EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.10.10

Symantec Lies About GNU/Linux

Posted in GNU/Linux, Security, Windows at 9:56 am by Dr. Roy Schestowitz

Kent Hovind mug shot
Symantec: the Kent Hovind of security?
(mug shot of Kent Hovind courtesy of Escambia
County Sheriff’s Office after his arrest)

Summary: In order to sell some products, Symantec spreads GNU/Linux fear based on misinformation

EVERY once in a while Symantec aims its FUD pistol at some innocent element of computing which Symantec claims has a problem (and Symantec of course offers a solution to this problem). We have already explained this business strategy (using examples that misuse Free software [1, 2]), which characterises many quacks and pseudo-science. That’s why we put Kent Hovind at the top, for those who still wonder.

An issue which we discussed earlier today in IRC is the latest stunt from Symantec, which is probably best deconstructed and explained by Slashdot user “superapecommando” who submits:

The latest MessageLabs Intelligence Report from Symantec Hosted Services is filled with interesting and useful information regarding the current state of malware and e-mail borne threats as well as the trends over time. Of particular interest to me is the assertion in the report that “any given Linux machine is five times more likely to be sending spam than any given Windows machine.”

A pretty clear case of sensationalist metrics from a company which wants to sell their hosted security solutions to Linux box admins. But one interesting thing that comes out of the story is that many of the security researchers believe that misconfigured POSTFIX and SENDMAIL installations are cloaking the actual amount of spam coming from infected Windows hosts.

Desktops that unleash vast amounts of SPAM actually run Windows and one in two Windows PCs is believed/estimated to be a zombie (either active or not). GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM. Should GNU/Linux therefore be blamed? Of course not. It’s just very good at delivering mail.

“GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM.”Quoting Symantec a little further from its ‘report’ (which assumes bogus numbers about the market share of GNU/Linux), “by calculating a ratio of spam from a given operating system compared to the market share, we can get a “spam index” which shows relative to its market share, the likelihood that a particular computer is sending spam, based on its operating system. In the current spam climate, this index shows that relative to its market share, any given Linux machine is five times more likely to be sending spam than any given Windows machine…”

Another translation was sent to us by a reader who says: “Despite a total lack of evidence and being unable to detect the source OS of spam, we conclude that Linux machines are sending more SPAM because there are less of them.”

As our IRC logs will show later today (fragment posted below), there are even better explanations for that.


Techrights logo

IRC: #boycottnovell @ FreeNode: May 9th, 2010

Join us now at the IRC channel.

tessier__ http://www.v3.co.uk/v3/news/2262681/botnets-exploit-linux-owners May 10 09:29
tessier__ Someone is smoking crack. May 10 09:29
tessier__ crap May 10 09:31
schestowitz Windows is not used much for E-mail May 10 09:31
tessier__ There is something fishy about that website May 10 09:31
schestowitz Which one? May 10 09:31
schestowitz V3? May 10 09:31
tessier__ Not intentionally, no. But that’s what the botnets are doing with Windows: sending mail May 10 09:31
tessier__ Yeah May 10 09:31
schestowitz VNUNEt? May 10 09:31
tessier__ Have you heard of v3 before? May 10 09:31
tessier__ I never have. May 10 09:31
schestowitz Yes May 10 09:31
schestowitz Linux relays spam May 10 09:32
schestowitz It runs mail servers May 10 09:32
schestowitz It does what it’s supposed to do May 10 09:32
schestowitz Which is to relay requests May 10 09:32
tessier__ I cannot post a comment on that site. The captcha does not work. No matter what you put in there it does not accept it. May 10 09:32
tessier__ Linux by default is not an open relay. May 10 09:32
schestowitz I wonder what sends those requests though May 10 09:32
tessier__ No distro ships their mail servers that way. May 10 09:32
schestowitz It’s spammers May 10 09:32
tessier__ it will deliver the spam to you that someone injected via a Windows box though. May 10 09:33
schestowitz They use open relays May 10 09:33
schestowitz Running Linux because it’s better May 10 09:33
tessier__ Open relays are hard to find these days. May 10 09:33
schestowitz They get blacklisted May 10 09:33
tessier__ And spammers don’t run open relays either. They don’t want other spammers stealing their resources. May 10 09:33
schestowitz What was that list that gather IPs of spam relays? May 10 09:33
schestowitz many services used to look it up and in 2008 it had sustainability issues May 10 09:33
tessier__ Whenever I have investigated IP addresses that were sending me spam it was Windows boxes. May 10 09:33
tessier__ There are lots of DNSBLs May 10 09:34
tessier__ And they operate quite successfully May 10 09:34
tessier__ SORBS is one of the big ones these days May 10 09:34
schestowitz I can’t recall the one I think about. Articles about it were widespread 2 years ago. May 10 09:34
*schestowitz creates http://techrights.org/wiki/index.php/Facebook May 10 09:35
Techrights Title: Facebook – Techrights .::. Size~: 12.91 KB May 10 09:35
tessier__ There have been quite a few May 10 09:35
-BNtwitter/#boycottnovell-[popey] Mark proposes that 10.10 is released on Sunday 10th October 2010. Where 101010 = 42 = Meaning of Life / Universe / Everything! May 10 09:37
-BNtwitter/#boycottnovell-[nsisodiya] need a student volunteer for modifying C++ book #schoolos May 10 09:40
*benJIman has quit (Ping timeout: 252 seconds) May 10 09:42
-BNtwitter/#boycottnovell-[popey] There will be no public ISO of #Ubuntu Light with Unity, but will be tailored specifically for OEMs. May 10 09:49
-BNtwitter/#boycottnovell-[davidgerard] From @cracked – 5 Insane File Sharing Panics from Before the Internet – http://tinyurl.com/2ubthnw May 10 09:53
Techrights Title: 5 Insane File Sharing Panics from Before the Internet | Cracked.com .::. Size~: 81.74 KB May 10 09:53
-BNtwitter/#boycottnovell-[satipera] Liberal Democrat negotiations with Labour look likely if Brown goes quickly. May 10 09:55
*narendra (~79f5e1b0@gateway/web/freenode/x-xaqdkqksysommyyc) has joined #boycottnovell May 10 10:08
narendra where I can upload secrect document anonymousy ? May 10 10:08
narendra wikileaks is not working i think !! May 10 10:08
tessier__ http://موقع.وزارة-الاتصالات.مصر/Default.aspx May 10 10:16
tessier__ Awesome. May 10 10:16
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovell May 10 10:17
MinceR i’m not so enthusiastic about it. May 10 10:17
*benJIman has quit (Client Quit) May 10 10:17
tessier__ Why not? May 10 10:17
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovell May 10 10:17
MinceR because it allows even more domains that are difficult to type, read and compare May 10 10:18
MinceR IDN already lets you create identical-looking but distinct domains that can confuse users trying to check whether a certificate really applies to a supposedly secure connection. May 10 10:18
MinceR domain names used to be easy to handle (as such names should be) May 10 10:19
MinceR 7bit US-ASCII should have been enough. May 10 10:19
tessier__ SSL CA was broken from the beginning anyway. This doesn’t make things any worse. May 10 10:21
tessier__ Everyone just clicks ok regardless. May 10 10:21
tessier__ Although I am curious to know how you would work that sort of thing into a bind zone file. May 10 10:21
MinceR no, not everyone. May 10 10:26
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. your_friend said,

    May 11, 2010 at 11:03 pm

    Gravatar

    It is worth quoting Paul Wood, a senior analyst for Symantec Hosted Services, in full. This is so dumb, the Windows people will have to take if far from the source to make it stick.

    We found that more than 90 per cent of spam comes from Windows machines, which is not surprising. But if you look at Linux, it has only a one per cent market share but is responsible for more than five per cent of spam. So in a sense you’re more likely to get spam from a Linux than a Windows machine.

    There is not true in any sense. It is difficult to see how Phil Muncaster, the article’s author, could have taken this out of context and there is no forgiving Muncaster’s lack of critical thinking. If more than 90% of all spam comes from Windows, virtually all spam comes from Windows. Alternate interpretations have been debunked above, but the original statement was even dumber than its following missinterpretation by Muncaster.

    There are many good explanations mentioned above for what Symantic saw when they looked at, “the passive fingerprinting signatures of spam email traffic for the first time in this month’s report, in order to learn the type of operating system running on the infected spam-sending machines.” The most obvious are that GNU/Linux is efficient and well placed in networks. Windows’ poor network stack and zombie load mean that any Windows machine will only be able to do about 10% of a comparable GNU/Linux box. The later explanation, that most of the traffic comes because GNU/Linux is acting as a relay is even more damning for Windows – this means that GNU/Linux is just doing its job on networks where the administrators have made the mistake of using Windows on the desktop. The conclusion, backed by reasonable estimates of Windows infection rates and the fact that default GNU/Linux setting that preclude the bogus “open relay” explanation, is that all spam comes from Windows.

What Else is New


  1. Why Authorities in the Netherlands Need to Strip the EPO of Immunity and Investigate Fire Safety Violations

    How intimidation and crackdown on the staff representatives at the EPO may have led to lack of awareness (and action) about lack of compliance with fire safety standards



  2. Insensitivity at the EPO’s Management – Part IX: Testament to the Fear of an Autocratic Regime

    A return to the crucial observation and a reminder of the fact that at the EPO it takes great courage to say the truth nowadays



  3. For the Fordham Echo Chamber (Patent Maximalism), Judges From the EPO Boards of Appeal Are Not Worth Entertaining

    In an event steered if not stuffed by patent radicals such as Bristows and Microsoft (abusive, serial litigators) there are no balanced panels or even reasonable discussions



  4. EPO Staff Representatives Fired Using “Disciplinary Committee That Was Improperly Composed” as Per ILO's Decision

    The Board of the Administrative Council at European Patent Organisation is being informed of the union-busting activities of Battistelli -- activities that are both illegal (as per national and international standards) and are detrimental to the Organisation



  5. Links 23/4/2017: End of arkOS, Collabora Office 5.3 Released

    Links for the day



  6. Intellectual Discovery and Microsoft Feed Patent Trolls Like Intellectual Ventures Which Then Strategically Attack Rivals

    Like a swarm of blood-sucking bats, patent trolls prey on affluent companies that derive their wealth from GNU/Linux and freedom-respecting software (Free/libre software)



  7. The European Patent Office Has Just Killed a Cat (or Skinned a 'Kat')

    The EPO’s attack on the media, including us, resulted in a stream of misinformation and puff pieces about the EPO and UPC, putting at risk not just European democracy but also corrupting the European press



  8. Yann Ménière Resorts to Buzzwords to Recklessly Promote Floods of Patents, Dooming the EPO Amid Decline in Patent Applications

    Battistelli's French Chief Economist is not much of an economist but a patent maximalist toeing the party line of Monsieur Battistelli (lots of easy grants and litigation galore, for UPC hopefuls)



  9. Even Patent Bullies Like Microsoft and Facebook Find the Patent Trial and Appeal Board (PTAB) Useful

    Not just companies accused of patent infringement need the PTAB but also frequent accusers with deep pockets need the PTAB, based on some new figures and new developments



  10. Links 21/4/2017: Qt Creator 4.2.2, ROSA Desktop Fresh R9

    Links for the day



  11. At the EPO, Seeding of Puff Piece in the Press/Academia Sometimes Transparent Enough to View

    The EPO‘s PR team likes to 'spam' journalists and others (for PR) and sometimes does this publicly, as the tweets below show — a desperate recruitment and reputation laundering drive



  12. Affordable and Sophisticated Mobile Devices Are Kept Away by Patent Trolls and Aggressors That Tax Everything

    The war against commoditisation of mobile computing has turned a potentially thriving market with fast innovation rates into a war zone full of patent trolls (sometimes suing at the behest of large companies that hand them patents for this purpose)



  13. In Spite of Lobbying and Endless Attempts by the Patent Microcosm, US Supreme Court Won't Consider Any Software Patent Cases Anymore (in the Foreseeable Future)

    Lobbyists of software patents, i.e. proponents of endless litigation and patent trolls, are attempting to convince the US Supreme Court (SCOTUS) to have another look at abstract patents and reconsider its position on cases like Alice Corp. v CLS Bank International



  14. Expect Team UPC to Remain in Deep Denial About the Unitary Patent/Unified Court (UPC) Having No Prospects

    The prevailing denial that the UPC is effectively dead, courtesy of sites and blogs whose writers stood to profit from the UPC



  15. EPO in 2017: Erroneously Grant a Lot of Patents in Bulk or Get Sacked

    Quality of patent examination is being abandoned at the EPO and those who disobey or refuse to play along are being fired (or asked to resign to avoid forced resignations which would stain their record)



  16. Links 21/4/2017: System76 Entering Phase Three, KDE Applications 17.04, Elive 2.9.0 Beta

    Links for the day



  17. Bristows-Run IP Kat Continues to Spread Lies to Promote the Unitary Patent (UPC) and Advance the EPO Management's Agenda

    An eclectic response to some of the misleading if not villainous responses to the UPC's death knell in the UK, as well as other noteworthy observations about think tanks and misinformation whose purpose is to warp the patent system so that it serves law firms, for the most part at the expense of science and technology



  18. Links 20/4/2017: Tor Browser 6.5.2, PacketFence 7.0, New Firefox and Chrome

    Links for the day



  19. Patents on Business Methods and Software Are Collapsing, But the Patent Microcosm is Working Hard to Change That

    The never-ending battle over patent law, where those who are in the business of patents push for endless patenting, is still ongoing and resistance/opposition is needed from those who actually produce things (other than litigation) or else they will be perpetually taxed by parasites



  20. IAM, the Patent Trolls' Voice, is Trying to Deny There is a Growing Trolling Problem in Europe

    IAM Media (the EPO's and trolls' mouthpiece) continues a rather disturbing pattern of propaganda dressed up as "news", promoting the agenda of parasites who drain the economy by extortion of legitimate (producing) companies



  21. The Patent Microcosm Keeps Attacking Every Patent Office/System That is Doing the Right Thing

    Patent 'radicals' and 'extremists' -- those to whom patents are needed solely for the purpose of profit from bureaucracy -- fight hard against patent quality and in the process they harm everyone, including individual customers



  22. Another Final Nail in the UPC Coffin: UK General Election

    Ratification of the UPC in the UK can drag on for several more years and never be done thereafter, throwing into uncertainty the whole UPC (EU-wide) as we know it



  23. Links 19/4/2017: DockerCon Coverage, Ubuntu Switching to Wayland

    Links for the day



  24. Links 18/4/2017: Mesa 17.0.4, FFmpeg 3.3

    Links for the day



  25. Patents Roundup: Microsoft, Embargo, Tax Evasion, Surveillance, and Censorship

    An excess of patents and their overutilisation for purposes other than innovation (or dissemination of knowledge) means that society has much to lose, sometimes more than there is to gain



  26. How I Learned that Skype is a Spy Campaign (My Personal Story) -- by Yuval Levental

    Skype is now tracking serial numbers, too



  27. Links 17/4/2017: Devil Linux 1.8.0, GNU IceCat 52.0.2

    Links for the day



  28. EPO Patent Quality and Quality of Service Have Become a Disaster, Say EPO Stakeholders

    Stakeholders of the EPO, in various sites that attract them, are complaining about the service of the EPO, the declining quality of patents (and the rushed processes), including the fact that Battistelli's blind obsession with so-called 'production' dooms the already-up-in-flames EPO and makes it uncompetitive



  29. IAM is a Think Tank for Patent Trolls, Software Patents, the EPO, Microsoft, and Whoever Else is Willing to Pay

    The site where you get what you pay for continues to promote highly damaging agenda, which threatens to disrupt operations at a lot of legitimate companies that employ technical people



  30. An Australian Patent Troll, Global Equity Management (SA) Pty Ltd (GEMSA), is a Bully Not Just in the Patent Sense, Explains the EFF

    The mischievous troll GEMSA, which doesn't seem to get enough out of bullying real companies, is now attacking a civil rights group's free speech rights


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts