Bonum Certa Men Certa

Symantec Lies About GNU/Linux

Kent Hovind mug shot
Symantec: the Kent Hovind of security?
(mug shot of Kent Hovind courtesy of Escambia
County Sheriff's Office after his arrest)



Summary: In order to sell some products, Symantec spreads GNU/Linux fear based on misinformation

EVERY once in a while Symantec aims its FUD pistol at some innocent element of computing which Symantec claims has a problem (and Symantec of course offers a solution to this problem). We have already explained this business strategy (using examples that misuse Free software [1, 2]), which characterises many quacks and pseudo-science. That's why we put Kent Hovind at the top, for those who still wonder.



An issue which we discussed earlier today in IRC is the latest stunt from Symantec, which is probably best deconstructed and explained by Slashdot user "superapecommando" who submits:

The latest MessageLabs Intelligence Report from Symantec Hosted Services is filled with interesting and useful information regarding the current state of malware and e-mail borne threats as well as the trends over time. Of particular interest to me is the assertion in the report that "any given Linux machine is five times more likely to be sending spam than any given Windows machine."

A pretty clear case of sensationalist metrics from a company which wants to sell their hosted security solutions to Linux box admins. But one interesting thing that comes out of the story is that many of the security researchers believe that misconfigured POSTFIX and SENDMAIL installations are cloaking the actual amount of spam coming from infected Windows hosts.


Desktops that unleash vast amounts of SPAM actually run Windows and one in two Windows PCs is believed/estimated to be a zombie (either active or not). GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM. Should GNU/Linux therefore be blamed? Of course not. It's just very good at delivering mail.

“GNU/Linux drives many mail servers, so if it obeys a request from a Windows zombie, then it will deliver SPAM.”Quoting Symantec a little further from its 'report' (which assumes bogus numbers about the market share of GNU/Linux), "by calculating a ratio of spam from a given operating system compared to the market share, we can get a “spam index” which shows relative to its market share, the likelihood that a particular computer is sending spam, based on its operating system. In the current spam climate, this index shows that relative to its market share, any given Linux machine is five times more likely to be sending spam than any given Windows machine..."

Another translation was sent to us by a reader who says: "Despite a total lack of evidence and being unable to detect the source OS of spam, we conclude that Linux machines are sending more SPAM because there are less of them."

As our IRC logs will show later today (fragment posted below), there are even better explanations for that.




Techrights logo

IRC: #boycottnovell @ FreeNode: May 9th, 2010

Join us now at the IRC channel.

tessier__http://www.v3.co.uk/v3/news/2262681/botnets-exploit-linux-ownersMay 10 09:29
tessier__Someone is smoking crack.May 10 09:29
tessier__crapMay 10 09:31
schestowitzWindows is not used much for E-mailMay 10 09:31
tessier__There is something fishy about that websiteMay 10 09:31
schestowitzWhich one?May 10 09:31
schestowitzV3?May 10 09:31
tessier__Not intentionally, no. But that's what the botnets are doing with Windows: sending mailMay 10 09:31
tessier__YeahMay 10 09:31
schestowitzVNUNEt?May 10 09:31
tessier__Have you heard of v3 before?May 10 09:31
tessier__I never have.May 10 09:31
schestowitzYesMay 10 09:31
schestowitzLinux relays spamMay 10 09:32
schestowitzIt runs mail serversMay 10 09:32
schestowitzIt does what it's supposed to doMay 10 09:32
schestowitzWhich is to relay requestsMay 10 09:32
tessier__I cannot post a comment on that site. The captcha does not work. No matter what you put in there it does not accept it.May 10 09:32
tessier__Linux by default is not an open relay.May 10 09:32
schestowitzI wonder what sends those requests thoughMay 10 09:32
tessier__No distro ships their mail servers that way.May 10 09:32
schestowitzIt's spammersMay 10 09:32
tessier__it will deliver the spam to you that someone injected via a Windows box though.May 10 09:33
schestowitzThey use open relaysMay 10 09:33
schestowitzRunning Linux because it's betterMay 10 09:33
tessier__Open relays are hard to find these days.May 10 09:33
schestowitzThey get blacklistedMay 10 09:33
tessier__And spammers don't run open relays either. They don't want other spammers stealing their resources.May 10 09:33
schestowitzWhat was that list that gather IPs of spam relays?May 10 09:33
schestowitzmany services used to look it up and in 2008 it had sustainability issuesMay 10 09:33
tessier__Whenever I have investigated IP addresses that were sending me spam it was Windows boxes.May 10 09:33
tessier__There are lots of DNSBLsMay 10 09:34
tessier__And they operate quite successfullyMay 10 09:34
tessier__SORBS is one of the big ones these daysMay 10 09:34
schestowitzI can't recall the one I think about. Articles about it were widespread 2 years ago.May 10 09:34
*schestowitz creates http://techrights.org/wiki/index.php/FacebookMay 10 09:35
TechrightsTitle: Facebook - Techrights .::. Size~: 12.91 KBMay 10 09:35
tessier__There have been quite a fewMay 10 09:35
-BNtwitter/#boycottnovell-[popey] Mark proposes that 10.10 is released on Sunday 10th October 2010. Where 101010 = 42 = Meaning of Life / Universe / Everything!May 10 09:37
-BNtwitter/#boycottnovell-[nsisodiya] need a student volunteer for modifying C++ book #schoolosMay 10 09:40
*benJIman has quit (Ping timeout: 252 seconds)May 10 09:42
-BNtwitter/#boycottnovell-[popey] There will be no public ISO of #Ubuntu Light with Unity, but will be tailored specifically for OEMs.May 10 09:49
-BNtwitter/#boycottnovell-[davidgerard] From @cracked - 5 Insane File Sharing Panics from Before the Internet - http://tinyurl.com/2ubthnwMay 10 09:53
TechrightsTitle: 5 Insane File Sharing Panics from Before the Internet | Cracked.com .::. Size~: 81.74 KBMay 10 09:53
-BNtwitter/#boycottnovell-[satipera] Liberal Democrat negotiations with Labour look likely if Brown goes quickly.May 10 09:55
*narendra (~79f5e1b0@gateway/web/freenode/x-xaqdkqksysommyyc) has joined #boycottnovellMay 10 10:08
narendrawhere I can upload secrect document anonymousy ? May 10 10:08
narendrawikileaks is not working i think !!May 10 10:08
tessier__http://موقع.وزارة-الاتصالات.مصر/Default.aspxMay 10 10:16
tessier__Awesome.May 10 10:16
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovellMay 10 10:17
MinceRi'm not so enthusiastic about it.May 10 10:17
*benJIman has quit (Client Quit)May 10 10:17
tessier__Why not?May 10 10:17
*benJIman (~benji@benjiweber.co.uk) has joined #boycottnovellMay 10 10:17
MinceRbecause it allows even more domains that are difficult to type, read and compareMay 10 10:18
MinceRIDN already lets you create identical-looking but distinct domains that can confuse users trying to check whether a certificate really applies to a supposedly secure connection.May 10 10:18
MinceRdomain names used to be easy to handle (as such names should be)May 10 10:19
MinceR7bit US-ASCII should have been enough.May 10 10:19
tessier__SSL CA was broken from the beginning anyway. This doesn't make things any worse.May 10 10:21
tessier__Everyone just clicks ok regardless.May 10 10:21
tessier__Although I am curious to know how you would work that sort of thing into a bind zone file.May 10 10:21
MinceRno, not everyone.May 10 10:26

Comments

Recent Techrights' Posts

Richard Stallman 'Unveils' His January 20 Talk in Montpellier, France
It's free (gratis)
Links 19/01/2025: Gaza Ceasefire and PR Stunt by Fentanylware (TikTok), Faking It by "Going Dark" to Incite American Addicts (Users)
Links for the day
They Won't Buy Vista 11 PCs or "Hey Hi" Copilot+++++++ PCs of Microsoft (With TPM)
Windows at 8%
No Time Left for President Biden to Pardon Julian Assange
At least they tried
Total Lock-down Ambitions - Part IV - The Latest Examples and the Perils (in Summary)
For further reading take a look at Musial's nice outline
FOSDEM is Called "FOSDEM" Because of Richard Stallman (RMS)
The overlap there seems timely; yesterday RMS spoke in French-speaking (in part) Switzerland where questions in French were accepted
 
Links 20/01/2025: More PR Stunts by ByteDance and MLK’s Legacy Disrespected
Links for the day
Gemini Links 20/01/2025: Magnetic Fields, NixOS, and Pleroma
Links for the day
BetaNews Spreads Donald Trump Propaganda, Promotes Scams, and Publishes Fake 'Articles' About "Linux"
This is typical BetaNews
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, January 19, 2025
IRC logs for Sunday, January 19, 2025
[Meme] Hardware RAID and Hardware Raid
We're expecting attacks on the press in Trump's second term (no need to impress anyone for another election cycle) to be far worse than the first
What's Running on the Laptops
12 months have passed
[Meme] 404, Not Found
Kuhn: I'd like to interject for a moment, we made an alliance with the Microsoft-dominated LF to outsource projects to Microsoft GitHub and rich people gave us money to do this
Links 19/01/2025: TikTok (Fentanylware) Now Banned in the US, Convicted Felon Talks to Fentanylware CEO and Pooh-Tin About Undoing the Ban Despite the Supreme Court Unanimously Upholding It
Links for the day
FTC Realises Microsoft Buying Fake 'Clients' to Fake "Revenue" (Microsoft 'Buying' Services and Products From Itself!)
Ponzi scheme
Total Lock-down Ambitions - Part III - The Web Browser as DRM Pusher
A lot of "streaming" stuff is DRM
Video: University in Peru Honours Richard Stallman
Tomorrow, January 20, Richard Stallman speaks in France
IBM Termination Story and Information From Microsoft About Mass Layoffs
In 2 weeks of 2025 Microsoft already had 2 waves of layoffs
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, January 18, 2025
IRC logs for Saturday, January 18, 2025
Links 18/01/2025: Restoring the Great Wall of China and Economic Expansion in China
Links for the day
Guardian Digital (linuxsecurity.com) is Spamming the Web With Microsoft's Promotional LLM Slop About UEFI 'Secure' Boot (Which is Against Real Security)
This is an attack on honest journalism
Links 18/01/2025: TikTok's Endgame, "Car Freedom", and Spying in Cars 'Fines' GM (Settlement)
Links for the day
January 20: Richard Stallman Talk in Europe
evening time in Europe, around midday in the United States and Canada
Links 18/01/2025: Apple Getting Out of Hey Hi (AI) Slop (Too Much Misinformation), Chaffbots/Chatbots Try to Settle Copyright Infringement Lawsuits
Links for the day
What Fake News Sites Are Doing to GNU/Linux
The LLM slop about Linux serves two purposes
Links 18/01/2025: Microsofters Upset at Microsoft's Ridiculous Rebrands (Excuse for Massive Price Hikes), Chaffbot Company ('Open'AI) Faces More Lawsuits
Links for the day
Gemini Links 18/01/2025: Surge in Illnesses, ctags, and Gemsync
Links for the day
Slopwatch: Too Lazy to Write Real Articles, Offloading to Chatbots Instead (LLM Slop About "Linux")
The Web was already full of garbage before the LLM frenzy. Now it's even worse.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, January 17, 2025
IRC logs for Friday, January 17, 2025