[SpamCop-List] Re: Chris Rock Spam Solution

[Sofa King Tyred of Lar Ting]

Miss Betsy wrote:
> "Bucky" <spamcop at bucks.f9.co.uk> wrote in message
> news:cvlm9q$jm4$1 at news.spamcop.net...
> 
>>"Mike Easter" <MikeE at ster.invalid> wrote in message
>>news:cvl0si$4r4$1 at news.spamcop.net...
>>
>>>Once we get the licensing in place so that some responsibility
> 
> can be
> 
>>>'enforced', we start making some rules about abusive email
> 
> behaviors by
> 
>>>licensees.  That enables 'us' to 'force' ISPs to enforce
> 
> behaviors on
> 
>>>their clients, such as fools.
>>
>>But who would decide what is abusive?
> 
> 
> It couldn't be based on criteria that measured abusiveness.  It can
> be measured on internet protocol and competence of the server
> admin.  Allowing oneself to be infected by a trojan is not
> competent.  

I agree 100% about licensing server admins.

But Joe or Jane User who buys a PC from TigerDirect with no virus 
protection and/or no security updates and hooks it up to the Internet is 
not a server admin. If he's able to be a server admin (running a mail or 
web server, for example), then it's the ISP's fault for not enforcing 
the rules (most ISPs don't allow you to run servers on a non-business 
connection).

Perhaps there needs to be a law that says everyone has to have the 
proper configuration of a PC (much like cars must pass inspection to be 
on the road). This would prevent a lot of spam today, since 80% of spams 
(according to many figures) are coming from compromised (Trojan horse) PCs.

However, if I want to use my well configured PC to gamble in an 
off-shore casino via Internet, or buy on-line medications, etc., I don't 
think it's right to single me out as an "abuser" because I am fueling 
the spam fires on the Internet (which was what this thread started off 
implying). Like Mike said, *I* am not a consumer of these products!

The success of the Internet is based on the ease of use and 
accessibility, much like any publicly available infrastructure 
(telephone, library, public transportation, swimming pools, etc.). 
Software architectures and designs that allow new variants of viruses 
and worms to be produced each day, is a problem that's bigger than the 
end-user incompetence. This is NOT any one company's fault -- software 
is too complex for today's engineering practices, especially regarding 
security. I can see blaming the "incompetent" end user, since many on 
this group are educated and realize that installing anti-virus and 
educating ourselves is a good solution that we have control over. 
However, that's not where the blame truly lies.

I don't agree that everyone who connects to the Internet should need to 
know what a virus/Trojan, spyware, etc. is. The phone system today is 
pretty secure (not accounting for Cell Phones and the new wave of 
viruses to come). One doesn't need a license to use the phone or send a 
fax even. Abusers of the phone system are easier to track down and stop, 
since it's well designed (and more importantly, much simpler than the 
Internet).

With respect to licenses, cars and roads are designed to prevent users 
from doing foolish that can hurt themselves and others. I can 
responsibly drive a car (theoretically) without having to know what a 
pot-hole is. The infrastructure providers have a responsibility to 
prevent/fix pot-holes. Drive on a German autobahn at 180+ km/h and you 
will know what a good road is. If accidents happen because people hit 
pot-holes, I don't think you can blame it on the "incompetence" on the 
drivers completely.

 > Not using established ways of preventing spam is
> irresponsible.  Licensing means enforcing a level of competence.

Yes, one needs a driving license to use a car. This is because 
manipulating a 1.5 ton vehicle inappropriately can cause physical 
damage, *and* designing roads to prevent damage from "non-licensed" 
users would not be cost effective. Licensing (and policing) must also be 
done. Actually, public transportation gets you from point a to point b 
usually, and a user can't really cause an accident by "incompetence". 
You don't need a license to ride a bus.

In my opinion, it's the ISPs that are the incompetent and irresponsible 
ones for not blocking zombie-infected PCs quickly enough, or allowing 
PCs that are improperly configured to connect to their networks. They 
have more power and education than their customers. There is not an 
obvious economic interest in it for the ISP, and there are no laws that 
say they must do these things. So, it takes the other "drivers" on the 
ISP to complain to them about it.

Some network admins, at US government research facilities for example, 
check out the configuration of a machine before it can be connected. I 
was a contractor for the US govt for a while. My company provided the 
PC, the software, etc. But the govt sysadmins installed it and I didn't 
even have the right to change the system clock or install the latest 
WinZip or change my signature in my email client (it was Windows NT, 
locked down pretty tight). During the time I was there (2000-2001), 
there were no problems with viruses, Trojans, etc. on the Windows 
machines. Security was taken very seriously.

ISPs know that they'd lose a lot of money if they worked that way. 
Requiring end users to have licenses would have the same effect (not 
economically viable).

I think that using a piece of software, be it an email client, an home 
PC's OS, a game, whatever, should NOT require a license, if it was 
designed for an end-user like a phone is designed.

A person who rides the a bus or a train has to follow some basic 
etiquette - not holding the doors open, not playing loud music, not 
eating - to respect others. He can be fined if he doesn't respect those 
rules. Generally, there's not much such a user can do to cause big 
problems in the system.

But if he could cause major problems, such as other buses to be late, or 
even crash, because of his "incompetence", then there's a problem with 
the design of the system.

The responsibility is on the software designers and the infrastructure 
providers to make it so that "regular" users aren't required to be 
experts. End users have a responsibility to follow the proper etiquette, 
and perhaps have a PC that's fit to be on the net, although the latter 
should be controlled by the ISP.