Friday 6 October 2006

Lyris or Lie-ris? Suspect Spam Stats. for False Positives

I see Lyris claims that Gmail's spam filters cause 3 percent false positives and they used to cause 44 percent earlier this year. What rubbish. And how sad that a major IT news outlet regurgitated them so uncritically.

There's no way that a real Gmail user is seeing that kind of FP percentage, no matter how they legitimately measure it (and there are several ways used, depending on whether you'd prefer to publish a tiny number or a big, scary number).

My estimate of Gmail's FP performance is about 0.01 to 0.02 percent. That's based on roughly one per week, and measured as a proportion of total email hitting the spam filter.

Reading between the lines of Lyris's report, they're only measuring as proportion of inbound marketing email, which might explain why the headline figures are so high.

Frankly, these crazy numbers cast doubt on the rest of the statistics presented in this report. Lyris clearly has an agenda here -- to instill FUD in the minds of direct marketers so that they'll sign up to Lyris's services. That's nice...

Sadly, ZD were taken in by these shenanigans and presented the figures as an "IT Fact"

Thursday 5 October 2006

Vista Software Protection Platform disables Windows Defender

Let's see if I have this straight. In its ongoing effort to thwart pirates, Microsoft is going to prevent its anti-malware bits from working on a PC running pirated Windows Vista? Sez Computerworld:

Customers who decline to or cannot successfully validate their copy of Vista during installation will be blocked from using certain features [including] Aero ... ReadyBoost ... and Windows Defender, which protects against viruses and spyware.
So it's fine for PCs running pirated versions of Vista to spew spam and malware into my inbox? Stupid, stupid, stupid...

Tuesday 3 October 2006

ISPs Should Fix the Zombie Problem

Zombies are a big problem, but ISPs are in a unique position to fix the problem and should be motivated to do their part. ISPs can detect when one of its customers' PCs starts sending spam, either by outbound content control or by spotting an unusual spike in volume. ISPs may even be able to detect the earlier signs of infection, such as connection to an IRC channel used to control the bots.

When an ISP detects a zombie, it should immediately prevent that subscriber from sending email. It should make contact with affected subscribers and help them clean up their machines. If necessary, ISPs could cut off all Internet access for those subscribers, moving them into a Web "walled garden" -- this would force subscribers to see a web page alerting them to the problem and giving instructions on how to clean up their PC.

ISPs should be proactive in quickly fixing such problems. ISPs may need to modify their Terms Of Service, to contractually allow them to take these actions -- but take them they should, for the sake of their business.

If ISPs don't fix such problems, their reputation and the reputation of their customers may be damaged. The anti-spam industry has woken up to the fact that reputation is a good way to filter incoming SMTP connections, without the expense of content scanning. As this view becomes more prevalent, ISP customers won't want to be associated with an ISP that takes a cavalier attitude to their reputation and that of their customers.