Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Australian ISPs To Disconnect Botnet "Zombies"

CmdrTaco posted more than 3 years ago | from the want-braaaains dept.

Security 213

jibjibjib writes "Some of Australia's largest ISPs are preparing an industry code of conduct to identify and respond to users with botnet-infected computers. The Internet Industry Association, made up of over 200 ISPs and technology companies, is preparing the code in response to an ultimatum from the federal government. ISPs will try to contact the user, slow down their connection, and ultimately terminate the connection if the user refuses to fix the problem. It is hoped that this will reduce the growth of botnets in Australia, which had the world's third-highest rate of new 'zombies' (behind the US and China)."

cancel ×

213 comments

why not directly disconnect every Windows machine? (4, Funny)

Anonymous Coward | more than 3 years ago | (#30890778)

Not quite an accurate solution, but statistically close enough...

Re:why not directly disconnect every Windows machi (1)

gparent (1242548) | more than 3 years ago | (#30890824)

Because then no one would live in Australia.

Re:why not directly disconnect every Windows machi (1)

asdf7890 (1518587) | more than 3 years ago | (#30891614)

Because then no one would live in Australia.

If a few people move out, that would be a benefit. Don't they have a growing people vs resources problem over there, hence the relatively strict immigration rules?

(for the emotionally/intellectually deficient out there who need this pointing out: yes, I'm being facetious here)

Re:why not directly disconnect every Windows machi (4, Funny)

thinktech (1278026) | more than 3 years ago | (#30890840)

having a computer beneath the notice of hackers is a great idea. that's why I only post on slashdot using my web-tv console.

Re:why not directly disconnect every Windows machi (0, Troll)

JasonBee (622390) | more than 3 years ago | (#30890894)

Oddly enough that's close enough to a decent solution to work.

How about we START with that, and work our way back to allowing pre-vetted workstations back onto the interwebs. I like the idea of running a simple system checking script though a web browser based internet portal the same way you must login to a hotspot to gain access to the internet.

Make that kind of access a precondition for users who were deemed to be hosting malware/bots and go from there. Once confirmed as clean the portal requirement disappears. The portal software will have to be hosted by a non-profit with government oversight for obvious reasons.

Of course I'm OK if that software isn't particularly Mac compatible ;)

Re:why not directly disconnect every Windows machi (2, Insightful)

John Hasler (414242) | more than 3 years ago | (#30891314)

> Of course I'm OK if that software isn't particularly Mac compatible ;)

So you wouldn't mind being required to switch to Microsoft Windows 7? Because that is what your proposal would lead to.

Re:why not directly disconnect every Windows machi (1)

twidarkling (1537077) | more than 3 years ago | (#30892740)

Er, no. He's saying everyone should use linux. If you notice, he also says that disconnecting every Windows machine is a good idea. No Windows, no Macs, that leaves linux/BeOS/BSD/etc.

The 'why' of everything political (0)

Anonymous Coward | more than 3 years ago | (#30890994)

Microsoft's lobby wont allow this solution.

Give a discount to those running clean systems. (3, Funny)

Anonymous Coward | more than 3 years ago | (#30891098)

They don't need to disconnect bad users. They should just give a discount to users who are running secure operating systems that are more resilient to malware infections than Windows is.

For example, give OpenBSD users a 50% discount, since it's quite unlikely that their system will ever get infected or compromised. The same can probably be done for users using Solaris, NetBSD, FreeBSD and commercial UNIXes.

Linux and Mac OS X are more widely used than the aforementioned systems, so the chance of them getting compromised is greater, although still virtually non-existent. Give such users a 25% discount.

Assume that the latest version of Windows is somewhat immune. Give Windows 7 and Windows Server 2008 users no discount. That is, they pay the base rate.

Assume that older versions of Windows have been compromised. Give them a negative discount. A Windows XP user pays an extra 25%. A Windows 9x user pays 50% more.

Nobody needs to get disconnected this way. Disconnecting people from the Internet over something they're not willingly doing is completely absurd, and in may ways should be considered criminal in the Western world.

Re:Give a discount to those running clean systems. (0, Flamebait)

poetmatt (793785) | more than 3 years ago | (#30891182)

I've never heard people suggest that before, but the idea of "using open source = discount on your internet bill" is a good idea.

Do it in a very simple way: if you're not running windows or OSX, you get a 5% discount your bill. Some might differ on whether to put OSX in the "Do not run" category.

The rest is too discriminatory and too extreme.

Re:Give a discount to those running clean systems. (2, Insightful)

bickerdyke (670000) | more than 3 years ago | (#30891320)

Goog Idea. But will end up with "Give discount for anyone who installs a closed-source, windows-only Punkbuster-lookalike"

Re:Give a discount to those running clean systems. (2, Interesting)

asdf7890 (1518587) | more than 3 years ago | (#30891956)

I've never heard people suggest that before, but the idea of "using open source = discount on your internet bill" is a good idea.

Nope. Market for software/services to try make a Windows machine actively running IE look to the outside like a Linux machine running FF/Konq in 3... 2...

I see hitting people's wallets as a good ides in another case though. Some will take the being cut off as a simple inconvenience and will after reconnection continue to behave as before and get cut off again after a couple of months - lather, rinse, repeat. Charging them a reconnection fee the second and subsequent time might be extra useful encouragement.

Your discount idea might be good if reversed though: Give people 5% discount if they stay malware free for, say, three months. Maybe offering a higher discount after a longer period (10% after 12 months?). This would hopefully encourage careful behavior (behaviour is the key, not just software choice - someone who is fooled into runnin random crap that secretly sends out junk mail on a Windows box will be just as likely to run the Linux/Mac/what-ever equivalent) from the outset, and might be popular with the ISPs as a user retention policy (if you move, you have to wait the few months to get your discount back) if the discount is managed on a per ISP basis. In any case the ISP would have to be very careful to be sure that the traffic they see is a problem, that it is properly logged/recorded (being careful not to step on any privacy laws that may be in effect over there) and that there is some sort of appeals process in place in case the system somehow misidentifies the source of a problem, otherwise they might be opening themselves to compensation claims down the line - which is all starting to sound like far too much hassle to me...

Re:Give a discount to those running clean systems. (1)

poetmatt (793785) | more than 3 years ago | (#30892460)

I think it's harder to validate if someone is Malware free than identify what OS they're running via modem data, no? I keep thinking ICMP or nmap, but I'm sure there are legitimate ways since the ISP already has your data.

When I think of trying to identify malware, how would you know without inspecting packets? does malware consistently spam traffic? I would assume not all the time on that.

I'm merely being philosophical on this, as I don't know the answer: if you do, by all means, please answer.

Re:Give a discount to those running clean systems. (0)

Anonymous Coward | more than 3 years ago | (#30892296)

That is honestly the dumbest shit ever. It's not any better than Microsoft paying Dell to make them push Windows computers.

Re:Give a discount to those running clean systems. (4, Insightful)

dc29A (636871) | more than 3 years ago | (#30892646)

I've never heard people suggest that before, but the idea of "using open source = discount on your internet bill" is a good idea.

Do it in a very simple way: if you're not running windows or OSX, you get a 5% discount your bill. Some might differ on whether to put OSX in the "Do not run" category.

The rest is too discriminatory and too extreme.

There are people out there who are able to configure Windows to be as secure as *Nix or Mac OS. Why penalize them? Penalize the retards who run Windows/*nix/Mac OS as administrator. Penalize the retards who are infected with the botnet zombie 'du jour'. Penalize the retards who mindlessly click on every 'OMGZ YOU WIN IPOD TOUCH CLICK HERE PLZ!111!!!!!!oneoneeleventy!~one!' banners.

Re:Give a discount to those running clean systems. (1)

lwriemen (763666) | more than 3 years ago | (#30892220)

OS/2 and eComStation users should get a 75% discount!

Re:Give a discount to those running clean systems. (1)

hedwards (940851) | more than 3 years ago | (#30892568)

And yet we take away the license of people that drive in an irresponsible fashion. If you're not willing to take responsibility for your actions, or are unable to, then there needs to be some way of hammering home the damage that you're doing to the group. Just like those idiots that endanger everybody else by refusing to get vaccinated against serious illnesses.

In this case, sure it's not a life or death decision, but spam, phishing, malware, child porn, and other nastiness does ruin lives. Slowing the speed down to dial up, and possibly restricting the user from accessing anything other than tech support, would do wonders for cutting down on the massive waste of bandwidth. A couple years back malware was using 2/3 of the bandwidth, I shudder to think what it is now.

hackers dont care this is fun (1)

CHRONOSS2008 (1226498) | more than 3 years ago | (#30891824)

all this will do is create a lot of pissed off stupid people that get unleashed into the real world
rather then stuck in ther basements playing doom

HAHAH

Re:Why not just filter out the bot net traffic? (1)

StillNeedMoreCoffee (123989) | more than 3 years ago | (#30892824)

It just occured to me that if you can identify those computures that have Bot nets running, you have to be able to identify what that bot net traffic is. Why not just filter that out?

Re:Why not just filter out the bot net traffic? (1)

Lumpy (12016) | more than 3 years ago | (#30892934)

Simple! Fingerprint all users computer OS. block all Windows OS's.

Oh yeah, and my computer keeps playing a wav file that says.....

Brains............Need Brains.........

Damn windows updates!

P2P (0, Insightful)

Anonymous Coward | more than 3 years ago | (#30890814)

Will be the next "botnet" they'll fix.

Bad Precedent? (5, Insightful)

Anonymous Coward | more than 3 years ago | (#30890816)

I'd rather not have my ISP decide what is a "virus" or "inappropriate communications" thank you. If the users are consuming too much bandwidth then disconnect them on those grounds, but please don't set this precedent.

Re:Bad Precedent? (3, Interesting)

houstonbofh (602064) | more than 3 years ago | (#30891102)

Exactly what defines "zombie?" I am just betting p2p is in that list...

Re:Bad Precedent? (5, Informative)

v1 (525388) | more than 3 years ago | (#30891684)

They usually watch for excessive traffic on specific ports. Since the most immediately profitable use of a botnetted machine is spam, the majority of botnetted PCs are either running open mail relays or are themselves functioning as outgoing mailservers. Many ISPs (including two in my area) watch for excessive traffic going OUT on TCP port 25. Unless you are running a mailserver, your computer has no legitimate reason to send out over that port in volume. Most ISP mailservers are SSL nowadays anyway and are off port 25 so you don't even need to use that if you are connecting to your ISP's mailserver from off-network. (and many ISPs outright block port 25 outgoing from anything in their network besides their mailserver) Many ISPs react the same if your computer is listening on port 25 (acting as an open relay)

So if you are pushing megs (or gigs) a day every day on port 25, there's better than 99% chance your machine is botnetted. It doesn't take speculation to figure that out, and the odds of false-positives are very close to zero.

That said, I have no sympathy for someone that knows their computer has a problem that's causing other people grief. That's the most basic understanding of the problem that is given when your ISP gives you a phonecall or email saying you have a problem and need to fix it or we will cut you off. If you're too stupid to acknowledge this and take responsibility for fixing it, or just plain don't care, I'd much rather see you off the internet and out of my Inbox. If you don't care that someone else has violated you by hijacking your computer that's fine with me, until they start using it to violate me, and that's when I start having a say in the matter.

If you want a fun example to separate the computer from the problem, here's something easier to understand: ABC Construction company does building demolitions. They leave their explosives on site and not locked up. They keep getting their explosives stolen. OK I don't care about that, it's their loss. But then stuff around town start getting blown up and the explosives are easily traced back to you. That's when it's time for the police to come have a talk with you about securing your explosives. You do not have the right to continue leaving dangerous things so easily accessible that the public is constantly being hurt by them. Even if you want to ignore your moral responsibility for it, the public won't stand for it and you lose your say in the matter. You WILL secure your things or you WILL go away.

Another excellent example is how several states legally require you to have a lock on your anhydrous ammonia tanks to prevent theft and use in drug manufacture. Also, most universities now are requiring students to install AV software on their computers before they're allowed to use the campus net. Your precedents have already been set.

Re:Bad Precedent? (1)

mikael_j (106439) | more than 3 years ago | (#30891888)

...Many ISPs react the same if your computer is listening on port 25 (acting as an open relay)

Of course, practically all mail servers listen on port 25 since that's the standard port for receiving unencrypted incoming mail...

/Mikael

Re:Bad Precedent? (0)

Anonymous Coward | more than 3 years ago | (#30892218)

"Of course, practically all mail servers listen on port 25 since that's the standard port for receiving unencrypted incoming mail..."

Spammers don't need any incoming mail and surely are not so dumb to use port 25 for sending the stuff, but the port the local p2p population is using, to hide in the mass.

Re:Bad Precedent? (0)

Anonymous Coward | more than 3 years ago | (#30892428)

...Many ISPs react the same if your computer is listening on port 25 (acting as an open relay)

Of course, practically all mail servers listen on port 25 since that's the standard port for receiving unencrypted incoming mail...

Yes, but *your* computer shouldn't

Re:Bad Precedent? (1)

Lumpy (12016) | more than 3 years ago | (#30892950)

Most also listen on port 80 as well. simply to bypass the useless port 25 blocking that most ISP's use.

They need to disconnect them here too ... !!! (1)

Brigadier (12956) | more than 3 years ago | (#30893260)

This bot net crap has to stop, I wish they would do that here. Disconne.....{#`%${%&`+'${`%&NO CARRIER")

Stop tinkering with things they don't understand (-1, Flamebait)

NevarMore (248971) | more than 3 years ago | (#30890818)

Dear Austrailia,

Quit screwing around with the internet. The rest of the world is rather fond of you, but this is really trying our patience. If maybe you had STARTED with this botnet thing we'd respect what you're trying to do, but no. You started with "protecting the children" so kiss off.

Re:Stop tinkering with things they don't understan (4, Insightful)

Anonymous Coward | more than 3 years ago | (#30890892)

Quit trying to speak for the whole rest of the world. You are not qualifyied.

Re:Stop tinkering with things they don't understan (0)

Anonymous Coward | more than 3 years ago | (#30891188)

neither are you.

Re:Stop tinkering with things they don't understan (1)

hvm2hvm (1208954) | more than 3 years ago | (#30891702)

Nor am I.

Re:Stop tinkering with things they don't understan (4, Insightful)

liquidpele (663430) | more than 3 years ago | (#30890908)

Seriously? This needed to be done for all countries 10 years ago.

Re:Stop tinkering with things they don't understan (4, Insightful)

houstonbofh (602064) | more than 3 years ago | (#30891148)

Seriously? This needed to be done for all countries 10 years ago.

Assuming you trust them to stop at botnets and not include p2p, vpn, uunet, private mail servers out of the country, list servers, and other legitimate traffic.

Re:Stop tinkering with things they don't understan (1)

DreamsAreOkToo (1414963) | more than 3 years ago | (#30891734)

At college, the school did exactly this. They shut down every computer that was infected. If you get into a car accident on the highway, you might get your license suspended. So why shouldn't you be responsible for your actions online?

But at college, they also did all the things you mentioned. Also, the local police monitored the connections, because a week into the semester, the police came into my class to arrest a freshman for downloading things of an illegal nature.

Re:Stop tinkering with things they don't understan (0)

uberdilligaff (988232) | more than 3 years ago | (#30893112)

I doubt that the police were monitoring your college network -- they lack the skills, access,and motivation to do so. The police have far more important things to occupy their time -- like running speed traps.

It is far more likely that the college admins discovered something nasty going on, which they then reported to police. If what they discovered was nasty enough, that could energize the police to make an arrest.

Re:Stop tinkering with things they don't understan (1)

StillNeedMoreCoffee (123989) | more than 3 years ago | (#30892448)

The major problem is to identify legitimate traffic vs. Botnet Traffic. We know there are filters that also catch the un-intended such as censorship black lists, no-fly lists, banned book lists. And if you look at the spam or the arms races or business, when a restriction is found, the criminal finds a way around it. In the meantime the fellow who's computer was taken over is taxed with the penalty of no connection and the time to fix it. This is a little like making a victim of a crime have to come in day after day and look at mug shots. Where the victim suffers not the criminal. Best of intentions aside, you have to look at where the costs are being placed. True the Bot nets effect businesses, some benefit, the ones who advertise with span and some that don't , their competitors or the general public that gets spam or the loaded email server owners. As for the DOS and other attacks, well thats just wrong.

What we really need is more clever anti crime hackers to ferret out these criminals, that is where the money should be going. Seems like this play is just a confession that they don't have effective ways of traking these things down yet.

Re:Stop tinkering with things they don't understan (1)

c-reus (852386) | more than 3 years ago | (#30891336)

agreed, as long as the definition of "zombies" will only include the actual zombies.

Re:Stop tinkering with things they don't understan (1)

bernywork (57298) | more than 3 years ago | (#30891164)

Mark me as flamebait if you like, but this was started by the Internet Association, so chances are they probably have a pretty good idea on what they are doing. They would have buy in from their staff to be able to get this one through, their staff are probably sick of having to deal with all the SPAM complaints and everything else from these hosts. They probably have an even better idea on what they are doing to their network than what you do.

Could it be a Good Thing to prune some leaf nodes? (2, Interesting)

LordWill (611759) | more than 3 years ago | (#30890826)

What would happen if those ISPs notice increased profit and customer satisfaction (overall) when they are paying less for resources used up by bots? (Assuming they don't have problems with false-positives or find far too many customers being cut off, etc.)

Free botnet removal support? (2, Insightful)

Drethon (1445051) | more than 3 years ago | (#30890846)

Its not like everyone knows how to (and in some cases cannot afford to hire someone to) remove botnets from their machine. I hope the ISPs will provide this kind of support as part of standard service before they consider disconnecting users...

Re:Free botnet removal support? (1)

icebraining (1313345) | more than 3 years ago | (#30891278)

Many shops 'round here reinstall Windows and your apps (keeping your personal files) for 40. I doubt you can't find similar services in Australia.

Re:Free botnet removal support? (2, Insightful)

amorsen (7485) | more than 3 years ago | (#30891488)

If they can't afford to keep their machine clean, they don't go on the Internet. Sucks to be them. They don't get to pass on the cost of their mistakes to everyone else, like they do if you just keep their connection alive.

Yes I work for an ISP. Yes that's in our terms and conditions.

Re:Free botnet removal support? (3, Insightful)

gmuslera (3436) | more than 3 years ago | (#30892658)

Then don't disconnect zombies. Redirect any request from those IPs to a web page that explain the situation and why that computer shouldnt be in the net for their own good, and have as direct download most typical cleaning and other essential at that stage applications, and maybe listing local companies that do the cleaning if the person dont want to fresh format.

Re:Free botnet removal support? (1)

Drethon (1445051) | more than 3 years ago | (#30892940)

This I like

Who will fix the problem? (4, Insightful)

ATestR (1060586) | more than 3 years ago | (#30890872)

if the user refuses to fix the problem

The users who are likely to be infected by a bot are the least likely to be able to "fix the problem".

Re:Who will fix the problem? (4, Insightful)

MrMr (219533) | more than 3 years ago | (#30891014)

Being unwilling to learn, or unwilling to ask someone who does know, would still qualify as refusing to fix the problem.
Here's a car analogy for you:
The users who are likely to crash by failing breaks are the least likely to be able to repair their own brakes...

Mod parent up (1)

symes (835608) | more than 3 years ago | (#30891292)

This is the deal - it is about responsibility, about being a part of a community. Behaving in a way that harms other users, whether it is the road, the internet or anything else for that matter, is frankly wrong. The internet wouldn't be here if it wasn't for other people participating in this network. We therefore have a right to expect, in return for our participation, acceptable behaviour. If you don't like it - go build your own internet.

Re:Mod parent up (0, Troll)

idontgno (624372) | more than 3 years ago | (#30892076)

But, extending the car analogy earlier, a great proportion of the Internet "community" consists of poorly-maintained, poorly-driven SUVs with huge "Why, yes, I DO own the road" bumper stickers.

The Internet community disappeared on the first day of Eternal September [wikipedia.org] , in 1993.

Seriously. The car analogy is strikingly apropos of the societal problem. If people are selfish, distracted, road-raging boors in self-propelled road-hazards on real roads, where you can (and SHOULD!) look out through the windshield at your probable victims... where your real identity is just one license-plate lookup away... and where there is real law enforcement with real laws to enforce just patrolling around looking out for you to misbehave... how much worse will it be, when it's just you, the Intarwebs, and a grillion MyFace "friends" that you will really never meet.. where you work under the assumption of fair anonymity and no law enforcement (perhaps a mistaken assumption, but not really obviously so for most)...

It's a miracle the Internet works at all any more.

Re:Who will fix the problem? (1, Offtopic)

Tim C (15259) | more than 3 years ago | (#30891980)

I don't know about the situation in your country, but here in the UK any car over a certain age undergoes mandatory regular testing (the MOT), which is designed to check the road-worthiness of the car. These tests are paid for by the owner of the car, and not having a valid MOT certificate brings all sorts of problems (not least of which is that it invalidates your insurance).

Perhaps the same should be true of PCs? Since we're equating poorly maintained cars with poorly maintained PCs.

Re:Who will fix the problem? (1)

StillNeedMoreCoffee (123989) | more than 3 years ago | (#30892786)

I agree that the car analogy is has some merit. But is incomplete. It is more like someone is driving around with a car with a manufacturing flaw that is not obvious. You don't see that the brake is not working. When you brake everthing works fine, when you accelerate everthing if fine, maybe a little slow but fine. What you don't know is that someone is using part of your trunk to transport drugs, because the lock was made such that they could open it up and put it in, open it up and take it out without you being aware. You should not have to be an automotive expert to own and use a car, you should not have to be a security expert to own and use a PC on the internet. There are manufacturing defects that are being exploited. Just like the auto industry we have product recalls to fix problems.

Notifying someone that their PC has a problem, and there should be free fixes offered by the manufactures of the software and OS's that are at fault. Yes, even for older systems they no longer support. But cutting someone off the network seem Draconian and putting blame in the wrong place.

What should happen is when a Botnet, or the like, is found, the manufacture of the exploited software should be required to contact the individual and at no charge fix the problem within a reasonable time frame. That gets a little confused if the cuplrit is Open Source, but I think the Open Source community would step up and provide the fixes required and at no cost.

  Put the blame and responsibility to fix things where they belong. Well actually, catching to Sons of Bitches that are running those nets is where most of the effort should go.

Re:Who will fix the problem? (3, Insightful)

gad_zuki! (70830) | more than 3 years ago | (#30891194)

Who cares? He owns it, its his responsibility to fix it. Pay someone if he cant figure it out and stop clicking on NAKED_PHOTOS.EXE or doesnt understand why he should be doing those Microsoft updates. Should we also coddle drivers with unsafe cars because they arent mechanics?

Its only when there's a financial incentive to keep a machine patched and thinking before clicking that people will begin doing so. Or switching to OSX or Linux. The status quo of not taking responsibility for your own computer isnt sustainable and isnt helping anyone.

Re:Who will fix the problem? (2, Insightful)

Syberz (1170343) | more than 3 years ago | (#30892812)

OK, I just had to jump in here. I'm tired of the people who say "Switch to linux and the spam/virus/worm problem will be solved!". It wouldn't solve sh*t! The spammers and virus/worm makers would just develop for the new platform, and the only reason that Linux is so secure is that the malware devs aren't developping payloads that attack it.

Re:Who will fix the problem? (1)

John Hasler (414242) | more than 3 years ago | (#30891228)

> The users who are likely to be infected by a bot are the least likely to be
> able to "fix the problem".

Unplugging the computer fixes the problem.

so what? (2, Insightful)

circletimessquare (444983) | more than 3 years ago | (#30891328)

everyone talks about their rights, but few speak up about their responsibilities

if people don't live up to their responsibilities, they lose their rights. not as a matter of some government mandate, but as a simple logical, natural consequence of ruining things- the internet, safe roads, a healthy economy, etc., for other people

Re:Who will fix the problem? (1)

greenguy (162630) | more than 3 years ago | (#30891342)

This is correct. I know plenty of people who are clueless about security, and computers generally (I'm thinking of the ones who ask me "Do I have Adobe on my computer?"), but I'm not prepared to tell them they have to stop using them until they become experts. The real solution here is to offer proactive solutions. The ISPs could provide them for free (including house calls) and probably still come out ahead financially.

Re:Who will fix the problem? (0, Troll)

david.emery (127135) | more than 3 years ago | (#30891574)

The users who are likely to be infected by a bot are the least likely to be able to "fix the problem".

True... But this is where frankly I'd like to see Microsoft, in particular, -pay up- to provide fixes for such machines. As a strawman: Microsoft provides tools and training, and then the end user pays a relatively low fixed fee to get his machine deloused before it can be put back on the net.

Re:Who will fix the problem? (1)

houghi (78078) | more than 3 years ago | (#30891736)

I am not able to fix my car and yet the governement wants me to have things safe for others. I doubt that I can use that as an excuse driving around in a car that is not up to the standard that they demand.
I believe there is a difference between fixing it and fixing it yourself.

Re:Who will fix the problem? (3, Insightful)

stirz (839003) | more than 3 years ago | (#30891878)

Well, at least the intended mechanism will make sure that people notice that their PC is abused. Furthermore, it imposes pressure on people to care about some basic security measures. I think, many of them will soon take care - in whatever way. But if they refuse to realize that their data is in trouble and that they are (passively) involved in online crimes, why not shut down their net access? Someone who does not exactly know what to do will know the shop where (s)he bought the equipment or even a local shop that offers paid support - there is no excuse in that case.

I've made some similar experience on my own some years ago while living on campus connected to a network of about 1,000 machines. The admins enforced a "three strikes" directive: if someone's machine was spreading viruses via internet access or via FTP/SMB shares or misbehaved in other ways (disturbing the DHCP and break-in attempts on internal servers, mainly), (s)he got a notice in her/his (real life!) post box to stop misbehaving/to fix the computer. As I recall, the note contained a paragraph offering help in case people weren't able to cope with the problem themselves. They only had to block less that 10 Machines during the time I lived there (4 years, approx.), as people really reacted quickly and we could even observe a (small) learning curve because new inhabitants mostly were briefed by their neighbours shortly after they had moved in.

So: Go ahead, Aussie ISPs! That's definitely the way to go - and to further sysadmin appreciation, but that's a different piece of.....

Re:Who will fix the problem? (1)

Hurricane78 (562437) | more than 3 years ago | (#30892654)

It’s called “natural selection”. It’s supposed to work that way.
Either you wise up, or you die. Simple as that. Look it up.

Re:Who will fix the problem? (0)

Anonymous Coward | more than 3 years ago | (#30893022)

Exactly. Disconnecting compromised machines is useless. What will happen is that the user will pay $$ to some techie to repair their computer, only to be infected again the next time they click on that marvellous big flashy dick jumping on a green table after losing 100kg in a week and getting ripped at the same time with the big caption that says "You are the winner!".

The only sane thing to do is teaching people how that thing on their desk actually works. But then they would understand that firewalling pedopirateterrorist sites is useless, and that would be bad.

Privacy (0)

Nerdfest (867930) | more than 3 years ago | (#30890884)

As much as I'd love to have these machines disconnected, I don't think ISPs should be looking at the content of any connection. from my perspective it's about the same as the phone company disconnecting me for spreading untrue rumours.

Re:Privacy (5, Insightful)

DavidTC (10147) | more than 3 years ago | (#30890918)

Actually, it's more like your phone company disconnecting you for repeatedly making prank calls.

Which, in fact, they will.

Re:Privacy (2, Interesting)

Nerdfest (867930) | more than 3 years ago | (#30890960)

They don't discover that by listening in to content though. They do it after there have been complaints.

Re:Privacy (3, Informative)

Volante3192 (953645) | more than 3 years ago | (#30891272)

They don't discover that by listening in to content though. They do it after there have been complaints.

And you don't think ISPs have been getting complaints about spam?

Re:Privacy (1)

amorsen (7485) | more than 3 years ago | (#30891570)

Not entirely true. Most phone companies have anti-fraud systems and will detect and possibly disconnect you if you suddenly make 1000 times as many calls as usual. Compare with making a thousand new connections a minute to TCP port 25.

Re:Privacy (1)

NoNeeeed (157503) | more than 3 years ago | (#30892110)

I think it's more like the water company investigating you because your oil tank has a leak which is going into the local water supply.

I think this is a really good thing, and it would be nice to see it being done more.

Most of the time all that's needed is a bit of education and a virus/malware scanner. Most people spewing this crap don't even know they are doing it, so letting them know is doing them a favor.

New definition of zombies (0, Troll)

Arancaytar (966377) | more than 3 years ago | (#30890932)

This is a perfect opportunity to get that pesky free speech done away with. Just declare every kind of government-critical information a "misuse of computers", and you can institute a quarantine on any "zombie" computer being used to distribute malicious "anti-government spam". It's such an awesome plan that I feel the urge to cackle.

Re:New definition of zombies (0)

Anonymous Coward | more than 3 years ago | (#30891108)

Except this is an industry code of conduct not government legislation. Perhaps you get disconnected for pointing out that gigabyte bandwidth plans are not using correct size gigabytes.

Re:New definition of zombies (1)

gad_zuki! (70830) | more than 3 years ago | (#30892306)

Cue crazy guy who thinks ever business proposal is a conspiracy by the government to "finally" get him. Err, if they wanted you, you'd be in a jail cell. No need for some business regulations about zombies to make it look legit(?)). Also, I think your tin foil hat is looking a bit crooked. Some alpha waves might be getting in!

Re:New definition of zombies (0)

Anonymous Coward | more than 3 years ago | (#30893236)

Except the Australian government has been pursuing ways to introduce internet filtering for a long time. Have you seen the news?

Australia - The Most Racist Country on the Planet (-1, Troll)

Anonymous Coward | more than 3 years ago | (#30890940)

Google "Australia Racism". The attack any non-whites, and by attack I don't mean punch or shoot. No sir, the Australians like it Taliban style, cutting living
humans with knives. They like to see blood when they kill.

Here's another URL:
http://news.google.ca/news?oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&q=australia%20racist&um=1&ie=UTF-8&sa=N&hl=en&tab=wn

So I am not surprised that their ISPs are acting in a fascist manner.

Just avoid the crappy place ... stay away from racist Australia.

Open invite to hackers: Come steal our stuff!! (3, Interesting)

Anonymous Coward | more than 3 years ago | (#30891036)

This SOUNDS like a good idea in theory, but what will end up happening is that Hackers will start to send fake notices to Australian users and will easily be able to trick people into giving personal information (ie account numbers, CC numbers, ect.) by claiming to be from the government and/or ISP. They need to create some sort of control around this, but I only see it causing problems....

Re:Open invite to hackers: Come steal our stuff!! (3, Insightful)

imroy (755) | more than 3 years ago | (#30891566)

...will easily be able to trick people into giving personal information (ie account numbers, CC numbers, ect.)

I don't know why the emails would ask for personal information. I can however see this as a great opportunity for virus emails: The government has noticed your computer is infected and sending out spams. Now run this attached executable to remove it.

Re:Open invite to hackers: Come steal our stuff!! (0)

Anonymous Coward | more than 3 years ago | (#30891662)

Sounds like a great idea. I’d call it “cleaning out the cruft”.

Re:Open invite to hackers: Come steal our stuff!! (1)

QuantumRiff (120817) | more than 3 years ago | (#30892162)

Um, use the telephone, or Certified letter?

Sad, isn't it? (2, Insightful)

bbbaldie (935205) | more than 3 years ago | (#30891172)

Buy a computer and/or a supposedly secure operating system, and then, unless the customer proactively protects against security breaches, they won't be allowed on the internet. Pardon me, but isn't protection against security breaches the OPERATING SYSTEM'S JOB???

Re:Sad, isn't it? (3, Insightful)

arotenbe (1203922) | more than 3 years ago | (#30892038)

Pardon me, but isn't protection against security breaches the OPERATING SYSTEM'S JOB???

Partially, but it isn't the operating system's job to stop the user from being an idiot. If you want to run executables from suspicious websites, that's your right. And if the rest of the world wants a device to stab you in the face over the internet, that's their right, too.

Re:Sad, isn't it? (1)

BradleyUffner (103496) | more than 3 years ago | (#30893074)

No, the operating system's job is to manage memory allocation, physical devices, and manage scheduling of threads and processes.

What does this mean? (1)

Antony-Kyre (807195) | more than 3 years ago | (#30891218)

The code states ISPs should cut off internet access only in the "most extreme of cases", when a customer had refused to install anti-virus software, or where the amount of spam being sent from the customer's account was clogging up the network.

Does that mean they will cut off users who simply don't have an AV program, even if they're not infected?

Re:What does this mean? (1)

Farmer Tim (530755) | more than 3 years ago | (#30891682)

If there are no signs of botnet activity from a computer, how would they know it doesn't have AV software? Something tells me ISPs aren't going to devote resources to asking their customers just in case...

What if (0)

fran6gagne (1467469) | more than 3 years ago | (#30891254)

What if I want to keep the botnet feature on my computer and use the Internet?

Re:What if (0)

Anonymous Coward | more than 3 years ago | (#30891420)

What if I want to catch swine flu and sneeze in your face?

Re:What if (0)

Anonymous Coward | more than 3 years ago | (#30891472)

It doens't matter, if you connect to IRC you are a botnet. Everyone knows that only zombies use IRC chat anymore.

Finally (1)

crossmr (957846) | more than 3 years ago | (#30891454)

I've been calling for this for years, on Slashdot and other venues. ISPs do monitor suspicious behaviour. I can remember many many years ago when I was much younger and playing around with netbus and scanning the default port 1234 with it for about 20 minutes. The next day we got a call from the ISP asking if everything was okay.

There is no reason that a reasonable profile can't be built to detect standard bot activity and customers notified if this kind of behaviour has been noted coming from their connection. They can either explain it if its justified or end up disconnected if they can't explain it and won't do anything to stop it.

I don't think P2P would end up fitting any standard profile as it seems to be the most common things we hear about bots are spam and denial of service attacks. Neither of which should really look like P2P.

I would hope if it goes well in Australia other countries will pick it up and if some countries turn into havens for bot net operates and refuse to disconnect them perhaps other countries will just shut them off entirely until they agree to play nice with the rest of the internet.

There is no reason ISPs can't have a list of currently blocked users redirected to a page with free AV/recent definitions, and step by step instructions on how to run them all to clean off their machine. Once the user has done so, they can be removed from the list and free to go back out and click on every shiny icon they can find.

The DIY Dilemma (1)

byrdfl3w (1193387) | more than 3 years ago | (#30891594)

Before they are finally disconnected, most average (i.e not /.) surfers will quite possibly use their remaining Internet time trying to figure out why their connection is slowing down, first trying a few simple search queries - which, combined with a short attention span and an uncontrollable desire to click on anything that flashes, will then lead them willingly into a morass of dodgy, bot-laden sites, further infecting themselves, their connection finally grinding to a halt so that they are unable to check that email from their ISP that they neglected to look at a month ago..

--
If at first you don't succeed, cheat.

Criteria (3, Insightful)

lattyware (934246) | more than 3 years ago | (#30891674)

Botnet - Collection of computers using large amount of bandwidth.
Largest Botnet - BitTorrent
ISP - "Job's a good 'un lads, let's go home."

Re:Criteria (0)

Anonymous Coward | more than 3 years ago | (#30892074)

I think some requirements for being bot software should be that the user is unaware of its existence, and did not deliberately install it, and will lose no useful functionality if it is removed.

DNS redirect? (1)

Nukenbar (215420) | more than 3 years ago | (#30891778)

I usually hate messing with a protocol, but this sounds like a good use of a DNS redirect. When a user is deemed infected by whatever measure they decide, have the first web-page that the user brings up a re-direct to an ISP warning page with info on how to cure the problem.

I suppose if the user refuses to do anything about it you could cut him off after a month or so.

Re:DNS redirect? (1)

LikwidCirkel (1542097) | more than 3 years ago | (#30892154)

The problem with this approach is that the kind of user who would be high-risk of being a bot would not be able to tell the difference between a legitimate warning, and a malicious, fake anti-virus ad, which such users are sure to see many of.

Re:DNS redirect? (1)

Volante3192 (953645) | more than 3 years ago | (#30892294)

Whenever this has happened to me (when the person in charge of the bill forgot to pay it on time), the redirect page includes a phone number which is the only way to continue making progress with the issue.

If you're the sort who clicks on the fake warnings, eventually (with this method) the ISP will give you the real redirect page that fails to include any links.

Uk ISP's have done this before (1)

hairykrishna (740240) | more than 3 years ago | (#30892138)

At the height of the blaster outbreak a few UK ISPs cut off blaster infected PC's and redirected to a 'clean up your PC' page.

Will this be abused? (1)

H4x0r Jim Duggan (757476) | more than 3 years ago | (#30892180)

What checks are in place to prevent this being used as an excuse to take down "toublesome" sites?

I mean, computers that are part of the Tor privacy network, or part of freenet, or bittorrent servers, or used by contributors to Wikileaks.

Re:Will this be abused? (0)

Anonymous Coward | more than 3 years ago | (#30892392)

If email spam is being forwarded through Tor, users should be cut off anyway.

yes sir mister policeman (2, Insightful)

troll -1 (956834) | more than 3 years ago | (#30892222)

Sounds like another case of politicians regulating something they don't understand. Define botnet.

Good idea if implemented properly (2, Insightful)

russotto (537200) | more than 3 years ago | (#30892412)

ISPs should be disconnecting zombied machines. The catch is they need a test which catches most zombie machines while not catching any non-zombies, and most ISPs are neither competent enough nor interested enough to do so. If their procedure has systemic problems which disconnects non-zombies, then the cure is worse than the disease.

I think this has already been done in finland. (4, Interesting)

Oasiz (1017554) | more than 3 years ago | (#30892630)

I didn't completely RTFA, but.. If this works anything like the same way it does in here, it basically redirects you to a generic page where you can download virus / etc checks and fix your system. You can't simply reach other places (or no connection with other protocols) in that state. The ISP has basically just IP blocked you at that point (other systems under the same connection function like normal). The ISP also re-checks your system every hour or two to see if the issue has been resolved. This is also explained in the page with more detail. If it follows the same formula then I am all for it due to it working flawlessly so far. No false alarms so far in my rather heavy use. Oh yes, and I first ran into this on 2004.

Block the abused ports first, or firewall them (2, Insightful)

davidwr (791652) | more than 3 years ago | (#30892724)

Don't disconnect them. First, only block the ports being abused. If that doesn't work, confine them to a "walled garden" that tells them who to call and fix the problem. Then when the do call, help them fix the problem.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...