×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Australian ISPs Asked To Cut Off Malware-Infected PCs

timothy posted more than 4 years ago | from the good-of-the-tribe dept.

Security 286

bennyboy64 writes "Australia's Internet Industry Association has put forward a new code of conduct that suggests ISPs contact, and in some cases disconnect, customers that have malware-infected computers. 'Once an ISP has detected a compromised computer or malicious activity on its network, it should take action to address the problem. ISPs should therefore attempt to identify the end user whose computer has been compromised, and contact them to educate them about the problem,' the new code states. The code won't be mandatory, but it's expected the ISP industry will take it up if they are to work with the Australian Government in preventing the many botnets operating in Australia."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

286 comments

let's wait and see (5, Insightful)

Anonymous Coward | more than 4 years ago | (#29422953)

if the Australian definition of 'malware' is 'bittorrent'

Re:let's wait and see (0)

Anonymous Coward | more than 4 years ago | (#29422983)

that would make them a bunch of assholes now wouldn't it?

Re:let's wait and see (5, Funny)

Anonymous Coward | more than 4 years ago | (#29423187)

that would make them a bunch of assholes now wouldn't it?

Nope, it would make us a bunch of arseholes

Re:let's wait and see (0)

Anonymous Coward | more than 4 years ago | (#29423233)

No, every single other act since their election two years ago have already made them a bunch of arseholes.

Re:let's wait and see (1)

Capsaicin (412918) | more than 4 years ago | (#29423609)

No, every single other act since their election two years ago have already made them a bunch of arseholes.

Australia's Internet Industry Association were elected two years ago?

Re:let's wait and see (1)

ZeRu (1486391) | more than 4 years ago | (#29423381)

Not if you ask their censorship minister Stephen Goebbels-Conroy. He would probably say that everyone who doesn't like their idea wants to legalize padeophilia and that freedom of speech means watching child porn.

Re:let's wait and see (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29423463)

Nicola Roxon (Australian Health Minister) recently let the cat out of the bag during an interview with the Financial Review (August 20, 2009). She was speaking about the new Heatlh IT system that is aimed at increasing communication between the states, and she stated that the major cause of delay was working out how to prioritise the transmission of medical records over the internet - aka. net neutrality. So suddenly Herr Conroys' filter has another purpose. Then they can also change the laws on data-casting, and expect a nice little income from Channel 7, 9 and 10 for the privilege of priority feeds for their content. I guess they need to figure out ways to make money now that they have sold off the power stations, telecommunications, water and sewerage - and every other 'utility' that was built on the back of the previous generations taxes.

Re:let's wait and see (1, Insightful)

indi0144 (1264518) | more than 4 years ago | (#29423019)

No really. How can they tell if some machine is infected? I know they monitor traffic (After all AU is the small brother of the big one *cough* UK *cough*) Maybe they can just slow down the bandwidth on infected PCs so when the customer call because "the internet is slow" the ISP would have the chance to tell them why it's "slow". For those who don't care or can't tell, well, maybe nobody else should care for them either.

I'd really like to see this implemented worldwide if it's done right.

Re:let's wait and see (5, Interesting)

Dorsai65 (804760) | more than 4 years ago | (#29423071)

True, except for one tiny little detail: all the crap the infected/zombie machines spew out wastes bandwidth on the net and slows things down for the rest of us -- as well as trying to infect other machines. Not to mention the spam, DDoS-ing, and other jackassery going on.

Re:let's wait and see (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29423241)

If this is so imprtant, then why don't the telecommunications companies listen in on all our phone calls and terminate the telemarketing calls that a wasting the usable phone lines which means I get a "network busy" signal?

Re:let's wait and see (4, Insightful)

the_raptor (652941) | more than 4 years ago | (#29423361)

Telemarketers pay for access to the phone system. Spammers and botnet controllers hijack other peoples access.

And what third world country do you live in to get "network busy" at any time except during a disaster? I am 26 and have never experienced it myself although I know it happens.

Re:let's wait and see (1)

walshy007 (906710) | more than 4 years ago | (#29423401)

And what third world country do you live in to get "network busy" at any time except during a disaster? I am 26 and have never experienced it myself although I know it happens.

I'm 22 and I've seen it before, ever seen 200 people trying to do voice calls simultaneously within 20x20m, the towers don't like it. It wasn't an emergency either.

Re:let's wait and see (0)

Anonymous Coward | more than 4 years ago | (#29423441)

Wow! I love meaningless comparisons between packet-switched networks (i.e. Internet) and circuit-switched networks (i.e. phone system).

Re:let's wait and see (1, Funny)

Anonymous Coward | more than 4 years ago | (#29423255)

After all AU is the small brother of the big one *cough* UK *cough*

You ignorant pratt, Australia has not been the "little brother" of the Big (UK) Brother (and oh, aren't you so free from surveillance) for at least half a century. We are unambigiously a client state of the USA.

Don't be a policeman (5, Insightful)

kregg (1619907) | more than 4 years ago | (#29422961)

ISPs should just provide internet access not police and monitor traffic.

Re:Don't be a policeman (5, Informative)

DavidD_CA (750156) | more than 4 years ago | (#29423063)

Since infected computers often lead to DDOS and spam botnets, I think this is a good idea.

Up for debate is the method they use to detect a rogue machine, but if they can perfect that then I'm all for this.

Clueless users probably go for months without realizing they're sending out hundreds of emails a day, or helping to bring down some remote server.

It's the next-best thing to requiring a license to use the 'net. ;)

Re:Don't be a policeman (5, Insightful)

some_guy_88 (1306769) | more than 4 years ago | (#29423143)

The problem is the Australian government are already trying to censor our internet connections at the ISP level and whilst getting rid of bot nets sounds like a great idea, building any sort of traffic monitoring in now sounds dangeroulsy close to their existing plan to filter the net.

Hell, this could even be their plan, bring in filtering to take down bot nets then slowly but surely start to block porn they don't like and pro-abortion web sites and before you know it any political site not to their liking

Re:Don't be a policeman (5, Insightful)

calmofthestorm (1344385) | more than 4 years ago | (#29423201)

"The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all." - H L Mencken

Of course this is dicey, as the current proposition is, in my opinion a good idea. But we all know that GP's right.

Re:Don't be a policeman (4, Insightful)

SlashWombat (1227578) | more than 4 years ago | (#29423435)

The Aussie Government has both good and bad ideas WRT the internet. On the good side, is genuine broadband via a new fibreoptic backbone at an estimated cost of 43e9 dollars. On the bad side is the excretable idea of mandatory filtering. (Which can easily be circumvented ... thus making those who do wish to view kiddie porn even more anonymous!)

Having said all that, it is NOT the Aussie government advocating this action! Perhaps the errant public would be well served by their ISP informing them that their machine is infected. As it stands, I see machines that are "typhoid Mary's", So infected with trojan's, virus's and other malware that it is amazing they still work at all. The average user doesn't have a clue there is a problem beyond complaining that their machine is slow. (Which is often why they "upgrade" to a "faster" machine! Seems very fast until the new machine gets infected ... takes about a week!)

Re:Don't be a policeman (4, Interesting)

digitig (1056110) | more than 4 years ago | (#29423615)

I'm surprised that the ISPs don't do this already. When one of my family members connected an infected PC to my home network my (UK) ISP promptly contacted me to tell me that the network was a source of malware attacks and to sort it or they would disconnect me. For which I was grateful, and I helped the family member resolve the problem.

Re:Don't be a policeman (0)

Anonymous Coward | more than 4 years ago | (#29423203)

What about false positives? That what would concern me, if I were in Australia.

Re:Don't be a policeman (2, Insightful)

dintech (998802) | more than 4 years ago | (#29423291)

What about malware writers who figure out how the detection works? This is yet another arm race.

Re:Don't be a policeman (1)

AHuxley (892839) | more than 4 years ago | (#29423663)

I think its more a gateway for the gov giving isp's the nod to look for a set of streams.
Over time it will be for the worst of the worst.
Then packet inspections will just be part of everyday internet usage.

Re:Don't be a policeman (3, Funny)

supernova_hq (1014429) | more than 4 years ago | (#29423689)

If the malware writers decreased their bandwidth and stopped sending mass mailouts, I don't think there would be a NEED to detect them!

Re:Don't be a policeman (1, Insightful)

bzipitidoo (647217) | more than 4 years ago | (#29423243)

I think this is a dumb idea. ISPs shouldn't have to cover for Microsoft's insecure software. Why not require that everyone connected to the Internet use a better OS? That idea makes just as much sense, doesn't it?

Worse is that this can so obviously be used as a wedge to demand that ISPs do copyright policing, obscenity policing, and who knows what else.

Throttling based solely on quantity of traffic coming from a customer seems a simpler, fairer, less politically exploitable method.

Re:Don't be a policeman (3, Insightful)

Peet42 (904274) | more than 4 years ago | (#29423413)

"It's the next-best thing to requiring a license to use the 'net. "

Instead, you'll need a license to run a peer-to-peer protocol.* Any traffic from an "unlicensed application" will be assumed to be malware and thus blocked. That way, only "authorised" applications from vendors who have paid for a license will work. How many of those will be things like "iTunes" and how many things like "BitTorrent"...?

(*Just because I'm paranoid doesn't mean they aren't out to get us...)

Re:Don't be a policeman (3, Insightful)

Anonymous Coward | more than 4 years ago | (#29423449)

RTFA - They said if the ISP Knows a customer is using a malware infected PC; Working for an Australian (Adelaide) ISP at one point, I can tell you - this is the easy part, We don't have to monitor ports or anything - just wait for somebody to send an email to postmaster/abuse/etc on our domain complaining about spam from specified IP in our range.

Find the customers session - call them, tell them its malware, etc

Protip: Adelaide ISPs pretty much do this already; having your subnet blocked from sending email to somewhere important (like hotmail or gmail - which are important becuase customers send lots of email there) means customers get pissy, pissy customers is a loss of business - killing 1 customers session and suspending their service is better from a business point of view than having 10,000 customers complain and possibly move ISPs...

Re:Don't be a policeman (3, Insightful)

Runaway1956 (1322357) | more than 4 years ago | (#29423235)

I pretty much agree - but the ISP's already monitor traffic for a variety of reasons. Mostly bad reasons, but the monitoring is in place. It really isn't hard to determine that a machine's excessive traffic is due to viral infections. Shutting them down seems like a good idea. When the customer calls to complain, tech support has a kindergarten teacher on hand to explain how simple it is to upgrade to a safe unix-like operating system to avoid future infestations.

Problem solved.

Re:Don't be a policeman (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29423339)

I pretty much agree - but the ISP's already monitor traffic for a variety of reasons. Mostly bad reasons, but the monitoring is in place. It really isn't hard to determine that a machine's excessive traffic is due to viral infections. Shutting them down seems like a good idea. When the customer calls to complain, tech support has a kindergarten teacher on hand to explain how simple it is to upgrade to a safe unix-like operating system to avoid future infestations.

Problem solved.

Meanwhile in the real world: everything previously rejected by censorship initiatives now falls under malware and can be blocked/disconnected without the need for a law that is hard to get past parliament/congress or whatever they call it down there. Reminds me of the German family ministers initiavite to make "voluntary" contracts with ISPs to block undesirable sites because putting it into a law would take too much time and opposition.

Even if it sounds good on the surface, rest assured they won't stop there and they will get pretty creative when it comes to the definition of malware. Not to mention that the more of these filters get implemented, the more will follow. Another example was a court decision here where the judge said an ISP is not required to filter (potentially copyright violating foreign sites) because no filtering infrastructure is in place. Would there have already been an infrastructure, a lot more would have been mandatory to filter.

Re:Don't be a policeman (1)

L4t3r4lu5 (1216702) | more than 4 years ago | (#29423419)

When the customer calls to complain, tech support has a kindergarten teacher on hand to explain how simple it is to upgrade to a safe unix-like operating system to avoid future infestations.

What's wrong with the tech support monkey teaching them how to set up a restricted account for every day use? Why couldn't they instead tell the user that browsing the web from an Administrator account is what caused the issue, accompanied with clicking "Yes" "Accept" and "Allow" at every box which pops up in front of them?

Linux is not a cure, it's a choice. Education is the cure.

Re:Don't be a policeman (1)

Runaway1956 (1322357) | more than 4 years ago | (#29423473)

Linux is part of the cure. It helps in treating one symptom of the disease. Ignorance is drastically reduced after just one installation of any unix like operating system.

Of course, there are those who take pride in their ignorance. Some of those individuals insist on running as root when they finally upgrade to Linux.

Re:Don't be a policeman (0)

Anonymous Coward | more than 4 years ago | (#29423617)

Linux is part of the cure.

Only to a certain extent. Even the most secure OS can be broken by the laziness off users. I wouldn't be surprised to find a text file on the Desktop with the root pass or something like that. Because that's so damn convenient when you have to enter it somewhere. Or they'd just surf as root like they do on Windows.

Re:Don't be a policeman (5, Insightful)

mikael_j (106439) | more than 4 years ago | (#29423305)

I've worked for ISPs here in Sweden and most serious ISPs here see it as standard practice to warn and then disconnect users who are running zombie machines, nothing strange or totalitarian about it, it's about protecting their network and their other customers from harm.

/Mikael

Re:Don't be a policeman (1)

theolein (316044) | more than 4 years ago | (#29423321)

The idea is good because it would it that much harder to propagate botnets and even feasible, but the real problem is that almost all end users have no idea what malware is or how to stop it. Unless the enduser is supported in removing the malware, and in the case of rootkits this usually means reinstalling the OS, then it will only result in a huge number of complaints that the ISPs will not be able to cope with.

Re:Don't be a policeman (4, Insightful)

PeterBrett (780946) | more than 4 years ago | (#29423397)

The idea is good because it would it that much harder to propagate botnets and even feasible, but the real problem is that almost all end users have no idea what malware is or how to stop it. Unless the enduser is supported in removing the malware, and in the case of rootkits this usually means reinstalling the OS, then it will only result in a huge number of complaints that the ISPs will not be able to cope with.

Most end users have no idea how to replace the spin motor on their washing machine, either.

I don't understand why people who are perfectly happy with getting knowledgeable technicians to work on almost all of their household equipment think that their PC is some sort of magical exception.

Re:Don't be a policeman (0)

Anonymous Coward | more than 4 years ago | (#29423405)

ISPs should just provide internet access not police and monitor traffic.

How is this policing? Policing seems to suggest some kind of law enforcement.
Need a car analogy? If I rent you my racetrack to use for a day you can be damn certain I will be down there making sure you're racing and not doing doughnuts on the grass.

Honestly this anti everything policy of slashdot is getting old. Recently we were discussing how ISPs should educate and not punish users, now education is on the table and people are suggesting it's a bad idea.

Re:Don't be a policeman (3, Interesting)

Horus1664 (692411) | more than 4 years ago | (#29423469)

I'm in the UK and used to use Zen as my ISP. I found their tech support very helpful in spotting dodgy activity emanating from my home network and advising me on ways to investigate and correct my problems. They did warn that I should take immediate action or they would have to consider suspending my connection. I found this a sensible, helpful and mature approach to the situation.

If done properly involvement of the ISP in identifying and helping resolve infected PCs should be welcomed I would have thought...

Re:Don't be a policeman (1)

dingen (958134) | more than 4 years ago | (#29423637)

When the ISP feels his network is being abused, I don't think it's so ridiculous he should be able to do something about it. If cutting off the abuser is the best solution, I'd say go for it. In the long run, it might even help Linux adoption on the desktop, who knows.

Gvmnt dictating to ISPs (0)

Anonymous Coward | more than 4 years ago | (#29422969)

This is just SOCIALISM!

Re:Gvmnt dictating to ISPs (1)

PinkyDead (862370) | more than 4 years ago | (#29423591)

What? The Internet?

I'm not particularly keen on government interference, but without it we mightn't have the Internet in the first place.

Would you like some cake?

sigh (3, Insightful)

Mr_Plattz (1589701) | more than 4 years ago | (#29422971)

This is actually a good idea. Sadly, it's another step in the direction of moderated, government approved, unable to opt-out internet.

Re:sigh (1)

socceroos (1374367) | more than 4 years ago | (#29423179)

Correct. There is a fine line to be drawn.

Perhaps it would be better if instead of cutting the users off, they were only to educate them. And only with customers who's machines are causing real havoc. I don't want anything to do with an ISP who is constantly monitoring my traffic for 'suspicious' activity.

Can't wait! (1)

djupedal (584558) | more than 4 years ago | (#29422973)

> "Once an ISP has detected a compromised computer or malicious activity on its network, it should take action to address the problem..."

Damn I hope the entire process is automated - sniff/clip/boom....including the customer help line. Gonna be some super fine yelling and screaming at the line judge over this one.

I mean, since 'the problem' has already been determined and all...

There's already precedent for this, too... (4, Informative)

Runefox (905204) | more than 4 years ago | (#29422985)

Rogers, here in Canada, has been practising this for a few years now, and will notify and disconnect computers that are sending network packets that match known malware. I think it's an automated process, too.

It's sort of funny, there was once a time when someone set the DHCP lease length too short, and several customers wrongly got blasted off the internet as they had been "infected".

Re:There's already precedent for this, too... (0)

Anonymous Coward | more than 4 years ago | (#29423365)

Do they send the warning and disconnect you at the same time, or is there a grace period? The warning especially seems like a good idea, maybe with instructions on how to go about ridding your computer of malware.

Reminds me (5, Interesting)

Shadikka (876072) | more than 4 years ago | (#29422991)

A couple of years ago, a major ISP in Finland had a somewhat similar system. They wouldn't allow infected computers to take any other network access than HTTP and they redirected all HTTP traffic to a page saying "you're infected" and providing short instructions on how to fix it. It seems that they're not doing it anymore, but I don't know the reason.

Re:Reminds me (1)

wizardforce (1005805) | more than 4 years ago | (#29423065)

I am guessing that the people who got infected probably saw the "you're infected" page as being normal [per earlier slashdot article] and once they realized they couldn't go anywhere else they blamed the ISP for it and went elsewhere.

Re:Reminds me (0)

Anonymous Coward | more than 4 years ago | (#29423277)

Capitalism at work.

Re:Reminds me (5, Interesting)

dnaumov (453672) | more than 4 years ago | (#29423285)

A couple of years ago, a major ISP in Finland had a somewhat similar system. They wouldn't allow infected computers to take any other network access than HTTP and they redirected all HTTP traffic to a page saying "you're infected" and providing short instructions on how to fix it. It seems that they're not doing it anymore, but I don't know the reason.

The largest ISP in Finland, Elisa is still doing it and the system is actually working very well. I haven't seen a single false positive yet (yes I work in their helpdesk).

Re:Reminds me (2, Funny)

SanguineV (1197225) | more than 4 years ago | (#29423565)

I haven't seen a single false positive yet (yes I work in their helpdesk).

Every system was infected with Windows?

I think it's a great idea. (3, Informative)

pecosdave (536896) | more than 4 years ago | (#29423009)

I've contacted ISP's about their customers attempting to "hack me" because they were infested with Code Red and Nimda and for some reason my Apache server on Linux looked incredibly tasty. They of course proceeded to ignore me and not even to contact their customers.

Re:I think it's a great idea. (3, Interesting)

Falconpro10k (602396) | more than 4 years ago | (#29423045)

i always enjoyed seeing those in my snort logs, or even the logs in my pix in later years. And yes, I'd send the sniffer trace to the abuse address of the isp, never made a damn bit of difference. This is what infuriates me about consumer isps. If one of my clients who buys service from me started to get sniffer trace emails to my abuse mailbox, i'd be on the phone at the least.

Re:I think it's a great idea. (4, Interesting)

Gandalf_Greyhame (44144) | more than 4 years ago | (#29423429)

I've contacted ISP's about their customers attempting to "hack me" because they were infested with Code Red and Nimda and for some reason my Apache server on Linux looked incredibly tasty. They of course proceeded to ignore me and not even to contact their customers.

I had a similar experience at University. I was living on campus and had my Apache server running along nicely on my Linux box, and kept on getting these weird error logs. As soon as I saw it I had a feeling that it was Code Red, so I checked up on the net just to confirm. It was. So I then traced it back to its source - one of the University's own computers. I contacted the Uni's IT staff and informed them that they had a machine that was infected with Code Red. Do you know what response they gave me?

"It isn't our machine that is infected. Your machine is the infected one."

For anyone who didn't read the above properly, or can't be bothered going back over it again, I was running Apache on Linux and the Code Red worm infected Microsoft IIS Web Servers.

About time (3, Insightful)

Falconpro10k (602396) | more than 4 years ago | (#29423025)

Want to put a stop to malware/botnets? This is it. If a simple email/phone call asking "are you using irc/running your own mail server?" gets a response of "I don't know what irc is!", shut them down until they can clean out their machines, hell, even give them help, such as redirecting them to an isp sponsored AV or something (and no, i'm not talking enforcing it like some schools do with clean access or other network admission control.) Doing this sensibly could very seriously take a bite of out a lot of the problems on the 'net today.

Re:About time (3, Interesting)

badfish99 (826052) | more than 4 years ago | (#29423139)

Having sold "unlimited" access at a fixed price, ISPs run on tight margins, so one simple email or phone call, plus the subsequent dealing with the customer, will wipe out the whole year's profit from that customer. So what in practice will happen if ISPs go down this route is that they will simply start blocking the ports for IRC and mail. And then the malware will move to another protocol, and that will be blocked, and so on.

I suspect the the law of unintended consequences will mean that we'll end up with ISPs that provide access only to http and https.

Re:About time (1)

timmarhy (659436) | more than 4 years ago | (#29423219)

the cost of an email with a follow up call is nothing compared to the saving they will get from reduced bandwidth.

as usual, nerds are hopeless with business decisions.

Re:About time (1)

neumayr (819083) | more than 4 years ago | (#29423351)

Those same nerds you accuse of lacking any business sense know how much informed tech support (as opposed to a low paid call center agent from India or the local college) costs, and have an idea on how long it takes to walk people through cleaning their systems.
Of course, if you're just talking about an informing e-mail, and a phone call telling the customer to contact some AV company, yes, that's probably covered by the bandwidth saved. Unless of course the customer maxes out the line anyways...

Re:About time (0)

Anonymous Coward | more than 4 years ago | (#29423431)

Most of not all internet access in Australia is metered, not unlimited.

Re:About time (1)

jimicus (737525) | more than 4 years ago | (#29423483)

I suspect the the law of unintended consequences will mean that we'll end up with ISPs that provide access only to http and https.

You ever looked at any ISP's own online help or tried contacting one lately?

Certainly here in the UK, most ISPs seem to think that's all they do anyway.

My ISP (EXETEL) already does this.. (5, Interesting)

the_raptor (652941) | more than 4 years ago | (#29423081)

My (Australian) ISP has been doing this at least for spam relays for a few years now. If they detect you are being used to spam they cut all your traffic and redirect port 80 to a page telling you what has happened and giving you links to AV tools and an automated traffic checker that will unblock you once you have dealt with the malware. Two of the guys I live with got infected and so I have personal experience dealing with the system. To me it seems like a perfectly sensible and responsible reaction to a serious problem. IMO any ISP not doing this is an irresponsible netizen.

To me it is like your CC company notifying you of suspicious charges or the phone company asking why your mobile is suddenly making hundreds of calls from Azerbaijan. It not only stops the current problem but if people are actually notified that they have a problem they are far more likely to take steps to protect themselves in the future.

Re:My ISP (EXETEL) already does this.. (1, Interesting)

Okind (556066) | more than 4 years ago | (#29423135)

It also happens in the Netherlands with XS4All.

At some point a server at work was hacked. Since I connect to home using an SSH key, my home machine was compromised as well.
My ISP then sent me an email, and cut off all access except:
- email (it went via their spam filtering email server)
- HTTP (if gone through their proxy; otherwise only their website)

This is a solution that also works for grandma, because she has no clue how to clean their computer, doesn't know how to find someone to pay to do this right, and doesn't want to burden the children with what she percieves to be an unimportant plaything (after all, the postal services still work).

Re:My ISP (EXETEL) already does this.. (1)

shentino (1139071) | more than 4 years ago | (#29423265)

The problem is that we've already had assholish ISPs use DPI as a means of discriminating against legitimate traffic.

Before I would allow an ISP to do that to me they'd need to earn my trust first.

Re:My ISP (EXETEL) already does this.. (1)

the_raptor (652941) | more than 4 years ago | (#29423379)

EXETEL are a one of the best ISP's down here. The only problem with them is that the network is getting so saturated these days (none of the major telcos will invest in new capacity until the Aussie government sorts out its 10 billion AUD future broadband scheme) that they are shaping P2P and limiting "bonus" data to 3am to 8am. Kind of sucks but the other option is for all traffic to be slow if the links max out due to unrestricted P2P.

Other than the network capacity issue they are pretty "wink wink nudge nudge" about P2P, and are only doing the bare minimum to appear to be complying with the governments wish to institute network filtering.

Re:My ISP (EXETEL) already does this.. (1)

the_raptor (652941) | more than 4 years ago | (#29423387)

I meant to say they are shaping P2P except during the bonus data time of 3am to 8am. As I am only on ADSL1 I don't notice any shaping.

Re:My ISP (EXETEL) already does this.. (2, Interesting)

KenMcM (1293074) | more than 4 years ago | (#29423443)

Exetel also conducted a trial of its own [exetel.com.au] in regard to ISP level web filtering technologies. It made participation in this trial mandatory for all of its subscribers, disallowing them the freedom to opt-out. There's some food for thought.

Many school networks already do this (3, Interesting)

vxvxvxvx (745287) | more than 4 years ago | (#29423087)

I know when I was living on campus at a state university my computer was caught in one of their malware scans. I was running Linux and had firewalled ping requests among other things. Their scanning system automatically assumed if a computer did not respond to ping it was infected.

Re:Many school networks already do this (0)

Anonymous Coward | more than 4 years ago | (#29423245)

If you don't respond to pings they can assume you're not connected and disconnect you for that reason alone (it's in a RFC I'm to lazy to dig out).

Re:Many school networks already do this (0)

Anonymous Coward | more than 4 years ago | (#29423465)

I find that hard to believe, considering that Windows software firewalls tend to be completely silent in that regard...

Could be good if done right (1)

Phurge (1112105) | more than 4 years ago | (#29423091)

Obviously there is the risk that the scanning could be "extended" but I would back it IF:

1 - Users could opt-out
2 - The list of blacklisted "malware" was maintained and published by a non political body

Re:Could be good if done right (1)

Todd Knarr (15451) | more than 4 years ago | (#29423157)

You wouldn't need to scan the computer. Just watch for the network traffic signature of malware (eg. open ports known to belong to malware that respond to the appropriate malware's protocol when probed, or open ports belonging to a Web server serving up malware). My ISP already scans for open ports as a regular security precaution. As for opt-out, no. The people who are the most problem are exactly the ones who'd opt out instead of fixing the problem (because in their mind the problem isn't the malware, it's the ISP complaining to them about it, and opting out fixes their idea of the problem by making the ISP stop complaining at them).

Walt (0)

Anonymous Coward | more than 4 years ago | (#29423109)

This is known as a "MAC block". Anyone with a brain who controls their own network space is either doing this, or should be doing this. I work at a largish University, and we do this every day to student and faculty/staff workstations who are compromised and are a risk to our network.

Only Macs will be left (3, Funny)

Anonymous Coward | more than 4 years ago | (#29423131)

If you cut off all the Malware-Infected PCs, only Macs will be left. (ok, maybe some linux boxen).

*ducks*

It sounds good but... (0)

Anonymous Coward | more than 4 years ago | (#29423147)

A lot of ISPs especially the smaller ones have a pretty good idea which of their customers have viruses or have otherwise joined the rank of p0wned botnet zombies and their knowledge is fairly accurate.

Notifying customers of the same might be a good idea but there is a risk they will not react positivly and for that reason many opt not to contact the customer.

Personally I would rather not be cut off because some hueristic match thinks I have a virus. Virus scanners routinly make mistakes, overzealous and random spam filters make SMTP Email unusable. Putting network access in the same category would only fasttrack a search for a new provider that didn't play games.

There must be better ways. If the ISP can detect this why not push the detection method to the client via CPE router firmware or network hook to analyze traffic... Some PC based software already does this and if there is demand the belkin/linksys/netgear consumer routers of the world it seems could be reasonably positioned to do some basic signature checking.

Having tools/choices via the ISPs customer portal would certainly also be an acceptable approach.

The devil is in the details.

internet licence (1)

Horar (521864) | more than 4 years ago | (#29423191)

It's illegal to drive on public roads without a driver's licence.

It ought to be illegal to use a computer connected to the internet without some form of minimum qualification. i.e. an "internet licence"

Re:internet licence (0)

Anonymous Coward | more than 4 years ago | (#29423225)

Get 3 strikes, lose your licence...

Re:internet licence (1)

interkin3tic (1469267) | more than 4 years ago | (#29423269)

Prove that this will save lives as the drivers license does and I'm sure some politician will hurt himself rushing to say it in front of a camera.

Re:internet licence (2, Insightful)

neumayr (819083) | more than 4 years ago | (#29423389)

It should be illegal to speak in public without some formal education in psychology and rhetoric.
Some kind of attitude test might be a good idea too.

George Delorean (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29423209)

Best wallpapers website http://www.wallpapersmania.ro/

They also let you online with no firewall (0)

Anonymous Coward | more than 4 years ago | (#29423229)

These are the same ISPs that supply you with a dumb modem with no firewall or firewall disabled by default and have no compunction in letting users online with unpatched PCs.

Principle vs. Practicality (1)

paper tape (724398) | more than 4 years ago | (#29423257)

In principle, I'm against the idea of ISPs doing this due to the slippery slope argument - that they will start with "Malware" and move on to other types of traffic that someone decides is undesirable.

For practical reasons, I'm all for it, if it can be done well - it will basically shut down botnets and most spam if it becomes widely adopted, as eventually ISPs that don't adopt it will become havens for malware sites and home to the remaining botnets - at which point, their upstream providers will shut off their access if they refuse to clean up their traffic.

Self Protection (1)

rossi (5437) | more than 4 years ago | (#29423279)

Back in the day, Demon Internet in the UK would check for open relays and port block if one was found. The only reason I know this is the numerous entries in my Linux server at the time. I did speak to one of the tech guys who gave me a run down on what they did. I've no problems with an ISP monitoring and protecting itself.

Verify and notify before you disconnect (4, Insightful)

erice (13380) | more than 4 years ago | (#29423329)

My otherwise stellar ISP has a "shoot first, ask no questions security policy"

It is frustrating to lose access to my home server while at work and not be able to do any troubleshooting because I need physical access to the machine.

It is quite maddening to finally get home, verify that there is nothing wrong on my end, call up support and (eventually) find out that I've been deliberately disconnected because of a security problem that doesn't exist.

Microsoft's response (5, Interesting)

AnalPerfume (1356177) | more than 4 years ago | (#29423347)

EVERY country needs to be doing this, and not making it voluntary either. Any problem on the internet affects everyone connected to it. Cutting off PCs in one country has limited effect in isolation. Considering botnets are an exclusive Windows problem, Microsoft should be forced to pay for the scheme too. It's their mess after all.

I'm curious about how MS will respond to this if it comes into being. On one hand they'll lose a large number of users, after all, does anyone outside the MS camp really believe that it's not gonna be 100% infected Windows PC's that will be affected? What will MS do?

Will they offer discounted or free vouchers for repairs, upgrades etc? How many of these machines will be unlicensed? Will they pay to fix unlicensed copies of Windows if the owners either have no money to spend on a sticker with a number on it? In the current economic climate you can't blame them. Is a subsidy to clean the PC worth the ISP's time and hassle knowing it'll be infected again by the end of the week at the latest, and they'll have to repeat the same warning and threat of disconnection all over again. Will they provide paid anti-malware software? Who pays for all of this? Will they provide training for Windows users to at least give them a chance of having a few months online without a letter?

This would reflect badly on MS in any free press, even having to be the only ones to offer fixes is embarrassing enough. Given that MS control the mainstream media it'll go unnoticed as far as PR is concerned, but it's yet one more thing eating into their profits at a time where they're struggling.

The alternative is to lose a large number either to Linux, or off the internet altogether. Anyone who's had the internet for a while knows what it's like when it goes down for a few hours, will those people really decide the internet is not worth it?

I'm guessing the great philanthropists and all round nice people at MS are busy lobbying at every level to stop this from happening or at least water it down (notice the ISPs are being "asked" not "told"). They need to keep market share by any means necessary, ideally without spending a cent on it. The rest of the world can suffer as long as MS's interests are not hurt.

Given that Windows has all the security of a paper tank in a thunderstorm this will be hilarious to see the workload the scheme entails, and over time the number of Windows PCs in Australia still connected because they're NOT infected. They will drop like flies. Give it a few years and it'll be a Windows free zone.

Re:Microsoft's response (2, Insightful)

Norsefire (1494323) | more than 4 years ago | (#29423481)

Given the story a few days back about the Linux botnet, and this [slashdot.org] story a few months ago about the Mac botnet ... The real problem is education, idiots will be idiots no matter what platform they use.

Re:Microsoft's response (5, Insightful)

jimicus (737525) | more than 4 years ago | (#29423499)

Oh come on.

90% of security holes that have been exploited in the last few years are sitting on the chair in front of the computer. Even if Windows were to evaporate overnight and everyone using it were magically switched to a Mac or to Linux, inside a few weeks you'd see malware pop up which has Apple logos and Linux penguins and makes reassuring noises while insisting it really does need your password.

I'll tell the sales guys to get moving to Oz (0)

Anonymous Coward | more than 4 years ago | (#29423391)

Full disclosure: I work at Quarantainenet

I'm sure the sales guys would be happy to get some ISP's sold on Qnet [quarantainenet.com] to help 'em isolate those malware-infected PC's.
... plus grab a tan and do some surfing, weather's probably a lot better there than in the cold & wet Netherlands ;)

Car Inspection (1)

zlel (736107) | more than 4 years ago | (#29423561)

Why not make it compulsory to get networkable devices certified to be malware-free every year just as cars need to go through statutory vehicle inspections? If bandwidth is such an important resource, shouldn't we consider networkable devices to be potentially dangerous and perhaps consider the idea of requiring a license for ownership?

Kick the Windows boxes out. (1)

miffo.swe (547642) | more than 4 years ago | (#29423605)

I think while pretty hard on the innocent users this proposition could be good for the internet. If users of unsafe OS are punished there will be atleast some incentive to push better security. Right now security is all about lipservice and PR. It will also force people who dont upgrade off the net and make them aware that their computers has been breached.

The marginal effects are pretty big but hopefully people will go after the OS/applications vendors for better security.

Opt in for the user (1)

arazor (55656) | more than 4 years ago | (#29423635)

How about an opt in for the user. The ISP would discount the rate in exchange for them monitoring their clients connection for suspicious activity.

Just my 2cents.

sniff and tell (0)

Anonymous Coward | more than 4 years ago | (#29423671)

If my ISP detects 10,000 of their customers' machines trying to connect to a single 'residential' machine on another ISP, why shouldn't they do something about it? Back in the early '90's, I would send a list of 'infected machines' to abuse@bellsouth.net about once-a-month. The list included IP Address and timestamp, and if it was obvious, the virus name. As far as I could tell, NOTHING ever became of that information. I've been thinking, and I cannot recall a single positive reply from any message sent to abuse or technical contacts of ISPs.

When I used to work for [very big company], If I detected virus traffic trying to enter our facility coming from anywhere else in the company, I could pick up the phone, contact the company NOC, and (after the first time of having to demonstrate that I did in fact know what I was doing) get a tier-2 or tier-3 to check the connections in the WAN routers, and in less than 5 minutes, they would have pinpointed the offending facility/machine. They'd thank me, and I knew that the problem would be resolved. In fact, after the 3rd or 4th such call, I had a direct line to WAN engineering in FL and in IL.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...