First step is correctly to specify the system's properties.
Yours is not a technical issue but one of user negligence. You have
to build the solution around this fact.
Curative measures that have worked elsewhere are:
1-Scan every client when it accesses
2-Disconnect compromised clients or route only to a warning page
allowing access only to your tech support
3-First cleanup and advice to owner of compromised machine on how to be
a good internet member is free; second costs $100; third results in
permanent discontinuance of service and refusal to accept back as
a client.
These measures will fix your problem.
Jeffrey Race
>I am looking for ideas to stop the spam created by compromised Windows
>PC's. This is not about the various worms and viruses replicating but
>these boxes acting as open relays or open proxies.
>
>There are valid reasons not to run antivirus software, coupled with
>clueless users, this results in machines that SPAM again just a few hours
>after having been cleaned.
First step is correctly to specify the system's properties.
Yours is not a technical issue but one of user negligence. You have
to build the solution around this fact.
I don't agree with this. It's almost impossible to "secure" windows machines.
Even applying all patches as soon as they come out doesn't make sure you
are "safe". Given, this applies to all operating systems, but the rate of windows
patches is sure to throw users into a state of "this is impossible to keep up".
I've seen machines become compromised even when fully patched only to
realize what happened when the next MS patch came out - just look at how
long it took MS to fix the ASN.1 issue.
We can't continue to blame end users for negligence but also keep delivering
crappy software to them. Why not blame Microsoft? Why not blame legislation
for allowing vendors to deliver insecure applications and systems?
Curative measures that have worked elsewhere are:
1-Scan every client when it accesses
What are you going to scan for? Specific ports or all ports? That's going
to take awhile and who knows what's going to happen to the guy on the
other line. Keep in mind that the current spam proxies do not listen on
fixed ports and they change quite often. While you scan the proxy app
may even move from an unscanned port to a scanned port. So a client
you though secure is not.
Rgsd,
-GSH