I am not sure how to take this post over at Slashdot: Gates’ Resolve in Bringing Spammers to Justice. I think any major legal action (and a hundred plus lawsuits should be considered a major legal action) is a positive step for the anti-phishing movement, but I don’t think Microsoft is to blame for the epidemic. It seems some of the posters in the above referenced post agree, while others are still miffed. I want your opinion.
Yes, Microsoft products (particularly IE) are susceptible to spyware/adware/malware exploits, and more than others. But Microsoft has been quick to fix problems with issues in Outlook, and their Entourage product (which I use exclusively) is very effective at weeding out both generic spammy offerings as well as some phishing attempts I have seen come in (see A Gem in Entourage). And yes, flaws in IE may make it easier for phishings to redirect folks to fake sites, but using another browser is so damn easy I am surprised people still bitch about IE; browsers are free, for goodness sakes – there should be little reason to piss and moan.
Lets keep in mind a couple of other things.
First, phishing attempts are often much less obvious to server side Bayesian spam filters, but as sys admins tweak rules to that effect, many of the more obvious ones will disappear. And these phishing attempts are not isolated to Microsoft products, nor Microsoft in general. I have seen more attempts targeting eBay, Paypal, SmithBarney, and Washington Mutual. That is because these folks handle money and diverse products – Microsoft doesn’t. In addition, of the list above, only eBay uses Microsoft servers (if I am wrong there, just let me know, and I will make the appropriate corrections). If anything, Microsoft is the victim of more abuse from generic spam targeting bootlegged software.
Next, Microsoft is setting an example by going after phishers who replicated their sites for malicious purposes, and they are attacking the phishing “value chain” from top to bottom. This is a good thing, regardless of who is to blame. If the other victims jump on the bandwagon, as I suggested they do in Microsoft Phishing Lawsuits, the economic advantages of such fraud are going to wane, and the phishing attempts along with it. Meanwhile, folks like eBay using Microsoft products should see ancillary benefits as well.
Again, I am not sure how relevant some of the comments over at Slashdot are, but I am looking for your views on the matter.