[Mimedefang] Viruses: Bounce or Discard?

[Ben Kamen]

Well - hmmm... so I would blame my mom/dad and charge her/him $0.10 for 
every virus they send out because some script-kiddie wrote malware on a 
platform from a company that's known for thumbing up their nose at the 
concept of security.

Too bad we can't charge back M$ with the problem in terms of wasted 
bandwidth. I think if we were fair and charged it per byte against the 
charge for a line's given monthly bandwidth, it would add up to some 
real party money.

As for poor Dan Geer... that boy needs a job! And something does need to 
be done about licensing schemes from software companies.

I'm not one to say that people don't make misteaks (grin)... but I think 
M$ abuses the priveledge as so many critics have said.

But blaming the user for using an OS they almost "have" to... that's 
tough. There is a responsible party.. I just don't think it's the end user.

  -Ben

David F. Skoll wrote:

> On Mon, 29 Sep 2003, Jeremy Mates wrote:
> 
> 
>>The ISP dutifully bounces the malware at the forged sender,
>>
> 
> I used to advocate bouncing viruses, but now I've crossed over to
> the "discard" viewpoint.
> 
> However, my absolutely preferred way to handle viruses would be:
> 
> 1) Do a WHOIS lookup on the sending relay's IP address
> 
> 2) Send a complaint to the contact point for the netblock containing the
> relay.  (Unfortunately, doing this properly is difficult and time-consuming.)
> 
> This would p*ss off ISP's, which would cause them to get tough with
> users who propagate viruses.  I believe that ISP's should write into
> their terms of service that users will be liable for 10 cents for each
> and every virus transmission from their machine.  This isn't
> censorship; it's merely charging different rates for different
> "classes" of e-mail.  It also pushes the true cost of viruses onto
> those responsible (people who run M$ software in spite of warnings
> from the likes of Dan Geer and Bruce Schneier.)
>