[Dshield] Firewall spam reduction link?

Aaron Lewis aaron at adldatacomm.net
Wed May 25 19:32:18 GMT 2005


I'm going to go out on a limb here and make a statement which I believe in.
Any AV / SPAM blocker that's free is worth exactly that, 0. Now having said
that there are a couple very good Anti - Spyware product which are free. I
highly recommend Lavasoft's Ad-Aware and MS Anti-Spyware. I think we'd all
be interested to know which products are being or were being used.

If you're using a free AV product it probably IS spyware. I specifically
have experienced that with the free version of AVG. They tell me AVG Pro is
an excellent product but after my experiences with the free version AVG will
never be installed on anything I manage. I certainly don't mean to single
out AVG, it's just an example.

In today's world a single AV product and a SPAM filter aren't enough. I
recommend a serious AV product, maybe 2, a real firewall (hardware), and at
least 2 spyware detection products. As far as pop-up's go, the pop-up
blocker built into Windows XP seems to help. I also use the Google Toolbar
which blocks more pop-up's than any other product I've seen.

In regards to SPAM I utilize Spam Assassin on the mail server, SPAMNet from
Cloudmark installed in Outlook, and I have written my own filtering rules.
Any mail with ! @ # $ % ^ & * ( ) / \ > < ~ ` + = - in the subject line is
SPAM period. Now I have had to white list a few senders like eBay who always
put a ! in the subject but after the first week of adjustment this has
worked out well.

Use the tools and use them frequently. The Internet is a dangerous place.
You may want to take a look around www.adldatacomm.net for a few more
security tips.

ADL

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]On Behalf Of Kenneth Coney
Sent: Wednesday, May 25, 2005 10:59 AM
To: list at lists.dshield.org
Subject: [Dshield] Firewall spam reduction link?


For a year or so I have had a well known firewall/AV program from a well
known US company on this machine.  I have been getting about 340 spam
emails a day.  View of IPs show they come from all over the world, and
they are also in lots of different languages.  I never suspected any
connection.  The embedded spam' filter does a fine job of flagging spam
and putting it in the trash box.  One of the annoying things about this
software package is every so often some module or another goes bad
here.  I will suddenly discover I am unable to enter the advanced screen
to tweak a firewall rule (java script error), or most recently a
download will just refuse to install even if when I refreshed the live
update and followed all the delete in documents advice on the companies
site.  I usually wind up uninstalling and reinstalling to fix the
problem.  I think it has been about four or five times in two years I
have had to do so. Of course after each reinstall then it is necessary
to go online with the dial up and download 16 to 30 megs of update
files.  A very slow process w/o broadband.    This is a one man shop and
no money is being earned when I sit in front of the computer waiting for
download prompts.  I have also been annoyed for a long time by the
software firewall/AV package's insistence on automatically downloading
url updates and spam updates even though parental controls are off.
Anyway this week the program displayed indications of yet another
internal malfunction.  I refused to kill a day reinstalling and updating it.

Instead this weekend I downloaded a free firewall from a competing
foreign company and then deleted the existent firewall package.  Okay, I
killed most of a day on that install, doing the updates and setting up
the rules configuration.  I figured, why not?  Either way I would lose a
day.  Incidently the updates were much smaller as there is no parental
censorship of urls embedded in the free program and no spam controls
either.  Setting up or installing a filter is up to the user.

It has been four days now.  No major problems noted, but that is not the
point of this writing.

What is really amazing to me is, this morning (and yesterday, and the
day before and the day before that) when I log on instead of seeing the
usual 200+ spam emails in my trash box, I am seeing about 40.  Instead
of having a 120 or so pop up during the day, I get maybe 10.  Something
major has changed.  Two choices.  1) This weekend there was a major
crackdown world wide on Spam boxes which no one has heard about.  2)
Something about the former firewall program attracted spam.  My machine
is masked with both programs according to Gibson's Shields Up (I know,
but hey, it is fast, and it is free).  My experience leads me to suspect
a certain well known US software manufacturer has a major security issue
of their own.  Probably in their auto update server.  Something along
the lines of, what is the current email address of your customer, thank
you, now sending.  Comments?


-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list