EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS


Symantec Lies About GNU/Linux

Posted in GNU/Linux, Security, Windows at 9:56 am by Dr. Roy Schestowitz

Kent Hovind mug shot
Symantec: the Kent Hovind of security?
(mug shot of Kent Hovind courtesy of Escambia
County Sheriff’s Office after his arrest)

Summary: In order to sell some products, Symantec spreads GNU/Linux fear based on misinformation

EVERY once in a while Symantec aims its FUD pistol at some innocent element of computing which Symantec claims has a problem (and Symantec of course offers a solution to this problem). We have already explained this business strategy (using examples that misuse Free software [1, 2]), which characterises many quacks and pseudo-science. That’s why we put Kent Hovind at the top, for those who still wonder.

An issue which we discussed earlier today in IRC is the latest stunt from Symantec, which is probably best deconstructed and explained by Slashdot user “superapecommando” who submits:

The latest MessageLabs Intelligence Report from Symantec Hosted Services is filled with interesting and useful information regarding the current state of malware and e-mail borne threats as well as the trends over time. Of particular interest to me is the assertion in the report that “any given Linux machine is five times more likely to be sending spam than any given Windows machine.”

A pretty clear case of sensationalist metrics from a company which wants to sell their hosted security solutions to Linux box admins. But one interesting thing that comes out of the story is that many of the security researchers believe that misconfigured POSTFIX and SENDMAIL installations are cloaking the actual amount of spam coming from infected Windows hosts.

Desktops that unleash vast amounts of SPAM actually run Windows and one in two Windows PCs is believed/estimated to be a zombie (either active or not). GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM. Should GNU/Linux therefore be blamed? Of course not. It’s just very good at delivering mail.

“GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM.”Quoting Symantec a little further from its ‘report’ (which assumes bogus numbers about the market share of GNU/Linux), “by calculating a ratio of spam from a given operating system compared to the market share, we can get a “spam index” which shows relative to its market share, the likelihood that a particular computer is sending spam, based on its operating system. In the current spam climate, this index shows that relative to its market share, any given Linux machine is five times more likely to be sending spam than any given Windows machine…”

Another translation was sent to us by a reader who says: “Despite a total lack of evidence and being unable to detect the source OS of spam, we conclude that Linux machines are sending more SPAM because there are less of them.”

As our IRC logs will show later today (fragment posted below), there are even better explanations for that.

Techrights logo

IRC: #boycottnovell @ FreeNode: May 9th, 2010

Join us now at the IRC channel.

tessier__ http://www.v3.co.uk/v3/news/2262681/botnets-exploit-linux-owners May 10 09:29
tessier__ Someone is smoking crack. May 10 09:29
tessier__ crap May 10 09:31
schestowitz Windows is not used much for E-mail May 10 09:31
tessier__ There is something fishy about that website May 10 09:31
schestowitz Which one? May 10 09:31
schestowitz V3? May 10 09:31
tessier__ Not intentionally, no. But that’s what the botnets are doing with Windows: sending mail May 10 09:31
tessier__ Yeah May 10 09:31
schestowitz VNUNEt? May 10 09:31
tessier__ Have you heard of v3 before? May 10 09:31
tessier__ I never have. May 10 09:31
schestowitz Yes May 10 09:31
schestowitz Linux relays spam May 10 09:32
schestowitz It runs mail servers May 10 09:32
schestowitz It does what it’s supposed to do May 10 09:32
schestowitz Which is to relay requests May 10 09:32
tessier__ I cannot post a comment on that site. The captcha does not work. No matter what you put in there it does not accept it. May 10 09:32
tessier__ Linux by default is not an open relay. May 10 09:32
schestowitz I wonder what sends those requests though May 10 09:32
tessier__ No distro ships their mail servers that way. May 10 09:32
schestowitz It’s spammers May 10 09:32
tessier__ it will deliver the spam to you that someone injected via a Windows box though. May 10 09:33
schestowitz They use open relays May 10 09:33
schestowitz Running Linux because it’s better May 10 09:33
tessier__ Open relays are hard to find these days. May 10 09:33
schestowitz They get blacklisted May 10 09:33
tessier__ And spammers don’t run open relays either. They don’t want other spammers stealing their resources. May 10 09:33
schestowitz What was that list that gather IPs of spam relays? May 10 09:33
schestowitz many services used to look it up and in 2008 it had sustainability issues May 10 09:33
tessier__ Whenever I have investigated IP addresses that were sending me spam it was Windows boxes. May 10 09:33
tessier__ There are lots of DNSBLs May 10 09:34
tessier__ And they operate quite successfully May 10 09:34
tessier__ SORBS is one of the big ones these days May 10 09:34
schestowitz I can’t recall the one I think about. Articles about it were widespread 2 years ago. May 10 09:34
*schestowitz creates http://techrights.org/wiki/index.php/Facebook May 10 09:35
Techrights Title: Facebook – Techrights .::. Size~: 12.91 KB May 10 09:35
tessier__ There have been quite a few May 10 09:35
-BNtwitter/#boycottnovell-[popey] Mark proposes that 10.10 is released on Sunday 10th October 2010. Where 101010 = 42 = Meaning of Life / Universe / Everything! May 10 09:37
-BNtwitter/#boycottnovell-[nsisodiya] need a student volunteer for modifying C++ book #schoolos May 10 09:40
*benJIman has quit (Ping timeout: 252 seconds) May 10 09:42
-BNtwitter/#boycottnovell-[popey] There will be no public ISO of #Ubuntu Light with Unity, but will be tailored specifically for OEMs. May 10 09:49
-BNtwitter/#boycottnovell-[davidgerard] From @cracked – 5 Insane File Sharing Panics from Before the Internet – http://tinyurl.com/2ubthnw May 10 09:53
Techrights Title: 5 Insane File Sharing Panics from Before the Internet | Cracked.com .::. Size~: 81.74 KB May 10 09:53
-BNtwitter/#boycottnovell-[satipera] Liberal Democrat negotiations with Labour look likely if Brown goes quickly. May 10 09:55
*narendra (~79f5e1b0@gateway/web/freenode/x-xaqdkqksysommyyc) has joined #boycottnovell May 10 10:08
narendra where I can upload secrect document anonymousy ? May 10 10:08
narendra wikileaks is not working i think !! May 10 10:08
tessier__ http://موقع.وزارة-الاتصالات.مصر/Default.aspx May 10 10:16
tessier__ Awesome. May 10 10:16
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovell May 10 10:17
MinceR i’m not so enthusiastic about it. May 10 10:17
*benJIman has quit (Client Quit) May 10 10:17
tessier__ Why not? May 10 10:17
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovell May 10 10:17
MinceR because it allows even more domains that are difficult to type, read and compare May 10 10:18
MinceR IDN already lets you create identical-looking but distinct domains that can confuse users trying to check whether a certificate really applies to a supposedly secure connection. May 10 10:18
MinceR domain names used to be easy to handle (as such names should be) May 10 10:19
MinceR 7bit US-ASCII should have been enough. May 10 10:19
tessier__ SSL CA was broken from the beginning anyway. This doesn’t make things any worse. May 10 10:21
tessier__ Everyone just clicks ok regardless. May 10 10:21
tessier__ Although I am curious to know how you would work that sort of thing into a bind zone file. May 10 10:21
MinceR no, not everyone. May 10 10:26
Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. your_friend said,

    May 11, 2010 at 11:03 pm


    It is worth quoting Paul Wood, a senior analyst for Symantec Hosted Services, in full. This is so dumb, the Windows people will have to take if far from the source to make it stick.

    We found that more than 90 per cent of spam comes from Windows machines, which is not surprising. But if you look at Linux, it has only a one per cent market share but is responsible for more than five per cent of spam. So in a sense you’re more likely to get spam from a Linux than a Windows machine.

    There is not true in any sense. It is difficult to see how Phil Muncaster, the article’s author, could have taken this out of context and there is no forgiving Muncaster’s lack of critical thinking. If more than 90% of all spam comes from Windows, virtually all spam comes from Windows. Alternate interpretations have been debunked above, but the original statement was even dumber than its following missinterpretation by Muncaster.

    There are many good explanations mentioned above for what Symantic saw when they looked at, “the passive fingerprinting signatures of spam email traffic for the first time in this month’s report, in order to learn the type of operating system running on the infected spam-sending machines.” The most obvious are that GNU/Linux is efficient and well placed in networks. Windows’ poor network stack and zombie load mean that any Windows machine will only be able to do about 10% of a comparable GNU/Linux box. The later explanation, that most of the traffic comes because GNU/Linux is acting as a relay is even more damning for Windows – this means that GNU/Linux is just doing its job on networks where the administrators have made the mistake of using Windows on the desktop. The conclusion, backed by reasonable estimates of Windows infection rates and the fact that default GNU/Linux setting that preclude the bogus “open relay” explanation, is that all spam comes from Windows.

What Else is New

  1. Luxembourg Can Become a Hub of Patent Trolls If the EPO Carries on With Its 'Reforms', Even Without the UPC

    With or without the Unified Patent Court (UPC), which is the wet dream of patent trolls and their legal representatives, the EPO's terrible policies have landed a lot of low-quality patents on the hands of patent trolls (many of which operate through city-states that exist for tax evasion -- a fiscal environment ripe for shells)

  2. The Patent 'Printing Machine' of the EPO Will Spawn Many Lawsuits and Extortions (Threats of Lawsuits), in Effect Taxing Europe

    The money-obsessed, money-printing patent office, where the assembly line mentality has been adopted and patent-printing management is in charge, is devaluing or diluting the pool of European Patents, more so with restrictions (monetary barriers) to challenging bad patents

  3. Links 17/3/2018: Varnish 6, Wine 3.4

    Links for the day

  4. Deleted EPO Tweets and Promotion of Software Patents Amid Complaints About Abuse and Demise of Patent Quality

    Another ordinary day at the EPO with repressions of workforce, promotion of patents that aren't even allowed, and Team UPC failing to get its act together

  5. Guest Post: Suspected “Whitewashing” Operations by Željko Topić in Croatia

    Articles about EPO Vice-President Željko Topić are disappearing and sources indicate that it’s a result of yet more SLAPP from him

  6. Monumental Effort to Highlight Decline in Quality of European Patents (a Quarter of Examiners Sign Petition in Spite of Fear), Yet Barely Any Press Coverage

    he media in Europe continues to be largely apathetic towards the EPO crisis, instead relaying a bunch of press releases and doctored figures from the EPO; only blogs that closely follow EPO scandals bothered mentioning the new petition

  7. Careful Not to Conflate UPC Critics With AfD or Anti-EU Elements

    The tyrannical Unified Patent Court (UPC) is being spun as something that only fascists would oppose after the right-wing, anti-EU politicians in Germany express strong opposition to it

  8. Links 15/3/2018: Qt Creator 4.6 RC, Microsoft Openwashing

    Links for the day

  9. PTAB Continues to Increase Capacity Ahead of Oil States; Patent Maximalists Utterly Upset

    The Patent Trial and Appeal Board (PTAB) sees the number of filings up to an almost all-time high and efforts to undermine PTAB are failing pretty badly -- a trend which will be further cemented quite soon when the US Supreme Court (quite likely) backs the processes of PTAB

  10. Patent Maximalists Are Still Trying to Create a Patent Bubble in India

    Litigation maximalists and patent zealots continue to taunt India, looking for an opportunity to sue over just about anything including abstract ideas because that's what they derive income from

  11. EPO Staff Has Just Warned the National Delegates That EPO's Decline (in Terms of Patent Quality and Staff Welfare) Would Be Beneficial to Patent Trolls

    The staff of the EPO increasingly recognises the grave dangers of low-quality patents -- an issue we've written about (also in relation to the EPO) for many years

  12. The EPO is a Mess Under Battistelli and Stakeholders Including Law Firms Will Suffer, Not Just EP Holders

    As one last 'gift' from Battistelli, appeals are becoming a lot more expensive -- the very opposite of what he does to applications, in effect ensuring a sharp increase in wrongly-granted patents

  13. The EPO Under Battistelli Has Become Like China Under Xi and CPC

    The EPO is trying very hard to silence not only the union but also staff representatives; it's evidently worried that the lies told by Team Battistelli will be refuted and morale be affected by reality

  14. Links 14/3/2018: IPFire 2.19 – Core Update 119, Tails 3.6

    Links for the day

  15. Links 13/3/2018: Qt Creator 4.5.2, Tails 3.6, Firefox 59

    Links for the day

  16. Willy Minnoye (EPO) Threatened Staff With Disabilities Said to Have Been Caused by the EPO Work Pressures

    Willy Minnoye, or Battistelli's 'deputy' at the EPO until last year, turns out to have misused powers (and immunity) to essentially bully vulnerable staff

  17. IAM and IBM Want Lots of Patent Litigation in India

    Having 'championed' lobbying for litigation Armageddon in China (where IBM's practicing business units have gone), patent maximalists set their eyes on India

  18. The Patent Trolls' Lobby (IAM) Already Pressures Andrei Iancu, Inciting a USPTO Director Against PTAB

    Suspicions that Iancu might destroy the integrity of the Office for the sake of the litigation ‘industry’ may be further reaffirmed by the approach towards patent maximalists from IAM, who also participated in the shaming of his predecessor, Michelle Lee, and promoted a disgraced judge (and friend of patent trolls) for her then-vacant role

  19. Patent Trolls in the United States Increasingly Target Small Businesses Which Cannot Challenge Their Likely-Invalid Software Patents

    South by Southwest (SXSW Conference/Festivals in Austin, Texas) has a presentation about patent trolls, whose general message may be reaffirmed by recent legal actions in Texas and outside Texas

  20. EPO Staff Union Organises Protest to Complain About Inability “of the Office to Recruit the Highly Qualified Staff it Needs.”

    Having already targeted union leaders and staff representatives, the EPO may soon be going after those whom they passionately represented and the staff union (SUEPO) wants the Administrative Council to be aware

  21. Battistelli Likes to Describe His Critics as 'Nazis', Team UPC Will Attempt the Same Thing Against UPC Critics

    Demonising one's opposition or framing it as "fascist" is a classic trick; to what degree will Team UPC exploit such tactics?

  22. Session in Bavaria to Discuss the Abuses of the European Patent Office Later Today

    The EPO shambles in Munich have gotten the attention of more Bavarian politicians, more so in light of the Constitutional complaint against the UPC (now dealt with by the German FCC, which saw merit in the complaint)

  23. Links 12/3/2018: Linux 4.16 RC5, KEXI 3.1, Karton 1.0, Netrunner 18.03, Debian 9.4

    Links for the day

  24. EPO Patent 'Growth' Not Achieved But Demanded/Mandated by Battistelli, by Lowering Quality of Patents/Services

    Targets at the EPO are not actually reached but are being imposed by overzealous management which dries up all the work in a hurry in order to make examiners redundant and many European Patents worthless

  25. Doubt Over Independence of Judges at the EPO Clouds Reason in Deciding Regarding Patents on Life

    With the growing prospect of a Board of Appeal (BoA) having to decide on patentability of CRISPR 'innovation' (more like explanation/discovery), questions linger or persist about judges' ability to rule as they see fit rather than what some lunatic wants

  26. Patent Academics and CAFC Make a Living Out of Patents, But Both Must Begrudgingly Learn to Accept That Patents Went Too Far

    A look at academic pundits' views on the patent system of the United States and where the Federal Circuit (a high patent court) stands on these matters after the US Supreme Court (highest possible court) lashed out at many of its decisions, especially those from the disgraced Rader years

  27. Patent Maximalists Cause a Crisis of Legitimacy for Patent Law

    The patent extremists who nowadays equate monopolies on mere ideas to "property" and "rights" gradually cause the public to lose respect for patents, more or less in the same way copyright maximalists (and copyright trolls) cause the population to seek alternatives (both legal and illegal)

  28. We Shall Soon Find Out Where Trump Appointees Such as Neil Gorsuch Stand on Patent Policies

    Staff shuffles at top-level roles will soon reveal what Donald Trump's changes mean to patent law and caselaw

  29. Trump's USPTO Changes Patent Designs, Changes Director/Deputy Director, and Anticipat 'Ranks' Patent Examiners Based on How They Deal With Section 101

    Today's USPTO isn't the same USPTO which was managed by Michelle Lee and anti-PTAB groups (proponents of software patents) have begun profiling examiners based on their stance on abstract/software patents -- a form of neo-McCarthyism

  30. Links 10/3/2018: Amarok 2.9.0, Debian 9.4, Sparky 5.3

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time


Recent Posts