Much of this misses the point about spam. There is spam, and there is SPAM. spam is when some jerk sends me an ad I don't want. SPAM is when some jerk uses sophisticated, illegal techniques to send a few hundred million ads a day. The most effective technique currently uses zombie spambot armies; PCs hijacked through security flaws, upwards of a million of them at any moment. Why? a) Zombie spam armies provide nearly arbitrary quantities of bandwidth and compute power to send out spam. Far more than spammers' business models could ever actually pay for. b) Zombie spam armies provide address mobility. You can't block them like you might block a legitimate site you find obnoxious. It's whack-a-mole at near light speed in a Hilbert space. The vector for these has been almost purely Microsoft Windows. People can rationalize all they want about Windows being more common or how in theory other OS's could also be hijacked but the simpler explanation is that there have been horrible flaws in Windows, including yesterday's high-prio security alert amplified by DHS (MS06-40). It's Windows. MS make tons of money off of spam. They make tons of money off of spam by not fixing their OS except at their own pace and as it fits their marketing goals to not interfere with profitable software applications which may require flaws in their OS to operate, or to operate more profitably. Their near-monopoly means no one can effectively put any pressure on them to get their act together. The best example of that is how they led every primary Windows user to always have admin ("root") privileges on by default which meant that any trick which could get any random user to run a little code could do anything, overwrite any system file, install software, whatever, without any warning or protest. This allowed the installation of software, patches, updates, spyware type programs, etc to go more smoothly and thus more profitably, more friction-free as they say in marketing. No nasty secondary passwords or scary messages like "What you are trying to do requires administrative privileges [warning text], would you like to enable them now? [OK] [CANCEL]" Let's call a spade a spade. We're not being firehosed by Mac OS machines. We're not being firehosed by Linux/FreeBSD/Solaris or other Unix variations. Etc. And it's not simply explained away by the numbers. There may be less, but there are still millions of those machines on the net. And to the best of my knowledge not a single one of them is part of a zombie spam army. I realize people react emotionally to the seeming one-sided blame this implies and feel they make the universe more fair and liveable by rationalizing some spreading of the blame no matter how nonsensical and ungrounded in reality. I realize some people make their living using Microsoft software and these harsh realities make them feel bad and make them want to soften the blow with argumentative responses. Cut yourself some slack, YOU didn't write Windows. But you know who agrees with me? MICROSOFT! Why? Look at the dozens of patches they try to put out weekly to close these holes! Look at the changes, such as moving away from ``every user has admin privs'' in recent and future releases of their OS. That's the problem. It's being worked on, perhaps too slowly to save the patient (e.g., not see the destruction of email), maybe too kid gloved with their vendors and bottom line (at the cost of ISPs et al), but let's not deny a problem that not even Microsoft denies. Plug up the major security flaws, float Windows on a Linux kernel or something (Apple did it on a FreeBSD kernel), and the problem will by and large whither and die as a major problem. Zombie spam armies running on compromised Windows systems are the spammers stock in trade. Everything else is trying to deal with the cause by treating the symptoms. -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide Software Tool & Die | Public Access Internet | SINCE 1989 *oo*