I’m not one to be alarmist about things, but I was reading a CNN article entitled E-mail providers: unplug spam-sending PCs wherein they talk about how AOL, Yahoo, Earthlink, Microsoft, Comcast and BT Group have all agreed to a proposal whereby PCs would be disconnected from the Internet if they were the source of spam.
Doesn’t sound too bad (particularly since I’m getting about 1000 spam/day now), but you need to remember that most of the PCs that now send out spam are slave systems, not computers owned by spammers themselves. So the scenario that keeps playing out in my head is that I get a phone call from a colleague who complains “I can’t send any email! I called Comcast and they say I’m a spammer and they refuse to let my system connect!”
Worse, it’s only inevitable that the spammers who are infecting otherwise innocent computers with malware viruses that act as sureptitious spam broadcast systems that they’ll decide to have the virus figure out when the PC is being throttled down (or shut off) and then have the virus morph into something more malicious. Sort of a “thanks for letting me ruin your Internet experience, now let me ruin your entire computer as I fade into the twilight.”
If you think this isn’t very likely, realize that some of the biggest virus attacks in the last few years are these spam broadcast applications. For example, SoBig.F is described as:
“The sixth or “F” version of the SoBig infection disguises itself in e-mails which once opened scan a computer for e-mail addresses before sending scores of messages to the addresses it collected via its own built-in sending program”
So what’s to be done? Well, perhaps instead of these major ISPs shutting off computers, they could be a bit more proactive about helping people find and eradicate these viruses. What if everyone who was a subscriber to AOL/MSN/Earthlink, etc received a CDROM that was a free version of Norton Antivirus and some spyware removal software? Then the companies could logically and reasonably refuse connections to computers that aren’t running the antivirus software simultaneously.
That’s what most bothers me about this entire story and the thinking behind it: that the victims of these digital terrorists (the spammers and virus writers) are the ones that are going to end up stuck in a corner, unable to connect to their ISP and having not a clue what’s going on and how to fix it.
Indeed, maybe a free update to Microsoft Windows that included strong and capable anti-virus software would be another step in the right direction.
But to penalize the very people who are just starting their journey onto the Internet, the ones who are least technologically savvy? That’s a bad solution in my eyes. What do you think?