EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.10.10

Symantec Lies About GNU/Linux

Posted in GNU/Linux, Security, Windows at 9:56 am by Dr. Roy Schestowitz

Kent Hovind mug shot
Symantec: the Kent Hovind of security?
(mug shot of Kent Hovind courtesy of Escambia
County Sheriff’s Office after his arrest)

Summary: In order to sell some products, Symantec spreads GNU/Linux fear based on misinformation

EVERY once in a while Symantec aims its FUD pistol at some innocent element of computing which Symantec claims has a problem (and Symantec of course offers a solution to this problem). We have already explained this business strategy (using examples that misuse Free software [1, 2]), which characterises many quacks and pseudo-science. That’s why we put Kent Hovind at the top, for those who still wonder.

An issue which we discussed earlier today in IRC is the latest stunt from Symantec, which is probably best deconstructed and explained by Slashdot user “superapecommando” who submits:

The latest MessageLabs Intelligence Report from Symantec Hosted Services is filled with interesting and useful information regarding the current state of malware and e-mail borne threats as well as the trends over time. Of particular interest to me is the assertion in the report that “any given Linux machine is five times more likely to be sending spam than any given Windows machine.”

A pretty clear case of sensationalist metrics from a company which wants to sell their hosted security solutions to Linux box admins. But one interesting thing that comes out of the story is that many of the security researchers believe that misconfigured POSTFIX and SENDMAIL installations are cloaking the actual amount of spam coming from infected Windows hosts.

Desktops that unleash vast amounts of SPAM actually run Windows and one in two Windows PCs is believed/estimated to be a zombie (either active or not). GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM. Should GNU/Linux therefore be blamed? Of course not. It’s just very good at delivering mail.

“GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM.”Quoting Symantec a little further from its ‘report’ (which assumes bogus numbers about the market share of GNU/Linux), “by calculating a ratio of spam from a given operating system compared to the market share, we can get a “spam index” which shows relative to its market share, the likelihood that a particular computer is sending spam, based on its operating system. In the current spam climate, this index shows that relative to its market share, any given Linux machine is five times more likely to be sending spam than any given Windows machine…”

Another translation was sent to us by a reader who says: “Despite a total lack of evidence and being unable to detect the source OS of spam, we conclude that Linux machines are sending more SPAM because there are less of them.”

As our IRC logs will show later today (fragment posted below), there are even better explanations for that.


Techrights logo

IRC: #boycottnovell @ FreeNode: May 9th, 2010

Join us now at the IRC channel.

tessier__ http://www.v3.co.uk/v3/news/2262681/botnets-exploit-linux-owners May 10 09:29
tessier__ Someone is smoking crack. May 10 09:29
tessier__ crap May 10 09:31
schestowitz Windows is not used much for E-mail May 10 09:31
tessier__ There is something fishy about that website May 10 09:31
schestowitz Which one? May 10 09:31
schestowitz V3? May 10 09:31
tessier__ Not intentionally, no. But that’s what the botnets are doing with Windows: sending mail May 10 09:31
tessier__ Yeah May 10 09:31
schestowitz VNUNEt? May 10 09:31
tessier__ Have you heard of v3 before? May 10 09:31
tessier__ I never have. May 10 09:31
schestowitz Yes May 10 09:31
schestowitz Linux relays spam May 10 09:32
schestowitz It runs mail servers May 10 09:32
schestowitz It does what it’s supposed to do May 10 09:32
schestowitz Which is to relay requests May 10 09:32
tessier__ I cannot post a comment on that site. The captcha does not work. No matter what you put in there it does not accept it. May 10 09:32
tessier__ Linux by default is not an open relay. May 10 09:32
schestowitz I wonder what sends those requests though May 10 09:32
tessier__ No distro ships their mail servers that way. May 10 09:32
schestowitz It’s spammers May 10 09:32
tessier__ it will deliver the spam to you that someone injected via a Windows box though. May 10 09:33
schestowitz They use open relays May 10 09:33
schestowitz Running Linux because it’s better May 10 09:33
tessier__ Open relays are hard to find these days. May 10 09:33
schestowitz They get blacklisted May 10 09:33
tessier__ And spammers don’t run open relays either. They don’t want other spammers stealing their resources. May 10 09:33
schestowitz What was that list that gather IPs of spam relays? May 10 09:33
schestowitz many services used to look it up and in 2008 it had sustainability issues May 10 09:33
tessier__ Whenever I have investigated IP addresses that were sending me spam it was Windows boxes. May 10 09:33
tessier__ There are lots of DNSBLs May 10 09:34
tessier__ And they operate quite successfully May 10 09:34
tessier__ SORBS is one of the big ones these days May 10 09:34
schestowitz I can’t recall the one I think about. Articles about it were widespread 2 years ago. May 10 09:34
*schestowitz creates http://techrights.org/wiki/index.php/Facebook May 10 09:35
Techrights Title: Facebook – Techrights .::. Size~: 12.91 KB May 10 09:35
tessier__ There have been quite a few May 10 09:35
-BNtwitter/#boycottnovell-[popey] Mark proposes that 10.10 is released on Sunday 10th October 2010. Where 101010 = 42 = Meaning of Life / Universe / Everything! May 10 09:37
-BNtwitter/#boycottnovell-[nsisodiya] need a student volunteer for modifying C++ book #schoolos May 10 09:40
*benJIman has quit (Ping timeout: 252 seconds) May 10 09:42
-BNtwitter/#boycottnovell-[popey] There will be no public ISO of #Ubuntu Light with Unity, but will be tailored specifically for OEMs. May 10 09:49
-BNtwitter/#boycottnovell-[davidgerard] From @cracked – 5 Insane File Sharing Panics from Before the Internet – http://tinyurl.com/2ubthnw May 10 09:53
Techrights Title: 5 Insane File Sharing Panics from Before the Internet | Cracked.com .::. Size~: 81.74 KB May 10 09:53
-BNtwitter/#boycottnovell-[satipera] Liberal Democrat negotiations with Labour look likely if Brown goes quickly. May 10 09:55
*narendra (~79f5e1b0@gateway/web/freenode/x-xaqdkqksysommyyc) has joined #boycottnovell May 10 10:08
narendra where I can upload secrect document anonymousy ? May 10 10:08
narendra wikileaks is not working i think !! May 10 10:08
tessier__ http://موقع.وزارة-الاتصالات.مصر/Default.aspx May 10 10:16
tessier__ Awesome. May 10 10:16
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovell May 10 10:17
MinceR i’m not so enthusiastic about it. May 10 10:17
*benJIman has quit (Client Quit) May 10 10:17
tessier__ Why not? May 10 10:17
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovell May 10 10:17
MinceR because it allows even more domains that are difficult to type, read and compare May 10 10:18
MinceR IDN already lets you create identical-looking but distinct domains that can confuse users trying to check whether a certificate really applies to a supposedly secure connection. May 10 10:18
MinceR domain names used to be easy to handle (as such names should be) May 10 10:19
MinceR 7bit US-ASCII should have been enough. May 10 10:19
tessier__ SSL CA was broken from the beginning anyway. This doesn’t make things any worse. May 10 10:21
tessier__ Everyone just clicks ok regardless. May 10 10:21
tessier__ Although I am curious to know how you would work that sort of thing into a bind zone file. May 10 10:21
MinceR no, not everyone. May 10 10:26
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. your_friend said,

    May 11, 2010 at 11:03 pm

    Gravatar

    It is worth quoting Paul Wood, a senior analyst for Symantec Hosted Services, in full. This is so dumb, the Windows people will have to take if far from the source to make it stick.

    We found that more than 90 per cent of spam comes from Windows machines, which is not surprising. But if you look at Linux, it has only a one per cent market share but is responsible for more than five per cent of spam. So in a sense you’re more likely to get spam from a Linux than a Windows machine.

    There is not true in any sense. It is difficult to see how Phil Muncaster, the article’s author, could have taken this out of context and there is no forgiving Muncaster’s lack of critical thinking. If more than 90% of all spam comes from Windows, virtually all spam comes from Windows. Alternate interpretations have been debunked above, but the original statement was even dumber than its following missinterpretation by Muncaster.

    There are many good explanations mentioned above for what Symantic saw when they looked at, “the passive fingerprinting signatures of spam email traffic for the first time in this month’s report, in order to learn the type of operating system running on the infected spam-sending machines.” The most obvious are that GNU/Linux is efficient and well placed in networks. Windows’ poor network stack and zombie load mean that any Windows machine will only be able to do about 10% of a comparable GNU/Linux box. The later explanation, that most of the traffic comes because GNU/Linux is acting as a relay is even more damning for Windows – this means that GNU/Linux is just doing its job on networks where the administrators have made the mistake of using Windows on the desktop. The conclusion, backed by reasonable estimates of Windows infection rates and the fact that default GNU/Linux setting that preclude the bogus “open relay” explanation, is that all spam comes from Windows.

What Else is New


  1. Good News: US Supreme Court Rejects Efforts to Revisit Alice, Most Software Patents to Remain Worthless

    35 U.S.C. § 101 will likely remain in tact for a long time to come; courts have come to grips with the status quo, as even the Federal Circuit approves the large majority of invalidations by the Patent Trial and Appeal Board’s (PTAB) panels, initiated by inter partes reviews (IPRs)



  2. Florian Müller's Article About SEPs and the EPO

    Report from the court in Munich, where the EPO is based



  3. EPO Vice-President Željko Topić in New Article About Corruption in Croatia

    The Croatian newspaper 7Dnevno has an outline of what Željko Topić has done in Croatia and in the EPO in Munich; it argues that this seriously erodes Croatia's national brand/identity



  4. The Quality of European Patents Continues to Deteriorate Under António Campinos and Software Patents Are Advocated Every Day

    The EPC in the European Patent Office and 35 U.S.C. § 101 in the USPTO annul most if not all software patents; under António Campinos, however, software patents are being granted in Europe and the USPTO exploits similar tricks



  5. Team UPC is Still Spreading False Rumours in an Effort to Trick Politicians and Pressure Judges

    Abuses at the European Patent Office, political turmoil and an obvious legislative coup by a self-serving occupation that produces nothing have already doomed the Unitary Patent or Unified Patent Court (UPC); so now we deal with complete fabrications from Team UPC as they're struggling to make something out of nothing, anonymously smearing opposition to the UPC and anonymously making stuff up



  6. Patents on Life and Patents That Kill the Poor Would Only Delegitimise the European Patent Office

    After Mayo, Myriad and other SCOTUS cases (the basis of 35 U.S.C. § 101) the U.S. Patent and Trademark Office is reluctant to grant patents on life; the European Patent Office (EPO), however, goes in the opposite direction, even in defiance of the European Patent Convention



  7. EPO 'Untapped Potential'

    "Campinos is diligently looking for ways to further increase the Office’s output without increasing the number of examiners," says the EPO-FLIER team



  8. Links 9/12/2018: New Linux Stable Releases (Notably Linux 4.19.8), RC Coming, and Unifont 11.0.03

    Links for the day



  9. Links 8/12/2018: Mesa 18.3.0, Mageia 7 Beta, WordPress 5.0

    Links for the day



  10. The European Patent Organisation is Like a Private Club and Roland Grossenbacher is Back in It

    In the absence of Benoît Battistelli quality control at the EPO is still not effective; patents are being granted like the sole goal is to increase so-called 'production' (or profit), appeals are being subjected to threats from Office management, and external courts (courts that assess patents outside the jurisdiction of the Office/Organisation) are being targeted with a long-sought replacement like the Unified Patent Court, or UPC (Unitary Patent)



  11. Links 7/12/2018: GNU Guix, GuixSD 0.16.0, GCC 7.4, PHP 7.3.0 Released

    Links for the day



  12. The Federal Circuit's Decision on Ancora Technologies v HTC America is the Rare Exception, Not the Norm

    Even though the PTAB does not automatically reject every patent when 35 U.S.C. § 101 gets invoked we're supposed to think that somehow things are changing in favour of patent maximalists; but all they do is obsess over something old (as old as a month ago) and hardly controversial



  13. The European Patent Office Remains a Lawless Place Where Judges Are Afraid of the Banker in Chief

    With the former banker Campinos replacing the politician Battistelli and seeking to have far more powers it would be insane for the German Constitutional Court to ever allow anything remotely like the UPC; sites that are sponsored by Team UPC, however, try to influence outcomes, pushing patent maximalism and diminishing the role of patent judges



  14. Many of the Same People Are Still in Charge of the European Patent Office Even Though They Broke the Law

    "EPO’s art collection honoured with award," the EPO writes, choosing to distract from what actually goes on at the Office and has never been properly dealt with



  15. Links 6/12/2018: FreeNAS 11.2, Mesa 18.3 Later Today, Fedora Elections

    Links for the day



  16. EPO, in Its Patent Trolls-Infested Forum, Admits It is Granting Bogus Software Patents Under the Guise of 'Blockchain'

    Yesterday's embarrassing event of the EPO was a festival of the litigation giants and trolls, who shrewdly disguise patents on algorithms using all sorts of fashionable words that often don't mean anything (or deviate greatly from their original meanings)



  17. The Patent Litigation Bubble is Imploding in the US While the UPC Dies in Europe

    The meta-industry which profits from feuds, disputes, threats and blackmail isn't doing too well; even in Europe, where it worked hard for a number of years to institute a horrible litigation system which favours global plaintiffs (patent trolls, opportunists and monopolists), these things are going up in flames



  18. Links 5/12/2018: Epic Games Store, CrossOver 18.1.0, Important Kubernetes Patch

    Links for the day



  19. Links 4/12/2018: LibrePCB 0.1.0, SQLite 3.26.0, PhysX Code

    Links for the day



  20. EPO Management Keeps Embarrassing Itself, UPC More Dead Than Before, and Nokia Turns Aggressive

    The EPO’s race to the bottom of patent quality continues, it’s now complemented by direct association with patent trolls and law stands in their way (for they repeatedly violate the law)



  21. The Intellectual Property Owners Association (IPO) and IBM Are Part of the Software Patents Problem in the United States

    IBM's special role in lobbying for software patents (and against PTAB) needs to be highlighted; even Ethereum’s co-founder isn't happy about IBM's meddling in the blockchain space (with help from Hyperledger/Linux Foundation)



  22. The Patent Trial and Appeal Board (PTAB) Not Falling for Attempts to Prevent It From Instituting Challenges

    In the face of patent maximalists' endless efforts to derail patent quality the tribunal keeps calm and carries on smashing bad patents



  23. Links 2/12/2018: Linux 4.20 RC5, Snapcraft 3.0, VirtualBox 6.0 Beta 3

    Links for the day



  24. The Patent Microcosm Hopes That the Federal Circuit Will Get 'Tired' of Rejecting Software Patents

    Trolls-friendly sites aren't tolerating this court's habit of saying "no" to software patents; the Chief Judge meanwhile acknowledges that they're being overrun by a growing number of cases/appeals



  25. 35 U.S.C. § 101 Continues to Crush Software Patents and Even Microsoft Joins 'the Fun'

    The Court of Appeals for the Federal Circuit (CAFC) and even courts below it continue to throw out software patents or send them back to PTAB and lower courts; there is virtually nothing for patent maximalists to celebrate any longer



  26. The Anti-Section 101 (Pro-Software Patents) Lobby Looks at New Angles for Watering Down Guidelines and Caselaw

    By focusing on jury trials and patent trolls the proponents of bunk, likely-invalid abstract patents hope to overrule or override technical courts such as the Patent Trial and Appeal Board (PTAB)



  27. Patent Trolls, USPTO Director Andrei Iancu and Section 101

    The world’s most important patent office is now run by a courts-hostile person (an 'American Battistelli') who is happy to ignore the courts’ caselaw and listen to patent trolls instead; this means that science and technology, not to mention the law itself, will suffer



  28. Be Wary of the Latest Lies About the Unified Patent Court (UPC), Courtesy of CIPA and Marks & Clerk (Team UPC)

    It's rather noteworthy that no matter how grim things have become for Team UPC, which drafted and promoted new laws for self-enrichment purposes, these people persist with all the same lies that predate several more barriers, which no doubt will prove fatal to the Unified Patent Court Agreement (UPCA)



  29. Links 1/12/2018: 4MLinux 27.0, GNU Wget 1.20 Released

    Links for the day



  30. EPO Management High-Fiving Patent Propaganda Sites Like 'Managing IP' While Granting Illegitimate Patents on Algorithms

    Having mastered the art of hype and buzzwords, the management of the EPO carries on pretending that it does nothing wrong by rubber-stamping abstract patents on mathematics


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts