EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.10.10

Symantec Lies About GNU/Linux

Posted in GNU/Linux, Security, Windows at 9:56 am by Dr. Roy Schestowitz

Kent Hovind mug shot
Symantec: the Kent Hovind of security?
(mug shot of Kent Hovind courtesy of Escambia
County Sheriff’s Office after his arrest)

Summary: In order to sell some products, Symantec spreads GNU/Linux fear based on misinformation

EVERY once in a while Symantec aims its FUD pistol at some innocent element of computing which Symantec claims has a problem (and Symantec of course offers a solution to this problem). We have already explained this business strategy (using examples that misuse Free software [1, 2]), which characterises many quacks and pseudo-science. That’s why we put Kent Hovind at the top, for those who still wonder.

An issue which we discussed earlier today in IRC is the latest stunt from Symantec, which is probably best deconstructed and explained by Slashdot user “superapecommando” who submits:

The latest MessageLabs Intelligence Report from Symantec Hosted Services is filled with interesting and useful information regarding the current state of malware and e-mail borne threats as well as the trends over time. Of particular interest to me is the assertion in the report that “any given Linux machine is five times more likely to be sending spam than any given Windows machine.”

A pretty clear case of sensationalist metrics from a company which wants to sell their hosted security solutions to Linux box admins. But one interesting thing that comes out of the story is that many of the security researchers believe that misconfigured POSTFIX and SENDMAIL installations are cloaking the actual amount of spam coming from infected Windows hosts.

Desktops that unleash vast amounts of SPAM actually run Windows and one in two Windows PCs is believed/estimated to be a zombie (either active or not). GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM. Should GNU/Linux therefore be blamed? Of course not. It’s just very good at delivering mail.

“GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM.”Quoting Symantec a little further from its ‘report’ (which assumes bogus numbers about the market share of GNU/Linux), “by calculating a ratio of spam from a given operating system compared to the market share, we can get a “spam index” which shows relative to its market share, the likelihood that a particular computer is sending spam, based on its operating system. In the current spam climate, this index shows that relative to its market share, any given Linux machine is five times more likely to be sending spam than any given Windows machine…”

Another translation was sent to us by a reader who says: “Despite a total lack of evidence and being unable to detect the source OS of spam, we conclude that Linux machines are sending more SPAM because there are less of them.”

As our IRC logs will show later today (fragment posted below), there are even better explanations for that.


Techrights logo

IRC: #boycottnovell @ FreeNode: May 9th, 2010

Join us now at the IRC channel.

tessier__ http://www.v3.co.uk/v3/news/2262681/botnets-exploit-linux-owners May 10 09:29
tessier__ Someone is smoking crack. May 10 09:29
tessier__ crap May 10 09:31
schestowitz Windows is not used much for E-mail May 10 09:31
tessier__ There is something fishy about that website May 10 09:31
schestowitz Which one? May 10 09:31
schestowitz V3? May 10 09:31
tessier__ Not intentionally, no. But that’s what the botnets are doing with Windows: sending mail May 10 09:31
tessier__ Yeah May 10 09:31
schestowitz VNUNEt? May 10 09:31
tessier__ Have you heard of v3 before? May 10 09:31
tessier__ I never have. May 10 09:31
schestowitz Yes May 10 09:31
schestowitz Linux relays spam May 10 09:32
schestowitz It runs mail servers May 10 09:32
schestowitz It does what it’s supposed to do May 10 09:32
schestowitz Which is to relay requests May 10 09:32
tessier__ I cannot post a comment on that site. The captcha does not work. No matter what you put in there it does not accept it. May 10 09:32
tessier__ Linux by default is not an open relay. May 10 09:32
schestowitz I wonder what sends those requests though May 10 09:32
tessier__ No distro ships their mail servers that way. May 10 09:32
schestowitz It’s spammers May 10 09:32
tessier__ it will deliver the spam to you that someone injected via a Windows box though. May 10 09:33
schestowitz They use open relays May 10 09:33
schestowitz Running Linux because it’s better May 10 09:33
tessier__ Open relays are hard to find these days. May 10 09:33
schestowitz They get blacklisted May 10 09:33
tessier__ And spammers don’t run open relays either. They don’t want other spammers stealing their resources. May 10 09:33
schestowitz What was that list that gather IPs of spam relays? May 10 09:33
schestowitz many services used to look it up and in 2008 it had sustainability issues May 10 09:33
tessier__ Whenever I have investigated IP addresses that were sending me spam it was Windows boxes. May 10 09:33
tessier__ There are lots of DNSBLs May 10 09:34
tessier__ And they operate quite successfully May 10 09:34
tessier__ SORBS is one of the big ones these days May 10 09:34
schestowitz I can’t recall the one I think about. Articles about it were widespread 2 years ago. May 10 09:34
*schestowitz creates http://techrights.org/wiki/index.php/Facebook May 10 09:35
Techrights Title: Facebook – Techrights .::. Size~: 12.91 KB May 10 09:35
tessier__ There have been quite a few May 10 09:35
-BNtwitter/#boycottnovell-[popey] Mark proposes that 10.10 is released on Sunday 10th October 2010. Where 101010 = 42 = Meaning of Life / Universe / Everything! May 10 09:37
-BNtwitter/#boycottnovell-[nsisodiya] need a student volunteer for modifying C++ book #schoolos May 10 09:40
*benJIman has quit (Ping timeout: 252 seconds) May 10 09:42
-BNtwitter/#boycottnovell-[popey] There will be no public ISO of #Ubuntu Light with Unity, but will be tailored specifically for OEMs. May 10 09:49
-BNtwitter/#boycottnovell-[davidgerard] From @cracked – 5 Insane File Sharing Panics from Before the Internet – http://tinyurl.com/2ubthnw May 10 09:53
Techrights Title: 5 Insane File Sharing Panics from Before the Internet | Cracked.com .::. Size~: 81.74 KB May 10 09:53
-BNtwitter/#boycottnovell-[satipera] Liberal Democrat negotiations with Labour look likely if Brown goes quickly. May 10 09:55
*narendra (~79f5e1b0@gateway/web/freenode/x-xaqdkqksysommyyc) has joined #boycottnovell May 10 10:08
narendra where I can upload secrect document anonymousy ? May 10 10:08
narendra wikileaks is not working i think !! May 10 10:08
tessier__ http://موقع.وزارة-الاتصالات.مصر/Default.aspx May 10 10:16
tessier__ Awesome. May 10 10:16
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovell May 10 10:17
MinceR i’m not so enthusiastic about it. May 10 10:17
*benJIman has quit (Client Quit) May 10 10:17
tessier__ Why not? May 10 10:17
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovell May 10 10:17
MinceR because it allows even more domains that are difficult to type, read and compare May 10 10:18
MinceR IDN already lets you create identical-looking but distinct domains that can confuse users trying to check whether a certificate really applies to a supposedly secure connection. May 10 10:18
MinceR domain names used to be easy to handle (as such names should be) May 10 10:19
MinceR 7bit US-ASCII should have been enough. May 10 10:19
tessier__ SSL CA was broken from the beginning anyway. This doesn’t make things any worse. May 10 10:21
tessier__ Everyone just clicks ok regardless. May 10 10:21
tessier__ Although I am curious to know how you would work that sort of thing into a bind zone file. May 10 10:21
MinceR no, not everyone. May 10 10:26
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. your_friend said,

    May 11, 2010 at 11:03 pm

    Gravatar

    It is worth quoting Paul Wood, a senior analyst for Symantec Hosted Services, in full. This is so dumb, the Windows people will have to take if far from the source to make it stick.

    We found that more than 90 per cent of spam comes from Windows machines, which is not surprising. But if you look at Linux, it has only a one per cent market share but is responsible for more than five per cent of spam. So in a sense you’re more likely to get spam from a Linux than a Windows machine.

    There is not true in any sense. It is difficult to see how Phil Muncaster, the article’s author, could have taken this out of context and there is no forgiving Muncaster’s lack of critical thinking. If more than 90% of all spam comes from Windows, virtually all spam comes from Windows. Alternate interpretations have been debunked above, but the original statement was even dumber than its following missinterpretation by Muncaster.

    There are many good explanations mentioned above for what Symantic saw when they looked at, “the passive fingerprinting signatures of spam email traffic for the first time in this month’s report, in order to learn the type of operating system running on the infected spam-sending machines.” The most obvious are that GNU/Linux is efficient and well placed in networks. Windows’ poor network stack and zombie load mean that any Windows machine will only be able to do about 10% of a comparable GNU/Linux box. The later explanation, that most of the traffic comes because GNU/Linux is acting as a relay is even more damning for Windows – this means that GNU/Linux is just doing its job on networks where the administrators have made the mistake of using Windows on the desktop. The conclusion, backed by reasonable estimates of Windows infection rates and the fact that default GNU/Linux setting that preclude the bogus “open relay” explanation, is that all spam comes from Windows.

What Else is New


  1. Reader's Article: Affaire Benalla Strongly Connected to EPO/OEB/EPA and Former President Benoît Battistelli

    A Macron scandal has led French media to finally (and years too late) exploring some of the much more explosive scandals at the EPO, revealing some interesting new details in the process



  2. Language Patent Lawyers Are Using to Warp the Debate and Decrease Public Understanding of Patents

    The patent microcosm, trying to get the public all baffled/confused about the patent system, continues (mis)using words to convey things in misleading ways



  3. USPTO FEES ACT Makes the US Patent Office a Money-Making Machine That Systematically Disregards Patent Quality

    The lingering issues with patent assessment at the US patent office, which unlike US courts isn't quite so impartial an actor (it benefits more from granting than from rejecting)



  4. Guest Post on Ronan Le Gleut and Benalla at the French Senate (in Light of Battistelli's Epic Abuses)

    Thoughts on the possibility that Battistelli will belatedly be held accountable for his abuses, knowing that a senator representing French Citizens residing Abroad comes from the EPO



  5. A Lot of US Patents Are Entirely Bogus, But Apple Was Willing to Pay for Them

    Apple's resistance to Qualcomm's patent aggression was preceded by very heavy ("thermonuclear" by Steve Jobs' description/words) patent wars against Android and even legitimisation of clearly bogus software patents from Amazon



  6. 'Owning' Nature, Thanks to Patent Insanity and People Who Profit From That

    Questionable patents on things that always existed and are merely being explained or reassembled; those sorts of patents typically serve to merely discredit the patent system and courts too increasingly reject such patents (e.g. SCOTUS on Mayo Collaborative Services and Myriad Genetics, Inc.)



  7. Patents Stranger Than Fiction and 'Protection' From Fictional Things

    Fictional things are being treated like "inventions" and insurance companies now look to exploit fear of fictional things (man-made concepts), such as ownership of mere ideas or words



  8. Benoît Battistelli Refuses to Talk to the Media About Bringing Firearms to the EPO

    Benoît Battistelli's highly aggressive approach has attracted the attention of French media; Battistelli has reportedly refused to comment on that matter, knowing that he lacks a defense (same thing happened after he had hauled millions of EPO euros to his other employer)



  9. Patent Law Firms Have Become More Like Marketing Departments With an Aptitude for Buzzwords

    What we're observing, without much reluctance anymore, is that a lot of patent lawyers still push abstract software patents, desperately looking for new trendy terms or adjectives by which to make these seem non-abstract



  10. Interlude: The Need to Counter Misinformation From the Patent and Litigation 'Industry'

    24,500 posts reached; so we pause and reflect, seeing that many sites/blogs of patent maximalists gradually ebb away



  11. Advocacy of the Unitary Patent System Has Become Almost Identical to the 'Leave' (Brexit) Campaign

    The charades of Team UPC carry on in Kluwer Patent Blog — a blog which for a very long time served no purpose other than Unified Patent Court (UPC) advocacy



  12. Open Invention Network is Rendered Obsolete in the Wake of Alice and It's Not Even Useful in Combating Microsoft's Patent Trolls

    Changes at the US Patent and Trademark Office (USPTO) and in US courts' outcomes may have already meant that patent trolls rather than software patents in general are a growing threat, including those that Microsoft is backing, funding and arming to put legal pressure on GNU/Linux (and compel people/companies to host GNU/Linux instances on Azure for patent 'protection' from these trolls)



  13. Bogus Patents Which Oughtn't Have Been Granted Make Products Deliberately Worse, Reducing Innovation and Worsening Customers' Experience

    How shallow patents — or patent applications that no patent office should be accepting — turn out to be at the core of multi-billion-dollar cases/lawsuits, with potentially a billion people impacted (their products made worse to work around such questionable patents)



  14. EPO is Like a Patent Litigation (Without Actual Trial) Office, Not a Patent Examination Office

    Examination of patent applications isn't taken seriously by an office whose entire existence was supposed to be about examination; bureaucracy at the top of this office has apparently decided that the sole goal is to create more demand (i.e. lawsuits) for the litigation 'industry'



  15. Philippe Cadre From the French National Institute of Industrial Property (INPI) Wants to Join António Campinos

    Yet another example of INPI's creeping influence if not 'entryism' at the EPO and this time too patent quality isn't a priority



  16. Links 22/9/2018: Mesa 18.2.1, CLIP OS, GPL Settlement in Artifex/First National Title Insurance Company

    Links for the day



  17. Links 21/9/2018: Cockpit 178, Purism 'Dongle'

    Links for the day



  18. Criticism of Unitary Patent (UPC) Agreement Doomed the UPC and Patent Trolls' Plan -- Along With the Litigation Lobby -- for Unified 'Extortion Vector'

    The Unitary Patent or Unified Patent Court (UPC) was the trolls' weapon against potentially millions of European businesses; but those businesses have woken up to the fact that it was against their interests and European member states such as Spain and Poland now oppose it while Germany halts ratification



  19. It Wasn't Judges With Weapons in Their Office, It Was Benoît Battistelli Who Brought Firearms to the European Patent Office (EPO)

    The EPO scandals deepen in light of a very major scandal which has occupied the French media for a couple of months



  20. Links 20/9/2018: 2018 Linux Audio Miniconference and Blackboard's Openwashing

    Links for the day



  21. Links 19/9/2018: Chromebooks Get More DEBs, LLVM 7.0.0 Released

    Links for the day



  22. Links 18/9/2018: Qt 5.12 Alpha , MAAS 2.5.0 Beta, PostgreSQL CoC

    Links for the day



  23. Today's European Patent Office (EPO) Works for Large, Foreign Pharmaceutical Companies in Pursuit of Patents on Nature, Life, and Essential/Basic Drugs

    The never-ending insanity which is patents on DNA/genome/genetics and all sorts of basic things that are put together like a recipe in a restaurant; patents are no longer covering actual machinery that accomplishes unique tasks in complicated ways, typically assembled from scratch by humans; some supposed 'inventions' are merely born into existence by the natural splitting of organisms or conception (e.g. pregnancy)



  24. The EPO Has Quit Pretending That It Cares About Patent Quality, All It Cares About is Quantity of Lawsuits

    A new interview with Roberta Romano-Götsch, as well as the EPO's promotion of software patents alongside CIPA (Team UPC), is an indication that the EPO has ceased caring about quality and hardly even pretends to care anymore



  25. Qualcomm's Escalating Patent Wars Have Already Caused Massive Buybacks (Loss of Reserves) and Loss of Massive Clients

    Qualcomm's multi-continental patent battles are an effort to 'shock and awe' everyone into its protection racket; but the unintended effect seems to be a move further and further away from 'Qualcomm territories'



  26. Links 17/9/2018: Torvalds Takes a Break, SQLite 3.25.0 Released

    Links for the day



  27. The Patent Trial and Appeal Board (PTAB) Helps Prevent Frivolous Software Patent Lawsuits

    PTAB with its quality-improving inter partes reviews (IPRs) is enraging patent maximalists; but by looking to work around it or weaken it they will simply reduce the confidence associated with US patents



  28. Abstract Patents (Things One Can Do With Pen and Paper, Sometimes an Abacus) Are a Waste of Money as Courts Disregard Them

    A quick roundup of patents and lawsuits at the heart of which there's little or no substance; 35 U.S.C. § 101 renders these moot



  29. “Blockchain” Hype and “FinTech”-Like Buzzwords Usher in Software Patents Everywhere, Even Where Such Patents Are Obviously Bunk

    Not only the U.S. Patent and Trademark Office (USPTO) embraces the "blockchain" hype; business methods and algorithms are being granted patent 'protection' (exclusivity) which would likely be disputed by the courts (if that ever reaches the courts)



  30. Qualcomm's Patent Aggression Threatens Rationality of Patent Scope in Europe and Elsewhere

    Qualcomm's dependence on patent taxes (so-called 'royalties' associated with physical devices which it doesn't even make) highlights the dangers now known; the patent thicket has grown too "thick"


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts