Dear ISP, it's time to quarantine your malware-infected customers
Summary: In a perfect world, you will not just get a notification from your ISP about your participation in a botnet, you may easily get "quarantined" until you meet certain "security awareness" requirements combined with proof that you're no longer infected.
Are you infected with malware, that is unknowingly wasting your bandwidth to spread more malware/spam and phishing attacks, in fact even host the majority of these?
In a perfect world, you will not just get a notification from your ISP about your participation in a botnet, you may easily get "quarantined" until you meet certain "security awareness" requirements combined with proof that you're no longer infected.
What's the current international attitude towards this approach? What are the pros and cons of such an action taking into consideration? What do key security experts and cybercrime fighters think about it? Let's find out.
In a MAAWG survey released in 2010, 65% of the users blamed their ISPs and ESPs for the spread of computer viruses, fraudulent emails spyware and spam in general, followed by antivirus vendors. Most recently Microsoft proposed a pubic health model for Internet-connected PCs :
“If a device is known to be a danger to the Internet, the user should be notified and the device should be cleaned before it is allowed unfettered access to the Internet, minimizing the risk of the infected device contaminating other devices or otherwise disrupting legitimate Internet activities,” Charney declared.
The proposal once gain puts the spotlight on Internet Service Providers.
An Internet Service Provider is in the unique position to make change. The thing with ISPs from my perspective is that, even though they are in the best position as a distribution channel to monetize and offer (security) value to their customers as a service, the majority are not tailoring their propositions using the right technologies.
There's no shortage of solutions, and even though some ISPs claim they need a decent incentive to offer security services -- besides common sense since it's their network's reputation at stake and the potential revenue increase -- I think that offering their customers the wrong choice is even worse. In Australia, for instance, ISPs are offered a voluntary code of conduct aiming to limit Internet connectivity to malware-infected customers. Germany has been doing that for years using the "walled garden" concept, and though the German Anti-Bot Initiative.
If only would an ISP's marketing folks realize that the right security-as-a-service proposition, can be their most valuable asset in the overall differentiation strategy, meaning happy customer and a socially-oriented ISP with industry credibility for truly caring about its network reputation/customers.
Let's consider the competitive advantages and disadvantages from business perspective when quarantining the customer of a particular ISP. If a random ISP decides to participate, but the rest don't, ISP becomes less competitive as the only thing that the end user cares about is his access to the net, which he's not prevented from accessing. However, a clean backyard means better network performance and a socially-oriented attitude that every major ISP should have already established.
What ISPs should do is reposition themselves as socially oriented company, and migrate from being a reseller of antivirus software to actually educating the end user before and in between offering him Internet access. From disconnecting and alerting malware-infected customers, to quarantining them and educating them efficiently through a standard security awareness course in the form of a game, or simple educational questionnaire.
It's time for a change, a radical one.
Of the three approaches, quarantining, disconnecting, or alerting, which one do you think is most feasible when dealing with botnets?
What do you think?
Talkback.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Dear ISP, it's time to quarantine your malware-infected customers
RE: Dear ISP, it's time to quarantine your malware-infected customers
Perhaps what would be best is for an ISP to initially offer a "Secure Domain" where traffic in and out as well as the users system are state-fully scanned. Users are warned not to open Quarantined "Known-Infected" pages or e-mail. If they do they use up credits toward a limit which gets them sent back to the "Unsecured Domain".
Finally "People change their behavior because they want something". If they do not receive any personal value from the "Secure Domain" they will not use it!
It's voluntary, proportional and already deployed as an effective technology by many corporate IT departments.
Right and wrong.
Here is where you were right:
"Failing to "manage" your "business" usually ends up in "regulation" and or loosing your job."
You were wrong on your other ideas. First off, the whole "secure domain" idea is screwball. What you are suggesting is not just a security measure to cut back on security problems, your also inflicting a punishment. And when it comes to inflicting punishment your obviously taking the same viewpoint the vast majority take...that is right up to the point where the punishment is going to be inflicted on you or someone you care about. Trust me, I know of what I speak.
Punishment always sounds great, the more the merrier when its not being inflicted on you. Keep in mind, while many of these infections do occur due to repeated poor or even reckless on line behavior, there is also a great deal of it that comes about by accident or uninformed behavior. In many cases it will not really merit punishment of any sort, quite often the person is as much a victim as anyone. People who say who cares are just people who hasn't had it happen to them yet.
Secondly, what effectiveness is such a plan guaranteed to have? Count on not much of a guarantee at all. First off, count on the hackers working to find a way to circumvent the whole secure domain idea. I'm not going to make any claims about how likely they would be able to accomplish it, but if there is anything that they could do at all, they would eventually do it. And after, there isn't much that guarantees that once back into the unsecured domain they wouldn't fall back into the same problem in short order. In short, more then anything it might actually amount for the most part as a punishment against thousands and thousands of users without stopping a whole lot of security problems in the long run.
Thirdly, if an ISP decides to pull this on someone then the first thing the majority of users would do is change ISP's. Now if your going to have a built in way to prevent this then your going to have to involve a much more complex infrastructure of administration and maybe even hardware to make it work. In short, it sounds like a cool idea to those people who figure it will never fall on their head (or someone they care about) but it may turn out to be quite impractical to implement to the degree where it would have some effectiveness.
While companies do have to manage their business, you always have to decide what exactly their business is before you start heaping particular tasks upon them that you feel they should be "managing".
Always keep in mind that if you start passing laws telling ISP's they are now legally responsible for disciplining users who fall prey to hackers and spammers that the odds of crafting those laws so perfectly that the ISP's can rest assured that they will know exactly with precision what they must do to keep from running afoul of this new law and that at the same time will not unfairly punish users, well, never has any law been crafted so perfectly. In stead your going to end up with clogged up courtrooms with ISP's and users battling it out with the government on who did what when where, who is really responsible and why who did nothing wrong. In short its simply an invitation to give lawyers a whole new bunch of clients, some with deep pockets, others not so deep.
I don't think there is anything right now about the nature of the ISP business that puts the task of putting an end to internet abuse on the heads of ISP's. They should be doing what they can to take all reasonable care, perhaps in certain cases further then that but we don't need the ISP's to start acting like the internet gestapo for the general public.
Finally, there is the issue of abuse. And I mean by the ISP's. If you tell the ISP's they now not only have the power to do this kind of policing but that they must do it, you can count on them erring on the side of caution and putting all sorts of users in a needlessly difficult position as opposed to risking their own legal position. And that kind of action almost always seems to develop into abusive behavior where a company finds out its to their advantage to exercise their new found power/responsibility in ways that are not always conducive to the general publics well being.
In short, your idea is not the way to go.
RE: Dear ISP, it's time to quarantine your malware-infected customers
<a href="http://www.affordabledegrees.com/ADA/ap.asp">online associate degree</a>
<a href="http://www.affordabledegrees.com/ADA/dp.asp">online doctorate degree</a>
<a href="http://www.affordabledegrees.com/ADA/hp.asp">diploma high school</a>
RE: Dear ISP, it's time to quarantine your malware-infected customers
RE: Dear ISP, it's time to quarantine your malware-infected customers
The "Net Neutrality" crowd are very consistent with their views on "Negligent and or Criminal Behavior" on the net. They are very cognizant of the fact that any critical infrastructure must be regulated to maintain it's pervasive availability. They do not endorse firing all the traffic cops and taking down all the speed limit signs.
They concentrate on preventing ISP from using their monopoly(s)to unfairly shift bandwidth and market share away from their competitors.
Believe me, they know they have their hands full with that Noble task.
RE: Dear ISP, it's time to quarantine your malware-infected customers
I disagree. Who's job is it if not the ISP? Is it my job to sort through the piles of useless crap that fill my inbox? Well, me and the millions of others that are in the same boat? If all the bot computers out there are quarantined, as they certainly should be, it stops a HUGE amount of spam from sucking up bandwidth.
Only few days ago, I finally had to get our IT guys to block all email from an acquaintance of mine. His computer has been sending out spam for months. He has been told clearly that this is happening, yet he does nothing about it. How much you want to bet that he would clean up his act if his email service was shut down? Why should I and hundreds of others in his address book suffer because he is too lazy to care?
<i>That is not their job. </i>
Ditto that, @james347
RE: Dear ISP, it's time to quarantine your malware-infected customers
RE: Dear ISP, it's time to quarantine your malware-infected customers
www.awwgame.com
RE: Dear ISP, it's time to quarantine your malware-infected customers
Yes, kick their sorry asses offline until they can learn to be responsible.
RE: Dear ISP, it's time to quarantine your malware-infected customers
Ah, you are forgetting that so many stupid people are still on Windows XP. I'll be blunt: even if I had to pirate Windows 7, it would be installed on all my machines.
RE: Dear ISP, it's time to quarantine your malware-infected customers
I guess that would work in Microsoft's favor then in getting people to ditch that insecure OS. I hate XP with a passion burning more than a thousand suns.
RE: Dear ISP, it's time to quarantine your malware-infected customers
I don't know that you can make an "idiot proof" OS that connects to the internet. Exploits exist in every OS in existence whether that is Linux, Apple, or Microsoft. Yes, it is the OS manufacturers responsibility to provide updates and fixes for exploits as they are found and be transparent and non-intrusive when doing so. But they cannot be responsible for how their OSes get used.
If a person either intentionally or unintentionally goes to a malicious website, you can popup all the warnings in the world and it will just confuse these types of people (most of which just click "OK" or "Yes" to any dialog window that pops up). I think it falls to having a web filter of some kind. As most people are clueless to implement one, I think it falls to the ISPs to provide that type of protection.
Here's my thought. I think all ISPs need to offer their basic internet connections with web filtering of all malicious websites. If you want unfiltered access, you have to request it, and they provide it, but there should be some simple type of online web compitancy test before you can upgrade to the unfiltered service. That service should be offered with NAP, where you are blocked from accessing the internet if you do get infected. If you get infected, after you are cleaned, you are returned to the filtered internet for a time being (maybe three months) and must retake the web compitancy test to go back to the unfiltered service.
I think most people would be just fine with the filtered service. If you don't like the filters, you can apply for the unfiltered, but at that time you most prove your compitancy and take responsibility for your own actions online with repercussions if you get infected.
Just my two cents...
RE: Dear ISP, it's time to quarantine your malware-infected customers
RE: even if I had to pirate Windows 7, it would be installed on all my mach
NOT for me, I ditched all of that WindoZE nonsense, and switched to Linux.
RE: Dear ISP, it's time to quarantine your malware-infected customers
MS needs to sort it's act out, even in guest mode on W7 you can download and run an exe !
RE: Dear ISP, it's time to quarantine your malware-infected customers
I still have it on one of my machines and it will be on there until 2014. Get over it.
RE: Dear ISP, it's time to quarantine your malware-infected customers
RE: Dear ISP, it's time to quarantine your malware-infected customers
Time Warner/Road Runner has available to there customers CA Internet Security Suite for download. Currently Time Warner is leaving it up to the user to police there own computers.