The Fight Against Zombie PCs

SpamAssassin’s Justin Mason comments on a talk by one Joe St. Sauver about the Spam Zombie Problem. Joe has some good points, but I’m afraid his proposed solution?a government-issued, free cleanup disk to be applied to infected PCs?won’t cut it.

Joe even contradicts himself in his slide show: first he assesses that the average owner of an 0wned PC does not have the motivation, or wherewithal, to clean up their infection, they are unwilling to pay to have this done and ISPs can’t be expected to help out their users since it’d take hours to properly clean up a zombie PC. However, a cleanup CD to me seems not only a hard sell to the general public, but it also looks like something easily obtained by the bad guys, who can then code around it. Malware can be updated in minutes through its natural distribution medium; good luck updating a stock of CDs sitting at every post office and library.

Nevertheless, Joe makes some interesting points such as:

  • The vast majority of SPAM e-mail is now delivered through virus-infected PCs (zombies) owned by the general public
  • Said general public has no compelling interest in cleaning up their machines
  • The zombie PC problem is out of control
  • This is a world-wide issue
  • Something needs to be done

However, what can we do about this? I agree with Joe that rate-limiting e-mail from consumer PCs and cutting off their direct-to-MX SMTP path is not enough. I don’t use AOL, but I’m sure their widely advertised move to make antivirus software available to their customers for free is in their own best interest. The $250 tax credit Joe proposes seems to me merely a shot in the arm for Dell and Microsoft… especially the latter would love to see the masses upgrade to Vista forthwith. Speaking of which, what exactly does Vista bring to the table in this regard?

Be Sociable, Share!

1 thought on “The Fight Against Zombie PCs

  1. Probably while the idea with CD looks a bit bulky it is possible to create free online service for everyone who wants to download the software and clean their PC.

    But why anti-virus vendors are sleeping if it is so easy?

Comments are closed.