Comments on: What Do You Think ISPs Should Do About Their Customers with Infected and Infested PCs?

By: Thomas Weatherly

Thomas Weatherly — Sun, 21 Jan 2007 17:57:20 +0000

We each should tackle the spam problem the way some did with segregation, homophobia, anti-Semitism, and other severe social problems. First, work on yourself, install firewall, antivirus, two antispyware, one real-time, an antirootkit, and a HIPS, maybe a virtualization program; second, you tell your immediate family, friends, and acquaintances about what they may do, how to do it, and where to find information, download programs, especially the freeware; third, spend some time in advocacy, at minimum one e-mail a month to your ISP, local, state, and federal legislators about the spam problem, or join an online association or local group; fourth, Give a personal gift of freeware security programs that you recommend and the urls for the commercial security programs you like burnt on a cd to your family and friends. It could be in addition to the usual ties, socks, Prince cds, etc that you give. You could include on it detailed instructions of how to clean an infected computer and maintain it. The first year that I did it, I was surprised and joyed by the reception. One friend gave cds he burnt along with the holiday bonuses to his employees. Some friends and family simply copied the one I gave them and passed on the information. It has become a chain cd of security programs and information. I collected the information from the places most geeks know like Eric Howe’s pages, now at Spyware Warrior, http://www.firewallguide.com, Castlecops, Wilderssecurity, Technet, GRC, Fred Langa, Bleepingcomputer, TomCoyote, TechSupportAlert (Gizmo’s informative mag and site), Tektips, Secunia, Freeware Forum, Decent Downloads, Nonags, Windows Sysinternals, Lockergnome, PCPitstop and PCPitstop Forum, and AlisonMack.com, and others. Make the cd. You know that some folk will put the cd in, say, install SpywareBlaster, Zone Alarm Free et cetera, who would not follow a url. It is also an inexpensive gift to give; you can expand your gift-giving. A hundred cds are cheap. I burn one a day as a habit, and usually have a couple of dozen around at minimum. I change the info and programs to match the changes in malware and technology. Now the commercial antiviruses I suggest are NOD32, Kaspersky, and Bitdefender, plus some other top AVs. I include links to a seven commercial ones, supplemented by links to objective tests and reviews. I don’t want my friends and kin to just accept my opinion. I include your opinions.
What ISPs can do is reward folk who work to make the internet safer. They can collected the freeware security for which there is a consensus about efficacy, like Spybot Search & Destroy, Zone Alarm Free, SpywareBlaster, Spyware Guard, CWShredder, Trend Micro’s Sysclean, et cetera for their customers to download. They should have the URL to the site on each bill; they should send the LINK to the site on each email communication to the customer. It would also benefit them and the customer if such a support disk was given to each new customer, and an updated disk each year to all customers. Customers could copy that one for gifts.

By: EJP

EJP — Sat, 11 Mar 2006 18:54:38 +0000

Great! A virus to protect against malware! A PERFECT IDEA! And Let’s get the government involved, so it can become just another ‘big-business-only club’. That’ll solve EVERYTHING!

But that’s EXACTLY what it will come to; because, you guys are absolutely right… You’ll never get ‘Joe Average’ to think it’s HIS responsibility (be it SPAM, illegal filesharing, or whatever); and you’ll never get ‘BigISP Inc.’ to do ANYTHING unless there’s a significant profit to be made (or lost). So, I guess all that’s left is some kind of legal intevention. The only question left to answer is: “How much will it cost to establish a world police organization to deal with all of those obnoxious countries who don’t feel obligated to obey United States law?”

But all that’s just so much hot air; because, ya know what? SPAM doesn’t bother ME! I HAVE all of the security software in place; and I HAVE all the filtering rules set up properly; and I KEEP TRACK of all of the latest exploits, etc… So, while you ninnies decide who’s to blame for your own incompetence; I’ll just sit back and enjoy the show (for however long it lasts).

By: Bruce

Bruce — Mon, 14 Mar 2005 20:35:27 +0000

ISPs are the point at which all of the malware enters the net - they are making money, and they have technical staffs to manage their equipment - they have the perfect opportunity to block unwanted traffic (viruses, Trojans, keystroke loggers, worms, spam, port scans, and etc.). ISPs should be held responsible for what they allow onto the net - they have business addresses and bank accounts - we know who they are and where they live. To control foreign ISPs, we should require all of their traffic to come through a US ISP unless the foreign country signed a treaty which implemented and enforced laws of at least equal severity to those in the US - and whose government was also collecting postage. If necessary, the government could get involved to provide enforcement teeth by charging the ISP $.01 USD ‘postage’ for every address to which an e-mail is sent onto the net - the money collected could be placed in a revolving fund to pay for monitoring and enforcement at the ISP level as well as for any administrative overhead and oversight by the government. A similar scheme could be used to pay for packets and/or bandwidth. Once the costs begin to fall on the consumer of the net resources (e.g. - spammers) - the business model will not support their theft of bandwidth, disk storage, and the recipient’s time. Trying to fix these problems at the individual computer will never work because all the end users will never be able to update and patch their computers effectively - especially as less technical people are added to the world community.

I know that many people don’t want the government more involved in the internet, but, the freeloaders of the world are not going to show any restraint and the end user cannot take any effective action. We have been through these things before with trusts and anti-competitive business models, with racketeering, and now with terrorism - new and/or diffuse threats to which the victims cannot effectively respond.

Another area that could also be addressed would be to write or co-opt self propagating software which would search out and destroy the malware on PCs. If the end user does not want an outside agency to do this for them, then they should protect their computers. Unprotected and/or infected computers should be fair game to be cleaned and patched from the outside - either by the ISPs taking care of their connected customers, or by an enforcement group who can actively search for and destroy the potentially dangerous networks of zombie computers already in existence. It is clear that the owners of these machines cannot do the job and these computers have become a danger to the rest of us. The same legal framework that keeps people from storing hazardous materials on their property should apply here - similar to the local fire department enforcing building codes or cleaning property of hazardous brush to protect the community.

By: Tom Woolf

Tom Woolf — Mon, 14 Mar 2005 19:34:47 +0000

I do expect my computer to work as easily as any other consumer item. However, I also take my role as a responsible citizen seriously. ALL of my consumer items that might possibly affect other individuals in this society I keep in proper working order. That means that my car’s brakes and lights are in working order… That means if my cordless phones mess up my neighbor’s phones, we work out a solution…. I think you get the idea.

Keeping your computer up to date with anti-virus and other protective software falls into the same category as making sure the car brakes are functioning properly. The computer industry has made some strides in making it easier for the novice to do this - just as Goodyear makes it easy for me to simply drive in and have them check out my car’s safety features. But just as it is my responsibility to either validate the safety features of my car or take it to a mechanic who can, it is the responsibility of the owner of each computer hooked into the internet to make sure their computer does not harm others.

By: Onanymouse

Onanymouse — Sun, 13 Mar 2005 22:13:20 +0000

One thing you guys seem to overlook is that people do have a right to expect computers to work as easily as any other consumer item… unfortunately the computer industry has managed to convince many people that it is different somehow from every other industry. People seem to believe they are somehow so superior as soon as they ‘know about computers’. What a load of self serving egotists so many have become.

By: B. DeForde

B. DeForde — Fri, 11 Mar 2005 20:53:47 +0000

I have so much security on this machine that I am surprised that it works at all. I do everything I can do to keep it clean and I absolutely HATE these people who do nothing but destroy the net for the rest of us. I agree that the ISP’s should bear most of the responsibility, BUT the individual owner MUST listen and learn too. If they cannot be educated then shut them down until they can find help to clean up their mess.

By: anonymoose

anonymoose — Fri, 11 Mar 2005 20:11:16 +0000

Some interesting (though unoriginal) ideas here about who to blame, but barely a whisper about how to fix it. The problem exists NOW, it is causing problems NOW, and that’ll only get worse unless we stop trying to decide who to blame and start working on how to fix it.

I know what I’m doing. What are you doing?

By: David R

David R — Fri, 11 Mar 2005 17:47:54 +0000

There are far too many Luddites out there who simply refuse to even learn about, much less install the proper prophylactic utlities on their home or business systems. The ISPs do need to take more pro-active attitude, but the root of the problem is the lack of accountability for the spam (or virus) origins, i.e., the domains that propogate it in the first place. Until ICANN forces its “Accredited Registrars” to maintain _current_, _complete_, and _accurate_ domain registration data, so that the criminals can be tracked to their REAL locations, nothing will improve. As it is now, with more than 200 registrars scattered about the world, and a relatively small group of them totally ignoring the weak existing requirements (particularly prime offenders like “Morethan1Cow”!)the flood of spam & viruses and scams will continue unabated. Those greedy & irresponsible Registrars knowingly accept totally false domain registration data with impunity. They should lose their authority!

By: Jay B

Jay B — Fri, 11 Mar 2005 16:20:45 +0000

It is in the ISP’s interest to monitor for heavy system usage. This can be spam, viruses, or business use.
1. If the system load gets too heavy, legitimate customers will get upset and leave. The ISP loses income.
2. If the heavy use is legitimate then that user should be classified as such and pay a higher rate for service. The ISP gains income.

By: Paul Van Noord

Paul Van Noord — Fri, 11 Mar 2005 13:37:40 +0000

The problem really starts with the operating system and quickly transfers to the system vendors. If the operating system is securely designed and the mass marketers ship machines that are protected by default with hardware and software that is effective for the life of the machine the problems will disappear. Unfortunately, we are more interested in “gee-whiz” than being responsible. Air bags don’t save lives because people order them. They save lives because they are there by default.

ISP’s should only have to clean up the screw-ups after the above is implemented.