EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.10.10

Symantec Lies About GNU/Linux

Posted in GNU/Linux, Security, Windows at 9:56 am by Dr. Roy Schestowitz

Kent Hovind mug shot
Symantec: the Kent Hovind of security?
(mug shot of Kent Hovind courtesy of Escambia
County Sheriff’s Office after his arrest)

Summary: In order to sell some products, Symantec spreads GNU/Linux fear based on misinformation

EVERY once in a while Symantec aims its FUD pistol at some innocent element of computing which Symantec claims has a problem (and Symantec of course offers a solution to this problem). We have already explained this business strategy (using examples that misuse Free software [1, 2]), which characterises many quacks and pseudo-science. That’s why we put Kent Hovind at the top, for those who still wonder.

An issue which we discussed earlier today in IRC is the latest stunt from Symantec, which is probably best deconstructed and explained by Slashdot user “superapecommando” who submits:

The latest MessageLabs Intelligence Report from Symantec Hosted Services is filled with interesting and useful information regarding the current state of malware and e-mail borne threats as well as the trends over time. Of particular interest to me is the assertion in the report that “any given Linux machine is five times more likely to be sending spam than any given Windows machine.”

A pretty clear case of sensationalist metrics from a company which wants to sell their hosted security solutions to Linux box admins. But one interesting thing that comes out of the story is that many of the security researchers believe that misconfigured POSTFIX and SENDMAIL installations are cloaking the actual amount of spam coming from infected Windows hosts.

Desktops that unleash vast amounts of SPAM actually run Windows and one in two Windows PCs is believed/estimated to be a zombie (either active or not). GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM. Should GNU/Linux therefore be blamed? Of course not. It’s just very good at delivering mail.

“GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM.”Quoting Symantec a little further from its ‘report’ (which assumes bogus numbers about the market share of GNU/Linux), “by calculating a ratio of spam from a given operating system compared to the market share, we can get a “spam index” which shows relative to its market share, the likelihood that a particular computer is sending spam, based on its operating system. In the current spam climate, this index shows that relative to its market share, any given Linux machine is five times more likely to be sending spam than any given Windows machine…”

Another translation was sent to us by a reader who says: “Despite a total lack of evidence and being unable to detect the source OS of spam, we conclude that Linux machines are sending more SPAM because there are less of them.”

As our IRC logs will show later today (fragment posted below), there are even better explanations for that.


Techrights logo

IRC: #boycottnovell @ FreeNode: May 9th, 2010

Join us now at the IRC channel.

tessier__ http://www.v3.co.uk/v3/news/2262681/botnets-exploit-linux-owners May 10 09:29
tessier__ Someone is smoking crack. May 10 09:29
tessier__ crap May 10 09:31
schestowitz Windows is not used much for E-mail May 10 09:31
tessier__ There is something fishy about that website May 10 09:31
schestowitz Which one? May 10 09:31
schestowitz V3? May 10 09:31
tessier__ Not intentionally, no. But that’s what the botnets are doing with Windows: sending mail May 10 09:31
tessier__ Yeah May 10 09:31
schestowitz VNUNEt? May 10 09:31
tessier__ Have you heard of v3 before? May 10 09:31
tessier__ I never have. May 10 09:31
schestowitz Yes May 10 09:31
schestowitz Linux relays spam May 10 09:32
schestowitz It runs mail servers May 10 09:32
schestowitz It does what it’s supposed to do May 10 09:32
schestowitz Which is to relay requests May 10 09:32
tessier__ I cannot post a comment on that site. The captcha does not work. No matter what you put in there it does not accept it. May 10 09:32
tessier__ Linux by default is not an open relay. May 10 09:32
schestowitz I wonder what sends those requests though May 10 09:32
tessier__ No distro ships their mail servers that way. May 10 09:32
schestowitz It’s spammers May 10 09:32
tessier__ it will deliver the spam to you that someone injected via a Windows box though. May 10 09:33
schestowitz They use open relays May 10 09:33
schestowitz Running Linux because it’s better May 10 09:33
tessier__ Open relays are hard to find these days. May 10 09:33
schestowitz They get blacklisted May 10 09:33
tessier__ And spammers don’t run open relays either. They don’t want other spammers stealing their resources. May 10 09:33
schestowitz What was that list that gather IPs of spam relays? May 10 09:33
schestowitz many services used to look it up and in 2008 it had sustainability issues May 10 09:33
tessier__ Whenever I have investigated IP addresses that were sending me spam it was Windows boxes. May 10 09:33
tessier__ There are lots of DNSBLs May 10 09:34
tessier__ And they operate quite successfully May 10 09:34
tessier__ SORBS is one of the big ones these days May 10 09:34
schestowitz I can’t recall the one I think about. Articles about it were widespread 2 years ago. May 10 09:34
*schestowitz creates http://techrights.org/wiki/index.php/Facebook May 10 09:35
Techrights Title: Facebook – Techrights .::. Size~: 12.91 KB May 10 09:35
tessier__ There have been quite a few May 10 09:35
-BNtwitter/#boycottnovell-[popey] Mark proposes that 10.10 is released on Sunday 10th October 2010. Where 101010 = 42 = Meaning of Life / Universe / Everything! May 10 09:37
-BNtwitter/#boycottnovell-[nsisodiya] need a student volunteer for modifying C++ book #schoolos May 10 09:40
*benJIman has quit (Ping timeout: 252 seconds) May 10 09:42
-BNtwitter/#boycottnovell-[popey] There will be no public ISO of #Ubuntu Light with Unity, but will be tailored specifically for OEMs. May 10 09:49
-BNtwitter/#boycottnovell-[davidgerard] From @cracked – 5 Insane File Sharing Panics from Before the Internet – http://tinyurl.com/2ubthnw May 10 09:53
Techrights Title: 5 Insane File Sharing Panics from Before the Internet | Cracked.com .::. Size~: 81.74 KB May 10 09:53
-BNtwitter/#boycottnovell-[satipera] Liberal Democrat negotiations with Labour look likely if Brown goes quickly. May 10 09:55
*narendra (~79f5e1b0@gateway/web/freenode/x-xaqdkqksysommyyc) has joined #boycottnovell May 10 10:08
narendra where I can upload secrect document anonymousy ? May 10 10:08
narendra wikileaks is not working i think !! May 10 10:08
tessier__ http://موقع.وزارة-الاتصالات.مصر/Default.aspx May 10 10:16
tessier__ Awesome. May 10 10:16
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovell May 10 10:17
MinceR i’m not so enthusiastic about it. May 10 10:17
*benJIman has quit (Client Quit) May 10 10:17
tessier__ Why not? May 10 10:17
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovell May 10 10:17
MinceR because it allows even more domains that are difficult to type, read and compare May 10 10:18
MinceR IDN already lets you create identical-looking but distinct domains that can confuse users trying to check whether a certificate really applies to a supposedly secure connection. May 10 10:18
MinceR domain names used to be easy to handle (as such names should be) May 10 10:19
MinceR 7bit US-ASCII should have been enough. May 10 10:19
tessier__ SSL CA was broken from the beginning anyway. This doesn’t make things any worse. May 10 10:21
tessier__ Everyone just clicks ok regardless. May 10 10:21
tessier__ Although I am curious to know how you would work that sort of thing into a bind zone file. May 10 10:21
MinceR no, not everyone. May 10 10:26
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. your_friend said,

    May 11, 2010 at 11:03 pm

    Gravatar

    It is worth quoting Paul Wood, a senior analyst for Symantec Hosted Services, in full. This is so dumb, the Windows people will have to take if far from the source to make it stick.

    We found that more than 90 per cent of spam comes from Windows machines, which is not surprising. But if you look at Linux, it has only a one per cent market share but is responsible for more than five per cent of spam. So in a sense you’re more likely to get spam from a Linux than a Windows machine.

    There is not true in any sense. It is difficult to see how Phil Muncaster, the article’s author, could have taken this out of context and there is no forgiving Muncaster’s lack of critical thinking. If more than 90% of all spam comes from Windows, virtually all spam comes from Windows. Alternate interpretations have been debunked above, but the original statement was even dumber than its following missinterpretation by Muncaster.

    There are many good explanations mentioned above for what Symantic saw when they looked at, “the passive fingerprinting signatures of spam email traffic for the first time in this month’s report, in order to learn the type of operating system running on the infected spam-sending machines.” The most obvious are that GNU/Linux is efficient and well placed in networks. Windows’ poor network stack and zombie load mean that any Windows machine will only be able to do about 10% of a comparable GNU/Linux box. The later explanation, that most of the traffic comes because GNU/Linux is acting as a relay is even more damning for Windows – this means that GNU/Linux is just doing its job on networks where the administrators have made the mistake of using Windows on the desktop. The conclusion, backed by reasonable estimates of Windows infection rates and the fact that default GNU/Linux setting that preclude the bogus “open relay” explanation, is that all spam comes from Windows.

What Else is New


  1. Links 18/7/2018: System76's Manufacturing Facility, Microsoft-Led Lobby for Antitrust Against Android

    Links for the day



  2. What Patent Lawyers Aren't Saying: Most Patent Litigation Has Become Too Risky to be Worth It

    The lawyers' key to the castle is lost or misplaced; they can't quite find/obtain leverage in courts, but they don't want their clients to know that



  3. Software Patents Royalty (Tax) Campaign by IBM, a Serial Patent Bully, and the EPO's Participation in All This

    The agenda of US-based patent maximalists, including patent trolls and notorious bullies from the United States, is still being served by the 'European' Patent Office, which has already outsourced some of its work (e.g. translations, PR, surveillance) to the US



  4. The European Council Needs to Check Battistelli's Back Room Deals/Back Door/Backchannel With Respect to Christian Archambeau

    Worries persist that Archambeau is about to become an unworthy beneficiary (nepotism) after a Battistelli setup that put Campinos in power, supported by the Belgian delegation which is connected to Archambeau, a national/citizen of Belgium



  5. PTAB and § 101 (Section 101) Have Locked the Patent Parasites Out of the Patent System

    Patent Trial and Appeal Board (PTAB) inter partes reviews (IPRs) have contributed a great deal to patent quality and have reduced the number of frivolous patent lawsuits; this means that firms which profit from patent applications and litigation hate it with a passion and still lobby to weaken if not scuttle PTAB



  6. Patents on Computer Software and Plants in the United States Indicative of Systemic Error

    The never-ending expansion of patent scope has meant that patent law firms generally got their way at the patent office; can the courts react fast enough (before confidence in patents and/or public support for patents is altogether shattered)?



  7. Yesterday's Misleading News From Team UPC and Its Aspiring Management of the Unified Patent Court (UPC)

    The Unified Patent Court (UPC) enthusiasts — i.e. those looking to financially gain from it — continue to wrestle with logic, manipulate words and misrepresent the law; yesterday we saw many law firms trying to make it sound as though the UPC is coming to the UK even though this isn’t possible and UPC as a whole is likely already dead



  8. Time for the European Commission to Investigate EPO Corruption Because It May be Partly or Indirectly Connected to EU-IPO, an EU Agency

    The passage of the top role at the EU-IPO from António Campinos to Christian Archambeau would damage confidence in the moral integrity of the European Council; back room deals are alleged to have occurred, implicating corrupt Battistelli



  9. Links 17/7/2018: Catfish 1.4.6 Released, ReactOS 0.4.9, Red Hat's GPL Compliance Group Grows

    Links for the day



  10. Links 16/7/2018: Linux 4.18 RC5, Latte Dock v0.8, Windows Back Doors Resurface

    Links for the day



  11. Alliance for US Startups and Inventors for Jobs (USIJ) Misleads the US Government, Pretending to Speak for Startups While Spreading Lies for the Patent Microcosm

    In the United States, which nowadays strives to raise the patent bar, the House Small Business Committee heard from technology firms but it also heard from some questionable front groups which claim to support "startups" and "jobs" (but in reality support just patents on the face of it)



  12. 'Blockchain', 'Cloud' and Whatever Else Gets Exploited to Work Around 35 U.S.C. § 101 (or the EPC) and Patent Algorithms/Software

    Looking for a quick buck or some low-quality patents (which courts would almost certainly reject), opportunists carry on with their gold rush, aided by buzzwords and hype over pretty meaningless things



  13. PTAB Defended by the EFF, the R Street Institute and CCIA as the Number of Petitions (IPRs) Continues to Grow

    Patent Trial and Appeal Board (PTAB) inter partes reviews (IPRs) come to the rescue when patently-bogus patents are used, covering totally abstract concepts (like software patents do); IPRs continue to increase in number and opponents of PTAB, who conveniently cherry-pick Supreme Court (SCOTUS) decisions, can't quite stop that



  14. IAM/Joff Wild May Have Become a de Facto Media Partner of the Patent Troll iPEL

    Invitation to trolls in China, courtesy of the patent trolls' lobby called "IAM"; this shows no signs of stopping and has become rather blatant



  15. Cautionary Tale: ILO Administrative Tribunal Cases (Appeals) 'Intercepted' Under António Campinos

    The ILO Administrative Tribunal (ILO-AT) is advertised by the EPO's management as access to justice, but it's still being undermined quite severely to the detriment of aggrieved staff



  16. Asking the USPTO to Comply With 35 U.S.C. § 101 is Like Asking Pentagon Officials to Pursue Real, Persistent Peace

    Some profit from selling weapons, whereas others profit from patent grants and litigation; what's really needed right now is patent sanity and adherence to the public interest as well as the law itself, e.g. Supreme Court (SCOTUS) decisions



  17. BT and Sonos Are Still Patent Bullies, Seeing Patents as a Backup Plan

    The companies seeking to complement their business (or make up for their demise) using patents are still suing rivals while calling that litigation "research and development" (the same old euphemism)



  18. Jim Skippen, a Longtime Patent Troll, Admits That the Trolling Sector is Collapsing

    Canada's biggest patent troll (WiLAN) bar BlackBerry doesn't seem to be doing too well as its CEO leaves the domain altogether



  19. From East Asia to the Eastern District of Texas: XYZ Printing, Maxell, and X2Y Attenuators

    The patent aggression, which relies on improper litigation venues, harms innocent parties a great deal; only their lawyers benefit from all this mess



  20. Links 14/7/2018: Mesa 18.1.4, Elisa 0.2.1, More on Python's Guido van Rossum

    Links for the day



  21. Number of Oppositions to Grants/Awards of European Patents at the EPO Has Skyrocketed, Based on Internal Data

    The number of challenged patents continues to soar and staff of the EPO (examiners already over-encumbered by far too much work, due to unrealistic targets) would struggle to cope or simply be compelled to not properly deal with oppositions



  22. 'Transaction' Complete: Former EPO Executive From Belgium Takes the Seat of António Campinos at EU-IPO

    Rumours that Belgium made a back room deal with Battistelli may be further substantiated with the just-confirmed appointment of Archambeau



  23. EPO Abuses Against People With Disabilities Followed by Legal Bullying?

    The new President of the EPO is not (at least not yet) obeying court rulings from ILO; The above move seems like an attempt to derail ongoing cases at the ILO’s Administrative Tribunal (ILO-AT), i.e. yet more strong-arming



  24. Weeks Later António Campinos Still in Noncompliance With the Courts (ILO's Tribunal)

    'report card' for the ever-so-intransparent (or nontransparent) new President of the EPO, who does not even bother obeying court rulings



  25. Links 13/7/2018: Kube 0.7.0, Trisquel 8.0 LTS Reviewed

    Links for the day



  26. Constitutionality and CJEU as Barriers, the UPC Agreement (UPCA) is Already Moot in the United Kingdom

    The Unified Patent Court (UPC) isn't going anywhere and the UK merely "explores" what to do about it; for Team UPC, however, this means that the UK "confirms intention to remain in Unitary Patent system after Brexit" (clearly a case of deliberate misinformation)



  27. It's Not About EPO 'Backlog' But About Faking 'Production' by Lowering Standards

    Remarks on the EPO dropping all pretenses of genuine care for patent quality; it's all about speed now, never mind if wrongly-granted patents can cause billions in damages across Europe (a lot of that money flows towards patent law firms)



  28. Links 12/7/2018: GTK+ 4.0 Plans, OpenBSD Gains Wi-Fi “Auto-Join”

    Links for the day



  29. The Anti-35 U.S.C. § 101 Lobby Pushes Old News Into the Headlines in an Effort to Resurrect/Protect Software Patents

    The software patenting proponents (law firms for the most part) are still doing anything they can -- stretching even months into the past -- in an effort to modify the law in defiance of Supreme Court (SCOTUS) rulings



  30. Thomas Massie and Marcy Kaptur Are Promoting the Interests of Patent Trolls and Patent Lawyers While Calling That “Innovation”

    Remarks on the ongoing effort to promote patent trolls’ interests under the guise of “helping small businesses” — a very misleading propaganda pattern that we have been finding in Unified Patent Court (UPC) lobbying at the EPO


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts