ISPs should disconnect infected users

ISPs should disconnect infected users

Summary: The notion of disconnecting computers from the internet that are infected with malware until they are fixed is sound policy and should be made mandatory if it is to be effective.


blog The notion of disconnecting computers from the internet that are infected with malware until they are fixed is sound policy and should be made mandatory if it is to be effective.

Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime

New cybercrime report
(Credit: House of Representatives)

Let me be the first to welcome some of the recommendations in a new parliamentary report entitled Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime.

Yes, some are crazy, like making it mandatory for internet users to install antivirus software and firewalls before their internet connection is activated. What if I use my iPhone to connect to a Wi-Fi access point that has internet connectivity?

And what if I don't want to fork out money to install some of that software, or use an operating system that doesn't have the ability to have it installed?

But one recommendation in the report — that a mandatory e-security code of practice for the internet industry be adopted, which goes beyond the recently launched voluntary code — is not so bad.

The industry's voluntary code (named iCode) aims to reduce the number of malware-infected computers on the internet by suggesting ways internet service providers (ISPs) can assist.

One suggestion within the iCode is to put internet users into a "walled garden" if their computer becomes infected, which limits internet access to prevent further security problems until the PC is quarantined. Another option is to throttle infected users' speed.

When in the walled garden, the idea is that users would be given access to software that they can download to cleanse their system until it is no longer infected.

I've always thought that the voluntary nature of the iCode was a problem. To get rid of the botnet problem — which is generated by malware-infected computers — we need to take action, and that action needs to be drastic and effective. So I think a mandatory code is a good thing.

ISPs are in one of the best positions to assist users, and yes, I understand policy like this would cost them money, but surely the benefits would outweigh the costs of setting up such a system.

And ISPs can make money from this! Think about it, you get infected and your ISP tells you you're infected: you can either fix the problem yourself, or perhaps your ISP offers you some software available via download for $50 that will fix the problem for you. Or maybe there could even be a "send technician" button, which the ISP might contract out to a company nearby.

Senator Conroy's office has said that the government will "examine the report to see how it can improve current cybersecurity arrangements".

At this month's release of the iCode, Conroy said that the government was working with the Internet Industry Association (IIA) and industry to make the iCode work as a voluntarily code.

"Down the track if [the voluntary code] doesn't work — [compulsory adherence] is something we'll have to look at," Conroy reportedly said. "But we are genuinely working well with the sector to get the best outcome."

The iCode is due to come into effect in December, and so I don't see government taking any action on the disconnection of users portion of the report until they see what the take-up is like. Here's hoping ISPs take to the idea and maybe even see it as a revenue maker.

Topics: Government, Government AU, Malware, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I should also add that I think the idea is good for home users and probably not so good for schools and businesses.
  • The idea itself isn't a bad one but people should be given an opportunity to correct problems on their networks (7 days is the current industry norm) and then the situation re-assessed. Cutting people off when ISPs receive a mere allegation isn't going to achieve anything, given that complains do not amount to proof and at the end of the day the burden of proof does lie with a complainant.

    This would ahve to be implemented world-wide to have any effect too. Whilst many Australian computers do host drones the number is insignificant compared to SE Asia, the US and the former eastern bloc nations where there are tens of millions of infected machines.
    Lord Watchdog
  • Watch this space, Lord Watchdog. Watch this space.

    Suzanne Tindal, News Editor
  • I agree with Lord Watchdog. Once every couple of months I run scripts to give me stats on the worst offenders that attack my boxes and use the registered abuse reporting emails for their IP ranges to report them (sometimes with very positive result), but I have never seen or reported an Australian IP. In fact I would say 9/10 are from China, and the other 1/10 is usually the US but sometimes from somewhere obscure.

    I am not saying there are no Australian servers affected by the issues, but making this work is a bit harder than just turning off connectivity for a couple of boxes, and we are not even a significant contributor to the real issue.

    This isn't going to work for the new mobile networks that NAT everything by default with customers retaining an IP for only a minute at a time (which I have already seen cause inumerable problems security-wise), and it's not gong to work for large organisations.

    I think it's a bit blase to call the policy sound.
  • Prevention is very important and I agree wholeheartedly that computers should be sold with anti-malware pre-installed.

    New computers often come with trial anti-malware, but once that expires many users can't afford to renew their subscription and so the software expires; sometimes switches off completely, or at least stops updating the virus signature files.

    When there are plenty of good and free anti-malware programmes about this is ludicrous.
    Personally I'd like to see every new Windows PC computer sold worldwide come installed with Microsoft Security Essentials which is a brilliant programme IMHO.
  • There's plenty of good free anti-virus program out these days. Avast and AVG to name at least two that I know of, plus as someone else mentioned, even Microsoft has a free one now, so I can't see end user cost being an issue. There's also web based scanners (Norton Security Scan, Trend Micro, Kaspersky, et al) that they could drop infected machines browsers straight on to, scan, clean and flag the PC back to "OK to access"...

    Our networking group can usually spot an infected machine just from the traffic it generates, so I assume that's how they are going to spot infected ones.

    "I should also add that I think the idea is good for home users and probably not so good for schools and businesses."

    I'd expect both school's and businesses to be even more concerned about a compromised machine than a home user. Heck, this system would actually be doing a business with infected machines a favour by stopping the machine from "phoning home" with client data, financial data, et al.

    Walling infected machines in and only allowing access to, say, an AUSCert maintained page with security/virus/malware checking tools is a great idea, IMHO.
  • Some while back I found that Optus had disconnected me. When I called them up to find out why, they said it was because my system had been reported as sending out spam. When I asked for a copy of the report, the person looked at it, and realised that it was in fact an email that I'd forwarded to them, at their request, so that they could investigate a delayed email delivery issue. Their explanation for having misconstrued it as a spam report was that it contained similar headers as a spam report does (because like every email, it contained email headers).

    If they're going to start requiring 'infected' users to install firewalls and virus checkers, they'll have to improve their ability to recognise when users' PCs are really infected.
  • Definitely not. If anything the ISP should get in contact with the user but not automatically disconnect them and then give them the option to pay for a av removal prog or send out a technician that would be a complete rip off for end users who freak out over one piece of malware. The system works at the moment, if the users computer is infected its usually going to impact them financially via going to purchase a AV or getting a technician who they choose to get it repaired. All comes down to the user will pay if they dont take the proper precautions its pretty simple. Even windows annoys the s*** out of you if you don't have anti virus software and firewall software enabled so if the users gets a virus its going to cost them either way they don't need potentially biased isp's policing them just look at exehell