and in the US too) while media in Munich tells a story where facts are yet uncertain



  24. Links 18/8/2017: Wallpaper of Plasma 5.11, Oracle Liberates Java EE a Bit

    Links for the day



  25. Links 17/8/2017: Krita 3.2.0, New Raspbian GNU/Linux OS

    Links for the day



  26. Corruption at the European Patent Office and Systematic Bullying That Leads People to Suicide/Bankruptcy

    A look back at 3 years of intensive EPO coverage and what's coming up next (suppression of truth behind closed doors in the courtrooms)



  27. Supreme Court Decision on TC Heartland v Kraft Food Brands Group Already Vacates the Eastern District of Texas

    Patent trolls are losing their mojo as patent lawsuits drop 21% in the Eastern District of Texas and this collapse is expected to accelerate



  28. Media Dominated by the Patent Microcosm Spreads Myths and Defends Patent Trolls, Collectors

    Popular culture myths, such as Edison being a prolific inventor, and what we all ought to know about an actual patent epidemic (vast increase in the number of patents granted, bringing the total to over 10 million in the US)



  29. The Patent Trial and Appeal Board Squashes Many Software Patents (Abstract) and §101 Seems Safe From Lobbying by the Patent Microcosm

    The Patent Trial and Appeal Board (PTAB), together with the Alice-inspired §101, is an efficient eliminator of bogus patents on software and there is no end to that in sight



  30. Ericsson Hired From the World's Largest Patent Troll and Became a Massive Troll in Europe

    Ericsson's patent aggression campaign (even in Europe) carries on; it turns out the person behind this strategy came from Intellectual Ventures


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts