Blocking Spam and Spyware for Dummies

This was a curiosity read as somebody suggested I write a dummies book on spam since she thought one didn't exist. This book is geared for people that have little or no knowledge of the setting up anti-spam/spyware. If you find yourself asking "I need to setup and anti-spam solution and I don't know where to begin" then this book could serve as an ok place to start. This book is not for people looking for extra ideas to improve their current knowledge. I liked the idea that spam and spyware were linked together as both worlds are finding a symbiotic relationship. The first few chapters are good for the ignorant as they attempt to explain spam and spyware. There is also a chapter on the costs of spam and return on investment for setting up measures to stop it. The next chapters deal with setting up a project to evaluate and install defense measures. I skimmed them as I already have solutions in place. They might be boring for some; especially if their setup is small or it's a one man IT shop. The book seems to favor the windows world as Sendmail is only mentioned. There is no reference to spamassassin or postfix. Another aspect I liked is the fact there are discussions about security in the realm of patching, etc. Many people don't understand that security can affect spam production. Troubleshooting is rather lite. Which can be expected as such effort would be another book especially when considering what to do with malware infected machines. Some of the information is getting dated as it mentions postini as it's own company and same failed standards attempts. It has some useful Net links mentioned for getting more information. I think there could have been more but that's the authors prerogative. There are 2 appendixes dealing with a project plan and project requirements for spam and spyware filtering people might find useful. Some areas that are missing are Reputation filtering ala IronPort. There was no mention of spyware sites such as gain and the fact spyware companies are getting purchased by search engine companies and even software companies with antispyware products. It goes to show you how much can change in 3 years(book was published in 2005). Overall, it's a decent baby steps book for the ill informed.

There are some thing that you can do to fight SPAM and Spyware. But in spite of all that people are doing the problem continuous to grow. This book describes the current state of SPAM, spyware, and phising systems as of its publication date (April 22, 2005). Unfortunately there is only so much that you can do without restricting yourself so much that e-mail becomes almost impossible for you to use. In the final analysis the authors talk about filters you can install, they talk about blocking software. But in the end, it comes down to users acting intelligently and not ordering the replica watches, the viagra (half of which is not viagra but just sugar pills), the things that increase the size of various body parts. And so far there seems to be enough people ordering that the spammers keep going. I wonder why the officials in charge of this, whoever they may be, can't just follow the money. Where does the credit card get processed, where is the product shipped? If you stop people from benefiting, the spam will stop. There's probably a good reason.

The difference between this book and other books on spam published as recently as a year ago is the extensive discussion given here on phishing. The latter has grown enormously in 18 months. Earlier antispam books gave it little or no mention. But Gregory points out that while "regular" spam might or might not be fraudulent, phishing always is. He thus places it not as a subset of spam, but as a different category of malware. So while the book has a decent explanation of spam, this is indistinguishable from that given in other texts. Rather, the distinguishing feature of this book is the phishing explanation. As for what he offers for remedies, he basically says that end user education is the only answer. The book does not describe any effective, known technological solution. So the fallback policy is the user education. In contrast, our company [Metaswarm] has 16 US Patents Pending on antiphishing. Qualitatively different from anything described in the book. Which is no detraction from the book, as it provides a good summary of the public state of the art. We believe our Pendings will squash phishing.