What about cracked machines? [LWN.net]

What about cracked machines?

Posted Dec 18, 2003 11:41 UTC (Thu) by NAR (subscriber, #1313)
Parent article: Spam-proofing the mail system

There were some worms lately than turned the cracked computers into spam-sending machines. Would any of these proposals give a solution for this case? Or would it only make things worse (imagine that a home PC is cracked, used to send millions of spams and the owner has to pay for these spams)?

Bye,NAR

(Log in to post comments)

Yes, mostly

Posted Dec 19, 2003 0:30 UTC (Fri) by Ross (subscriber, #4065) [Link]

The cracked machines would in all likelyhood not be allowed to send email
for the domain they are in (probably an ISP's domain). Normal use would
require sending the messages through the ISP's outgoing mail server where
the user could be authenticated.

But spammers are determined people. They could develop better hijacking
tools for use on the cracked machines. Such tools might wait for the user
to authenticate against the ISP's mailserver and then inject a ton of spam.
Hopefully ISPs would rate limit outgoing mail on a per-user, or at least
per-connection basis.

What about cracked machines?

Posted Dec 19, 2003 16:24 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

That's easy. Knowing how complex computers are, no one would tolerate a micropayment system where the computer can automatically spend away his entire bank account. The micropayment system would, therefore, have built in limits. I might tell it, for example, not to let me spend more than $5 a day on sending email unless I log in and type a password or something to raise the limit.

Back in the days when computer users were charged by the resource, the computers had such budgets for the same reason: I could say, "Don't let me use more than $5 worth of disk space."

This would eliminate the incentive for crackers to hijack computers, and also create incentive for people to harden and repair their computers.