Are bandwidth caps a sneaky way for ISPs to profit from Windows malware?
Back in the 1990s and early 2000s, there was a class of malicious software called a “dialer”.
The “dialer” malware type was Windows software that either tricked the user into running it (trojan horse)with the promise of porn or something, or found its way onto the system with minimal interaction from the user, like most malware for Microsoft platforms does. When launched, the software would typically pick up the modem and dial a foreign country or a 1-900 number, and instead of blocking the call, the phone company would let it go on and on as long as they could because they could pass along the bill and share in the ill-gotten profits.
The phone companies also partook of another scheme unrelated to computers, but which I will mention because it serves to point out the general pattern I am discussing. Remember those “free” psychic reading advertisements that came on the TV? The phone company would really start billing you $4 a minute after 3 minutes. (Fun fact: The psychics were fake. (duh) According to the FBI and FTC investigations of the so-called psychics, they were using a technique called cold reading. They had script that branched out like a tree and were designed to keep the victim on the phone and racking up charges for as long as possible.) The phone companies, again, sat back and shared in the ill-gotten gains.
Now the year is 2012, and more and more ISPs are imposing bandwidth caps. They claim that users using bittorrent heavily are among the reasons they need to overcharge. In reality, most of the traffic on the internet is generated maliciously by Microsoft Windows malware doing one of three things.
Worms trying to spread and shotgunning random IP ranges with port scans to try and “get lucky” and find infectable hosts. Since most Windows users use ineffective antivirus/no anti-virus and/or don’t install their updates, this is pretty easy to do.
Botnets sending spam. Microsoft Windows malware is responsible for over 95% of the spam emails and spam instant messages.
Botnets sending tons of garbage data in a coordinated attempt to bring down a web site running Linux or a BSD, which the attacker would likely never take down in a direct attack on the server itself. In fact, it’s not even the OS that crashes due to the onslaught (unless it’s Windows Server), it’s usually just that the site’s internet connection is swamped and no longer able to fit in any real requests.
I don’t use Microsoft software, but because many people do, I am still in danger if someone decided to DoS me.
Back on point, this traffic is immense, and many people leave their computer on for a great deal of time or 24/7. So if the malware floors their internet connection, even if only while they’re away from their computer to avoid suspicion, you will overrun your cap fairly soon and the meter for overages starts running.
AT&T DSL has a cap of 150 GB. Windows malware could overrun that entire allotment in 1-2 days, and have the rest of the month operating in your overage use, which AT&T silently sends you into at a rate of $10 per 50 GB. You could spend the better part of the month paying $30 a day + your $45 monthly fee for the DSL line simply because you use Windows. (That’s a bill of over $900 for those not bothering to fire up their calculator).
Ouch. The tragic part about this is that technically illiterate people like my mother will just blame “the damned computer” like they do so often when Windows causes them problems.
If you would rather not pay for spammers to use your PC to send me spam emails might I suggest Android or a GNU/Linux distribution?
Open source software tends to be more secure. For a variety of reasons. Closed source is not just about controlling the customer, it’s also about controlling the perception of a product. Hiding source code makes it easy to cover up bugs, work arounds for bugs, security problems, and inefficient, bloated, and downright incompetent code. Microsoft does this a lot, but it isn’t just them. Apple is a false choice that is much the same.
The idea that a sucker is born every minute is not only true, it’s the only way phone companies, cable companies, psychic hotlines, malware writers, and proprietary software companies stay in business and make so much money.