Saturday, Jun 28, 2008
Bill Gates said junk e-mail would be history by 2006. His prediction's being buried by an avalanche of Viagra ads and Rolex pitches -- and his company's policies are a big reason why.
Jan 19, 2005 | It was one of those unscripted moments that Microsoft's public-relations handlers probably wish they could have back. Speaking at a January 2004 conference in Switzerland, Microsoft chairman Bill Gates boldly predicted that "spam will be solved" by 2006.
But with 346 days remaining on that prognostication, spam still comprises over 60 percent of e-mail traffic. Microsoft is now backpedaling on Gates' vision of a spam-free near future. A spokesperson said last week that the company's goal is to help "contain" the spam problem by 2006.
Yet, according to many experts, Microsoft remains as much the root of the spam problem as the key to solving it.
Most junk e-mail today emanates from Windows computers that spammers have hijacked and turned into spam "zombies" using security holes in Microsoft's operating system. What's more, Microsoft is blamed for wrecking efforts this past summer to create e-mail authentication standards. The company also stands accused of trying to neuter state anti-spam laws. And Microsoft has yet to win a lawsuit against a major spammer.
A P.R. representative from Microsoft stressed that "there is no silver bullet" and that "it will take a combination of advanced technology, industry cooperation, user education and enablement, effective legislation and targeted enforcement against illegal spammers to significantly reduce and solve" the problem of spam. But with its huge installed base, deep pockets, marketplace clout and technology prowess, Microsoft is in a unique position to eradicate junk e-mail.
If, that is, the company has the will to do so. Microsoft says that it is working on new technologies that will help reduce spam, and denies that it is in any way responsible for the floods of junk mail coursing across the Net. "Spammers cause spam," says Microsoft.
But a review of what Microsoft is actually doing suggests that the company isn't pursuing the problem as vigorously as it could. Before Microsoft can make good on Gates' prediction, experts say, it must first stop worrying about what's good for its business, and concentrate instead on what's best for the Internet as a whole.
To hide their tracks, spammers have always misappropriated the computers of innocent third parties. But the rise of Windows zombies is arguably the gravest problem facing spam opponents today. By one estimate, over 60 percent of junk e-mail now originates from home PCs that spammers have commandeered with the help of virus writers and hackers.
With an ever-growing arsenal of Windows zombies under their control, spammers can evade some spam filters, which have trouble keeping current lists of the addresses of known zombie systems. What's more, spammers have used their networks of zombied computers to launch denial-of-service attacks on sites operated by blacklist services and other anti-spam organizations.
Solve the Windows zombie problem, and you're well on the way to eliminating spam, say the experts. And who better to provide a solution than Microsoft, which created the problem in the first place by shipping buggy software?
Two weeks ago, Microsoft released a free tool for detecting and removing infections caused by a handful of Windows-based computer worms and viruses. But some security experts say the company still hasn't adequately addressed the underlying security vulnerabilities exploited by such malicious software.
"Microsoft needs to lock down Windows so that rogue programs can't convert PCs into zombies or hijack applications to do spamlike things," says Richard Forno, a security consultant and commentator.
Yet Microsoft effectively created a ghetto of potential spam zombies last year when it refused to allow users of pirated versions of Windows to install a significant security update known as Service Pack 2 (SP2).
According to John Levine, chairman of the Anti-Spam Research Group, Microsoft acts as if guarding its software against piracy is a more significant issue than protecting users of unpatched Windows systems against worms and hackers.
"Microsoft, of course, has no responsibility to people who've stolen their software, but the security holes don't affect the user of the infected computer as much as they do the zillion recipients of the spam and worms that it emits," says Levine.
Levine's recommendation: Microsoft should give away security upgrades to unauthorized users of Windows, even if doing so undercuts the firm's campaign against software piracy.
Deterring the creation of new spam zombies would be a huge victory, says Joe Stewart, a security researcher with Lurhq. But he believes Microsoft also ought to go even further and hunt down the hacker-spammers who use existing zombies.
To accomplish this, says Stewart, Microsoft should build a network of decoy zombies, with the aim of attracting the miscreants who scan the Internet for compromised computers and send spam through them.
"Feed [the information] to the legal team that sues spammers," says Stewart.
What of Microsoft's legal team? They've kept the company intact despite antitrust lawsuits. They've protected Microsoft's intellectual property with countless patents. They've helped convict software pirates around the globe.
So when will Microsoft's lawyers get a big court decision against a major junk e-mailer?
In recent years, Microsoft has filed scores of lawsuits against spammers large and small. But unlike competing Internet service providers America Online and Earthlink, Microsoft can't claim any big trophies yet.
Get Salon in your mailbox!