[SpamCop-List] Re: Chris Rock Spam Solution
Sofa King Tyred of Lar Ting
nobody at devnull.spamcop.net
Fri Feb 25 13:54:13 EST 2005
Miss Betsy wrote:
> "Bucky" <spamcop at bucks.f9.co.uk> wrote in message
> news:cvlm9q$jm4$1 at news.spamcop.net...
>>"Mike Easter" <MikeE at ster.invalid> wrote in message
>>news:cvl0si$4r4$1 at news.spamcop.net...
>>>Once we get the licensing in place so that some responsibility
> can be
>>>'enforced', we start making some rules about abusive email
> behaviors by
>>>licensees. That enables 'us' to 'force' ISPs to enforce
> behaviors on
>>>their clients, such as fools.
>>But who would decide what is abusive?
> It couldn't be based on criteria that measured abusiveness. It can
> be measured on internet protocol and competence of the server
> admin. Allowing oneself to be infected by a trojan is not
I agree 100% about licensing server admins.
But Joe or Jane User who buys a PC from TigerDirect with no virus
protection and/or no security updates and hooks it up to the Internet is
not a server admin. If he's able to be a server admin (running a mail or
web server, for example), then it's the ISP's fault for not enforcing
the rules (most ISPs don't allow you to run servers on a non-business
Perhaps there needs to be a law that says everyone has to have the
proper configuration of a PC (much like cars must pass inspection to be
on the road). This would prevent a lot of spam today, since 80% of spams
(according to many figures) are coming from compromised (Trojan horse) PCs.
However, if I want to use my well configured PC to gamble in an
off-shore casino via Internet, or buy on-line medications, etc., I don't
think it's right to single me out as an "abuser" because I am fueling
the spam fires on the Internet (which was what this thread started off
implying). Like Mike said, *I* am not a consumer of these products!
The success of the Internet is based on the ease of use and
accessibility, much like any publicly available infrastructure
(telephone, library, public transportation, swimming pools, etc.).
Software architectures and designs that allow new variants of viruses
and worms to be produced each day, is a problem that's bigger than the
end-user incompetence. This is NOT any one company's fault -- software
is too complex for today's engineering practices, especially regarding
security. I can see blaming the "incompetent" end user, since many on
this group are educated and realize that installing anti-virus and
educating ourselves is a good solution that we have control over.
However, that's not where the blame truly lies.
I don't agree that everyone who connects to the Internet should need to
know what a virus/Trojan, spyware, etc. is. The phone system today is
pretty secure (not accounting for Cell Phones and the new wave of
viruses to come). One doesn't need a license to use the phone or send a
fax even. Abusers of the phone system are easier to track down and stop,
since it's well designed (and more importantly, much simpler than the
With respect to licenses, cars and roads are designed to prevent users
from doing foolish that can hurt themselves and others. I can
responsibly drive a car (theoretically) without having to know what a
pot-hole is. The infrastructure providers have a responsibility to
prevent/fix pot-holes. Drive on a German autobahn at 180+ km/h and you
will know what a good road is. If accidents happen because people hit
pot-holes, I don't think you can blame it on the "incompetence" on the
> Not using established ways of preventing spam is
> irresponsible. Licensing means enforcing a level of competence.
Yes, one needs a driving license to use a car. This is because
manipulating a 1.5 ton vehicle inappropriately can cause physical
damage, *and* designing roads to prevent damage from "non-licensed"
users would not be cost effective. Licensing (and policing) must also be
done. Actually, public transportation gets you from point a to point b
usually, and a user can't really cause an accident by "incompetence".
You don't need a license to ride a bus.
In my opinion, it's the ISPs that are the incompetent and irresponsible
ones for not blocking zombie-infected PCs quickly enough, or allowing
PCs that are improperly configured to connect to their networks. They
have more power and education than their customers. There is not an
obvious economic interest in it for the ISP, and there are no laws that
say they must do these things. So, it takes the other "drivers" on the
ISP to complain to them about it.
Some network admins, at US government research facilities for example,
check out the configuration of a machine before it can be connected. I
was a contractor for the US govt for a while. My company provided the
PC, the software, etc. But the govt sysadmins installed it and I didn't
even have the right to change the system clock or install the latest
WinZip or change my signature in my email client (it was Windows NT,
locked down pretty tight). During the time I was there (2000-2001),
there were no problems with viruses, Trojans, etc. on the Windows
machines. Security was taken very seriously.
ISPs know that they'd lose a lot of money if they worked that way.
Requiring end users to have licenses would have the same effect (not
I think that using a piece of software, be it an email client, an home
PC's OS, a game, whatever, should NOT require a license, if it was
designed for an end-user like a phone is designed.
A person who rides the a bus or a train has to follow some basic
etiquette - not holding the doors open, not playing loud music, not
eating - to respect others. He can be fined if he doesn't respect those
rules. Generally, there's not much such a user can do to cause big
problems in the system.
But if he could cause major problems, such as other buses to be late, or
even crash, because of his "incompetence", then there's a problem with
the design of the system.
The responsibility is on the software designers and the infrastructure
providers to make it so that "regular" users aren't required to be
experts. End users have a responsibility to follow the proper etiquette,
and perhaps have a PC that's fit to be on the net, although the latter
should be controlled by the ISP.
More information about the SpamCop-List