Post ImageToday was a busy day for events. This evening Dickson and I attended a presentation at the University of Alberta by Gennux Microsystems Corp., a relatively new Edmonton-based company. They make an anti-spam product called eW@LL Mail which they say is unique in that it does not use content filtering like the vast majority of anti-spam technologies. They describe the product as a messaging firewall.

The developer who wrote most of the application and started the company is Sam Wong, and he gave the majority of the presentation tonight. He seems very smart, and excited about the work he is doing. Sam led us through some reasons for why spam exists, the numbers around how much spam is sent and recieved and the dollar value for related-costs (like lost productivity), the competition, and finally the Gennux solution. Dickson and I asked a bunch of questions about the technology, trying to find ways around it, but the product does seem very solid. They mentioned some statistics about how well it works, but I very much think that it’s one of those “you have to see it to believe it” things.

We didn’t ask them how much it costs, but I would imagine it’s not cheap. If it works like they say though, it would probably be worth it. They have quite a few installations already, including a fairly high profile one with an ISP in Taiwan. It’s good to see an Edmonton software company doing so well!

Read: Gennux

One thought on “Gennux

  1. “Malclustering”(the act of infecting computing devices with code, with the intent of maliciously using their combined processing power and connectivity for profit and/or inflicting hardship upon others.

    We know that there are a large number of “zombie” Windows systems infected with applications used by the unscrupulous to propagate their activity. Carl Hutzler (of AOL Policy Enforcement) recently provided an estimate of 50-100 million such systems.

    This vast number is hence referred to as “The Malcluster”.

    What and Where are these Zombies?
    Those Zombies are on broadband, dialup, cable, DSL, wireless, all kinds of connections, all types of hardware. Some of them show up on multiple IP addresses (DHCP) and some of them show up on multiple networks (laptops). Some of them are newly-infected, others disinfected and then re-infected.

    Who Controls them and Why?
    They are the largest source of SMTP spam today, estimated at an average of 80%. But they’re used for other forms of abuse and abuse support. Some of them host spammer web sites; others probe for open proxies; others participate in Deliberate Denial of Service (DDoS) attacks targeted at corporations and Governments. They are the Terrorists and Mafia of Electronic Commerce intent on inflicting damage upon those who are not in their favor.

    What are they capable of doing?
    Consider just one possibility for a moment. Consider a DDoS attack launched by 5 million hijacked innocent hardware owners with as much network diversity as can
    be imagined. Now think about the possible defenses to that and the requirements for implementing those defenses in a workable Global environment. You should be feeling helpless which you currently are.
    Or think about this: what could you do if someone gave you a week to think about creative ways to use 5 million systems with very little chance that you’d ever be detected as the terrorist behind them? As you consider this, compare the size and distribution of the Malcluster with the size and network diversity of the Google server farm, just as a point of reference the Google network is dwarfed by the projected expanse of the MalCluster.
    There seems to be, at the moment, no reason to believe that those controlling these MalClusters will lose that control. An ongoing parade of remotely exploitable security holes in the Microsoft operating systems and applications ensures attackers an unending supply of means by which to re-acquire control of any systems that they might lose, and to acquire new systems to grow their swelling MalClusters. Just the holes mentioned on publicly accessible mailing lists like Bugtraq and Full-Disclosure are adequate to fuel the development of new MalClusters and of course I’m sure
    there are many, many more in other forums, including a lot of non-public ones.

    Can this be stopped?
    This problem became epidemic in the spring of 2003. Efforts to address it have been very limited, many owners of the hijacked systems don’t know they’re zombies working for a Malcluster; others know, but lack the knowledge necessary to remove the malicious applications from their hardware and worst of all the ISPs and Service providers have done little, if anything to end this abuse

    It’s becoming clear to me that a lot of people don’t know that MalClustering exists. If it’s anything close to being the size that has been calculated it constitutes a significant fraction of all Internet connected systems and thus, by size alone, becomes a matter of concern for everyone on the Internet. But until everyone knows about it, they will continue as if it didn’t exist, and thus expend resources on approaches to problem-solving that are doomed.

    Be best to find the real master behind this product and not the Puppet who you saw.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s