ISPs should disconnect infected users
Summary: The notion of disconnecting computers from the internet that are infected with malware until they are fixed is sound policy and should be made mandatory if it is to be effective.
blog The notion of disconnecting computers from the internet that are infected with malware until they are fixed is sound policy and should be made mandatory if it is to be effective.
New cybercrime report
(Credit: House of Representatives)
Let me be the first to welcome some of the recommendations in a new parliamentary report entitled Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime.
Yes, some are crazy, like making it mandatory for internet users to install antivirus software and firewalls before their internet connection is activated. What if I use my iPhone to connect to a Wi-Fi access point that has internet connectivity?
And what if I don't want to fork out money to install some of that software, or use an operating system that doesn't have the ability to have it installed?
But one recommendation in the report — that a mandatory e-security code of practice for the internet industry be adopted, which goes beyond the recently launched voluntary code — is not so bad.
The industry's voluntary code (named iCode) aims to reduce the number of malware-infected computers on the internet by suggesting ways internet service providers (ISPs) can assist.
One suggestion within the iCode is to put internet users into a "walled garden" if their computer becomes infected, which limits internet access to prevent further security problems until the PC is quarantined. Another option is to throttle infected users' speed.
When in the walled garden, the idea is that users would be given access to software that they can download to cleanse their system until it is no longer infected.
I've always thought that the voluntary nature of the iCode was a problem. To get rid of the botnet problem — which is generated by malware-infected computers — we need to take action, and that action needs to be drastic and effective. So I think a mandatory code is a good thing.
ISPs are in one of the best positions to assist users, and yes, I understand policy like this would cost them money, but surely the benefits would outweigh the costs of setting up such a system.
And ISPs can make money from this! Think about it, you get infected and your ISP tells you you're infected: you can either fix the problem yourself, or perhaps your ISP offers you some software available via download for $50 that will fix the problem for you. Or maybe there could even be a "send technician" button, which the ISP might contract out to a company nearby.
Senator Conroy's office has said that the government will "examine the report to see how it can improve current cybersecurity arrangements".
At this month's release of the iCode, Conroy said that the government was working with the Internet Industry Association (IIA) and industry to make the iCode work as a voluntarily code.
"Down the track if [the voluntary code] doesn't work — [compulsory adherence] is something we'll have to look at," Conroy reportedly said. "But we are genuinely working well with the sector to get the best outcome."
The iCode is due to come into effect in December, and so I don't see government taking any action on the disconnection of users portion of the report until they see what the take-up is like. Here's hoping ISPs take to the idea and maybe even see it as a revenue maker.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
This would ahve to be implemented world-wide to have any effect too. Whilst many Australian computers do host drones the number is insignificant compared to SE Asia, the US and the former eastern bloc nations where there are tens of millions of infected machines.
Suzanne Tindal, News Editor
I am not saying there are no Australian servers affected by the issues, but making this work is a bit harder than just turning off connectivity for a couple of boxes, and we are not even a significant contributor to the real issue.
This isn't going to work for the new mobile networks that NAT everything by default with customers retaining an IP for only a minute at a time (which I have already seen cause inumerable problems security-wise), and it's not gong to work for large organisations.
I think it's a bit blase to call the policy sound.
New computers often come with trial anti-malware, but once that expires many users can't afford to renew their subscription and so the software expires; sometimes switches off completely, or at least stops updating the virus signature files.
When there are plenty of good and free anti-malware programmes about this is ludicrous.
Personally I'd like to see every new Windows PC computer sold worldwide come installed with Microsoft Security Essentials which is a brilliant programme IMHO.
Our networking group can usually spot an infected machine just from the traffic it generates, so I assume that's how they are going to spot infected ones.
"I should also add that I think the idea is good for home users and probably not so good for schools and businesses."
I'd expect both school's and businesses to be even more concerned about a compromised machine than a home user. Heck, this system would actually be doing a business with infected machines a favour by stopping the machine from "phoning home" with client data, financial data, et al.
Walling infected machines in and only allowing access to, say, an AUSCert maintained page with security/virus/malware checking tools is a great idea, IMHO.
If they're going to start requiring 'infected' users to install firewalls and virus checkers, they'll have to improve their ability to recognise when users' PCs are really infected.