Letters update from June 2003

SPAM Crackdown
Hear! Hear! I applaud Rob Preston's sensible approach to the problem of spam ("How To Contain Spam," May 15, 2003). At our organization, which has a small network of 10 machines, we filter everything through McAfee's SpamKiller, a product that is easy to deploy, configure and use.

Spam is a by-product of free enterprise, or capitalism, if you will. In an average daily newspaper, there are about 3 column inches of content for two full pages of advertisements. Why would we think e-mail would fare better? When state and federal legislators attempt to punish the spammers, they end up curtailing the legitimate business practices of ethical companies, with little or no effect on the masters of spam, who, as you point out, adapt almost more quickly than the Mediterranean fruit fly. Closing the door of capitalism to calm the ire of a few could have a much greater impact on the hopes of many.

Jeffrey D. Iverson;Owner, Iverson Software Co.
[email protected]

While Rob Preston makes some good points about the effectiveness of spam filtering, he misses some of the issues.

Filtering doesn't eliminate the problem; it merely hides it. End users may love filters' effect on their inboxes, but filters exacerbate the problem of spam clogging inbound network connections and mail server queues as they become more complex and the spammers send more and more messages in an effort to dodge them. It's an arms race network administrators are doomed to lose.AOL claims it is filtering more than 2 billion spams per day, and this number is increasing geometrically. How much money do you think this costs the company in bandwidth, server capacity, software and administration? Filtering is clearly not sufficient, and things are getting worse.

Regarding legislation, federal laws are not necessarily fated to be as ineffective as most of the state-level antispam laws, primarily because of the lack of equivalent jurisdictional issues. Also, antispam laws that include a right of private action have proved quite effective in states such as Washington. Laws that allow only government to bring action under them are likely to fail because of insufficient resources and responsiveness of government-only enforcement. An antispam law modeled on the TCPA's antijunk fax provisions would stand a much better chance of being effective.

Finally, antispam measures must correctly define spam so as to avoid the problems Preston identifies with provisions against deceptive subject lines and other content-based restrictions. The only truly useful definition of spam is "unsolicited bulk e-mail." Adding any adjective that requires making judgments regarding an e-mail's content is a legal and technical morass. It's about consent, not content.

Darren Gasser
Director of Information Systems
Company name withheld by request
[email protected]

Security Search

We've been busy doing some of the very things Peter Morrissey describes in "A Spare Is Just a Spare" (May 15, 2003). We're a Unix-only external production shop that's beginning to implement Windows servers into our production environment and see a need for remote access to our Windows server farm (we use Dell Windows servers/workstations). Do you know how Windows server farm shops handle secure remote console type access?

We are going to be "demo-ing" HP-Compaq's and Dell's KVM over IP devices, which look promising but allow for only two remote users at a time. We've examined terminal services but are wary of the security risks. Do you know any approaches to secure remote access of production-level Windows servers?

Charles E. Weeks
Systems Support Specialist
Board of Regents of the University;System of Georgia
[email protected]

Peter Morrissey responds: Consider implementing Digital V6's Kaveman 16, a recipient of one of our 2003 NetWorld+Interop Best of Show awards (www.nwc.com/1409/ 1409f4.html), which provides six simultaneous sessions. Also, check out Avocent's similar product, the DSR4160, which provides access for four simultaneous users.

Say What?

Fritz Nelson's "Speak Our Language" (May 1, 2003) is great. I was just discussing his topic with some of my peers at a recent security seminar. These days, everything is about the company and its image. When I asked several vendors at the show about their products, all they could give me were mouthfuls of three-letter acronyms that stood for some new technologies with which none of us was familiar. No one actually knew how the companies' products worked or how to use them effectively. Between all of us in attendance we had more than 100 years of IT experience (I have 18 years), and we stood there dumbfounded.

The industry has turned into one big used-car sales pitch. Everywhere I go, people are trying to sell me products. Even companies I do business with are trying to sell me something--sometimes the product I already own! It is great to see someone address this issue.

Jeffrey R. Jarzabek;IT Director
Matocha Associates
[email protected]

Tell us how you really feel. Send e-mail to us at [email protected], fax to (516) 562-7293 or mail letters to Network Computing, 600 Community Drive, Manhasset, NY 11030. Include your name, title, company name, e-mail address and phone number. All correspondence becomes the property of Network Computing.