Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Australian Cybercrime Enquiry Report Released

CmdrTaco posted more than 4 years ago | from the i-bet-they-hate-crocodile-dundee dept.

Government 81

An anonymous reader writes "The Australian Government Standing Committee on Communications has released the results of a year long enquiry into cybercrime in a report titled Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime. This report includes a recommendation that Internet Service Provider customers should be forced to install anti-virus and firewall software on their computers as part of their contractual obligations. The Australian Communications and Media Authority receive further powers and responsibilities under the recommendations with respect to shutting down websites hosting malicious content and ensuring that infected consumer devices are disconnected from the Internet."

Sorry! There are no comments related to the filter you selected.

Taking the piss (1)

bbqsrc (1441981) | more than 4 years ago | (#32653704)

The Australian Government is surely just taking the piss now. Honestly. What else can they say other than "the binary is COMING ALIIIIVEEEEE"? That would probably be a step up from Conroy's ramblings anyhow.

Re:Taking the piss (0)

Anonymous Coward | more than 4 years ago | (#32653820)

Is there a way to tape Conroy when he talks and then play it back to him? Surely not being able to hear himself is the problem...

Re:Taking the piss (1)

crafty.munchkin (1220528) | more than 4 years ago | (#32660260)

His head is so far up his arse he can't hear the people screaming at him, or for his blood, or even politely telling him his idea's are retarded, let alone hear himself...

Re:Taking the piss (2, Informative)

heathen_01 (1191043) | more than 4 years ago | (#32653824)

and ensuring that infected consumer devices are disconnected from the Internet.

Sounds like there are some reasonable suggestions in there.

Re:Taking the piss (1)

commodore64_love (1445365) | more than 4 years ago | (#32654104)

I disagree.

Antiviral software and firewalls slow-down computers. Perhaps if you have 4 gigabytes and a dual 3000 megahertz CPU you don't notice, but for my 2000 MHz P4 and 1/3 gig machine these programs make the system run slow. So I don't run them (except the occasional cleaning which always turns-up nothing).

Re:Taking the piss (1)

heathen_01 (1191043) | more than 4 years ago | (#32654168)

I can't argue with that, however how does that relate to disconecting infected machines?

Re:Taking the piss (1)

HungryHobo (1314109) | more than 4 years ago | (#32654804)

Disconnecting infected machines? maybe, it would force virus writers to be a little more stealthy at the very least.

My problem is with:

"require all subscribers to install anti-virus software and firewalls before the Internet connection is activated"

I don't use an antivirus scanner.
I haven't for over 2 years yet when I have done the occasional scan(online scanner etc, just as a metric) to check every now and then.
I believe I haven't caught any viruses in that time.

AV scanners are an example of Enumerating Badness, detecting modern polymorphic viruses is NP-Hard and in short is a losing game.
I protect myself by having an ounce of sense and avoiding common routes of infection and keeping my software up to date.
This appears to work much better.

They're mandating people use an ineffective form of security.

Re:Taking the piss (1)

halowolf (692775) | more than 4 years ago | (#32660810)

I don't use virus scanners either. I have used a firewall, install updates and common sense to protect my computer as well. But then I know what I'm doing. its a bit like punishing the victims rather than the perpetrators of crimes. I can understand the point of view though, I've cleansed many a virus from friends/family PCs over the years and mandating something to be done by all users to decrease the impact would look like an attractive proposition, but really how is something like that going to be policed? What invasion of a users PC will be required to determine that it is adequately protected before access to the internet is granted.

Having had a number of bone headed customer support people "help" me I would imagine that people who are adequately protected get denied access because they are not using a "recommended" product as decided by their ISP. I could easily imagine ISPs getting deals with security vendors to push their products and then users of that ISP being required to use those products to get their service while the ISP and security vendors use it as an opportunity to get some revenue they would not otherwise get. But perhaps i'm just cynical.

Re:Taking the piss (1)

HungryHobo (1314109) | more than 4 years ago | (#32668310)

Oh ya.
I've seen some nasty cases, a funny one was someone really paranoid who had installed multiple AV scanners and was then puzzled why the machine was completely fucked and took forever to boot up.

Some of the stores round here push Bullguard because they get a good commission- a complete piece of crapware, harder to remove than most viruses.
Many a machine with that crappy antivirus I've seen.

Re:Taking the piss (1)

commodore64_love (1445365) | more than 4 years ago | (#32657118)

>>>how does that relate to disconecting infected machines?

That's not what the article said. The article said the government (via the ISP) would disconnect any machine, even healthy ones, that were not running antivirus and firewall software. They are using force upon citizens, as if they were serfs.

The mythical Orwell plug-in (1)

TapeCutter (624760) | more than 4 years ago | (#32663086)

"They are using force upon citizens, as if they were serfs."

Not really, some academics were commisioned by a government committe to come up with recommendations, traditionally these sort reports list every strategy they can think of, they make great slashdot headlines but are ignored by the government (except for the one recommendation they asked for during a golf game). As anecdotal evidence for that claim; I have been reading stories on slashdot about how both right and left wing Aussie communications ministers are implementing an Orwellian internet "any day now".

Think about it in "bread and circus" mode; Conroy has served almost a full term as comms minister and his filter is still nothing but an empty promise/threat. Before that the people on the other side of the house, (who are now filtering his filter from the law books), were just as adamant they would introduce a mandatory filter and just as unsuccessful because Conroy's mob filtered it out of the law books. If there was any real politcal will behind all this "clean up the net" rhetoric we would have had the Orwell plug-in installed circa 1997. But that will never happen because once they take on resposiblity for policing the net then all of a sudden it's the governments fault that someone's little princess was exposed to tub girl, much better for politicans on both sides to behave in their normal manner, ie: perpetually shocked, outraged and ineffectual.

Re:Taking the piss (1)

dov_0 (1438253) | more than 4 years ago | (#32659192)

Anti-virus software doesn't slow down a computer anywhere near as much as a couple of trojans will!

Re:Taking the piss (0)

logjon (1411219) | more than 4 years ago | (#32654136)

That's not reasonable.

Re:Taking the piss (1)

heathen_01 (1191043) | more than 4 years ago | (#32654222)

Yes it is. [jumpstation.ca]

Re:Taking the piss (1)

shnull (1359843) | more than 4 years ago | (#32662646)

i personally scan my computer everyday when booting into windows. Yes, antivirus is a must but if they force ppl to install it, it has to be free and indeed as lite as possible. i have the topgrade core2duo cpu but the scanning slows down the computer at the harddrive. Also, a deep scan takes well over 30 minutes to complete. And more, if your virus definitions are 1 day old, you already have the chance at 0day malware, these ppl are very intelligent programmers and they keep it up to speed. But, disconnecting ppl just like that, i don't think i like that. My old man can't even burn a cd without assistance, so how the hell should he be held responsible if his machine gets infected ?

Re:Taking the piss (1)

bandmassa (951387) | more than 4 years ago | (#32686092)

I scan for viruses when I boot my Mac into Windows, but I gave up scanning my Mac under Mac OS X for viruses years ago. There are no viruses for Mac OS X. None that work anyway. So, the net result in my home, if an ISP required me to install AV software on my Mac is I'll make the case that Macs don't get viruses, and if they don't accept that, I'll keep looking for an ISP that does accept that as sufficient security. Failing that, I get enough internet on my iPhone, and the so-called "Walled Garden" is antivirus enough for anybody, surely.

Re:Taking the piss (1)

shnull (1359843) | more than 4 years ago | (#32688062)

i agree, i have to see the first linux virus appear on my pc as well

Re:Taking the piss (1)

imanners (450214) | more than 4 years ago | (#32654436)

I am embarrassed as an Australian, to have to admit that our Federal Government is serious about everything they have leaked, reported, and pushed over the past 3 weeks.

Can I be Russian instead now ?

Re:Taking the piss (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32655382)

Well it's not the Australian Government, it's a committee of the Australian Parliament, and I'm sure useless suggestions in the report will be ignored as is usual. If it was the Australian Government the report would have been commissioned by Senator Conroy (the current World's Greatest Luddite) and be about installing an iris on all computers to close off the portal to tricks and japes.

Re:Taking the piss (1)

BrokenHalo (565198) | more than 4 years ago | (#32656010)

...and I'm sure useless suggestions in the report will be ignored as is usual.

Our experience shows that the government prefers to ignore useful suggestions.

Useless things like attempting to micromanage what internet users see on their computer screens are fair game for our illustrious leaders, and will be pursued with all the diligence they never deserved.

Quarantine (2, Interesting)

hendrikboom (1001110) | more than 4 years ago | (#32653714)

Kind of like a public-health measure.

Advantage: Boxed software. (2, Interesting)

DeadPixels (1391907) | more than 4 years ago | (#32653818)

ISPs would have to: require all subscribers to install anti-virus software and firewalls before the Internet connection is activated

It seems to me like this is a strange requirement. I couldn't tell you the last time I actually went to a brick-and-mortar store and bought an antivirus product. And what about lesser-known or free antivirus solutions? Unless you're going to find someone with an internet connection and download them onto USB/an external drive, it seems like this requirement would negatively impact their marketshare (which, if they're lesser-known, would admittedly be small).

Re:Advantage: Boxed software. (3, Insightful)

LambdaWolf (1561517) | more than 4 years ago | (#32654112)

ISPs would have to: require all subscribers to install anti-virus software and firewalls before the Internet connection is activated

It seems to me like this is a strange requirement. I couldn't tell you the last time I actually went to a brick-and-mortar store and bought an antivirus product. And what about lesser-known or free antivirus solutions?

Indeed. And how do they define the threshold of effectiveness and necessity of "anti-virus software"? Will the nine-year-old copy of Norton that originally came with the dusty old PC that I just plugged in suffice? And what do I need to put on this highly secure Linux distribution I just installed? If I write my own operating system from scratch, do I need to wait until someone releases an anti-virus product for it before I can legally connect it to the Internet? Can I write my own anti-virus software from scratch, and if so, how much does it actually have to, you know, do in order to be considered such? And who determines whether it even does it correctly? Is there going to be some kind of review board for this?

Sometimes I think politicians aren't aware of how many questions they create.

Re:Advantage: Boxed software. (3, Insightful)

Reziac (43301) | more than 4 years ago | (#32654646)

I'm wondering which antivirus vendors' lobbyists are pushing for this.

Follow the money...

Re:Advantage: Boxed software. (1)

kid.whisky (869762) | more than 4 years ago | (#32660286)

I'd imagine all of them, as they're the only group that directly stand to benefit (that I can see).

Re:Advantage: Boxed software. (1)

uninformedLuddite (1334899) | more than 4 years ago | (#32674730)

Mr Conroy in his bountiful wisdom has come up with a one line solution
127.0.0.1 anything.not.nice

Re:Advantage: Boxed software. (1)

AmiMoJo (196126) | more than 4 years ago | (#32663212)

Try Windows Antivirus 2010. It installs automatically when you visit one of their partner web sites and on my system it detected 1000s of viruses that McAfee missed.

Best $29.99 I ever spent!

Re:Advantage: Boxed software. (0)

Anonymous Coward | more than 4 years ago | (#32667978)

Obviously you're kidding. However, I've had to fix several computers for people who actually thought it was legit. Instead of buying it, they freaked out and called me because apparently they thought I would fix it for cheaper than the $20 - $30 bucks the fake antivirus wanted. Yeah. Right.

Re:Advantage: Boxed software. (1)

BrokenHalo (565198) | more than 4 years ago | (#32656154)

I couldn't tell you the last time I actually went to a brick-and-mortar store and bought an antivirus product.

I could. The answer is "never". But then, most of the non-mainframe computers I have owned or operated (apart from those DOS boxes, which don't really count) have worked on some form of Unix, so viruses are essentially a non-issue and firewalling is easily enough handled by iptables and/or a comprehensive hosts file.

Freeware FTW (0)

Anonymous Coward | more than 4 years ago | (#32656200)

I just got Internet a couple of days ago. As soon as I'm connected, Antivirus 2010 prompt me to install it right away. I didn't even have to pay!

Re:Advantage: Boxed software. (0)

Anonymous Coward | more than 4 years ago | (#32656466)

They could also provide a server side solution, like my ISP is doing. Email is checked at the server. Filtering worms and zombies and notifying about them could be considered common sense for a service provider. Together with user education, notification and take down, if necessary, would certainly improve security eventually.
  What I'd really like to see is the Australian government forcing every OS sold in the country to ship in 'disabled by default' condition. That will get Microsoft improving the security and perhaps even performance of their consumer products.

Re:Advantage: Boxed software. (1)

Redlazer (786403) | more than 4 years ago | (#32660336)

And what about people who don't use antivirus in Windows? What about Linux and Mac? What if my internet is just for my phone?

Infected websites? (2, Interesting)

Drakkenmensch (1255800) | more than 4 years ago | (#32653830)

Considering that ad banners can be infected with java viruses, does that mean that any website with ads should be, by this law, taken offline? Pretty soon the computer users will have the legal obligation to stop using the internet entirely...

Re:Infected websites? (2, Insightful)

commodore64_love (1445365) | more than 4 years ago | (#32654144)

>>>does that mean that any website with ads should be, by this law, taken offline?

Or return to the simple GIF and PNG ads of yesteryear. That sounds like a positive outcome to me, since I'd rather download a 20k banner than a 500k movie banner.

Re:Infected websites? (1)

AmiMoJo (196126) | more than 4 years ago | (#32663236)

+ Adblock Plus
+ Flash Block
+ Disable Java

= Problem solved

Actually it's probably better to just not install Java in the first place.

How would ISPs force the contractual obligation? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32653892)

A stupid law like this will lead to the requirement the ISP install some kind of audit software on your PC to monitor compliance. Something like punkbuster. It would have to monitor your local system and possibly report back to the ISP. I don't see any other way this could work. This would be a nightmare to support a range of OSes and would possibly make a system that was properly maintained to be less reliable.

This is a great opportunity! (2, Insightful)

Rich.Miller.6 (1602871) | more than 4 years ago | (#32653932)

It's time to reclassify Linux as an antivirus product. Experience to date suggests that it is much more effective than single-purpose antivirus products - and it does so much more, for free!

Re:This is a great opportunity! (0)

Anonymous Coward | more than 4 years ago | (#32654484)

This is bunk. The real issue is staggering lack of lusers running linux as compared to windows.

Anyone who thinks Linux has less security bugs than other platforms obviously has never bothered to count the number of security updates pushed on a consistant basis via their favorite distributions package management systems. The overriding issue here is the luser not the platform.

Malware and anti-virus software are non-starters because the game is already lost by the time crap like this has an avenue to be allowed to execute on your computer. A virus scanner might catch some of it but its not possible to provide any assurances against execution of malicious code making virus scanners worthless as a technological solution to the problem. Its a problem that can only be solved by protecting lusers and lcoders from themselves by sandboxing browsers and other network facing software infustructure and their side effects.

Host based software firewalls are an exercise in redundancy and do nothing to protect users from participating in their favorite international botnet zombie army.... What we need is brrraaaiiinnnnsssss!! Overly prescriptive solutions that don't solve the underlying technical and computer/machine issues = bad policy.

Re:This is a great opportunity! (1)

HungryHobo (1314109) | more than 4 years ago | (#32654952)

Parent is wise.

I like linux but neither my linux nor my windows desktop has become infected in the last couple of years since I exercise reasonable paranoia and am familiar with the common channels of infection.

zero day worms which can get in through a firewall without any user participation are rare.
Shovelware-malware which infects you with a fake "update" screen or with an email attachment is so so much more common.

Re:This is a great opportunity! (1)

BrokenHalo (565198) | more than 4 years ago | (#32656356)

Malware and anti-virus software are non-starters because the game is already lost by the time crap like this has an avenue to be allowed to execute on your computer.

True. Most of these exploits become a problem because they have been allowed to hop over a human stupidity barrier. It would be futile for any politician to legislate on this issue, since most politicians are as thick as shit.

Trouble is, that won't stop them trying.

you voted for them (0, Flamebait)

FuckingNickName (1362625) | more than 4 years ago | (#32653940)

I thought you Aussies were laid-back, laissez-faire sort of people? Not in the pure capitalism sense, but in the "you mind your business, I'll mind mine and we'll chill together" sense? Why the sudden conservative turn?

Re:you voted for them (0, Offtopic)

mjwx (966435) | more than 4 years ago | (#32654100)

I thought you Aussies were laid-back, laissez-faire sort of people? Not in the pure capitalism sense, but in the "you mind your business, I'll mind mine and we'll chill together" sense? Why the sudden conservative turn?

Newsflash, Politicians are arseholes everywhere, even in Australia.

This is just a report, someone will make some recommendations and there may even be some talk on the subject. Politicians will agree that some fireviruses and anti-walls should be installed whilst everyone else ignores them.

Nothing happens, a lot of smoke is blown up the arses of people we don't care about, business as usual.

Re:you voted for them (0, Offtopic)

commodore64_love (1445365) | more than 4 years ago | (#32654176)

>>>Why the sudden conservative turn?

I assume you are using this word in the European sense (conservative==centralized power), not the American sense (conservative==constitutionalist). In any case it does appear Australia is turning more-and-more towards a totalitarian state, step by step, and away from individual liberty.

Re:you voted for them (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#32655874)

not the American sense (conservative==constitutionalist).

BWAHAHAHAHAHAHAHAHAHA. This is a joke, right?

Re:you voted for them (0)

commodore64_love (1445365) | more than 4 years ago | (#32657260)

No. A lot of persons who claim to be conservatives (like George Bush) are actually liberals. The Reps and Dems are simply two halves of the same party - the Big Government Party.

A true conservative party would be the Libertarians. And possibly the Constitution Party. Certainly not the R's or D's.

Re:you voted for them (1)

grege1 (1065244) | more than 4 years ago | (#32659816)

The balance of power in our Senate is held by independents and the Greens, but mostly by an ultra consertvative called Senator Fielding who represents the christian orthodoxy. To pass legislation the government must get the Greens and Fielding on side to out vote the opposition Liberal Party who are not liberals but conservatives. Thus the government is always having to suck up to Fielding. After the next election, later this year, it is unlikely that Fielding will have that power any more, even if he is re-elected. The current polls would have the Greens with enough senate seats to control the balance of power in the upper house irrespective of which major party wins the general election. When they have to suck up to the Greens, rather than the Christian right wing it will be very interesting to see how policy changes, even if we have a conservative government (still not likely, but you never know).

Re:you voted for them (1)

drsmithy (35869) | more than 4 years ago | (#32661680)

To pass legislation the government must get the Greens and Fielding on side to out vote the opposition Liberal Party who are not liberals but conservatives.

The Libs are, indeed, liberals. It's just the term has a different meaning in Australia (and the rest of the world) as compared to America - it refers to the economic, not social, policies (though even on that front, the Libs are far more 'liberal' than so-called 'liberals' in the US).

Re:you voted for them (0)

Anonymous Coward | more than 4 years ago | (#32660700)

Some of us weren't even born when Labour was last in power, we had no idea what was coming!

Re:you voted for them (1)

Cimexus (1355033) | more than 4 years ago | (#32661116)

We still are.

Slashdot tends to hype things up, exaggerate, and report on suggestions, ideas, and whimsical musings from a couple of politicians, as if they were a done deal and were being introduced into law right away.

It's not the case though.

Internet filter: Conroy and his lot have been talking about it for two years now. But their own trials showed it was essentially useless. The draft legislation hasn't even been written, let alone introduced into Parliament as a Bill. And if it were introduced, it would never pass - Labor doesn't have the numbers to get it through. And they recently announced that they are, essentially, scrapping the idea in its current form.

Forcing ISPs to record users' internet history: This is already done in most of the EU. But Australians definitely don't like the idea, and like the filter above, it will die before any real steps are taken to get this into law.

Subject of this article: This is one step below even those two things. It's a recommendation by a committee. Do you know how many commiitees there are and how many random recommendations they make? Generally a very very small proportion of such recommendations ever find their way into official Government policy. The idea of disconnecting infected machines spewing out spam or participating in a botnet is a good idea. But requiring AV software as a precondition to getting online? Hahahaha ... that is completely unworkable. Think of the average home user's technical abilities. Think of the outrage in the ISP industry. Think of the fact that Mac and Linux users don't really need AV software. Etc.

Basically, Slashdot always tries to make as scary a sounding summary as possible, and the non-Australian commenters lap it up and go "omg Australia sucks", ignoring the fact that these things are all just IDEAS or proposals which are unlikely to ever see the light of day. Result: Australia's name has been unfairly dragged through the mud on here in the last year. Yes - the current Government has had some awful ideas, which have and should be criticised. But some politicians' ideas /= actual policy or law. And in the case of the things mentioned here, are never likely to be. Australia as a whole hasn't miraculously changed in the last 12 months. As a culture, we are still laid back. Oh and it's not like Americans don't have some scary ass laws too ... warrantless wiretapping anyone? That even affects me as a foreigner - anytime I call someone in America, my conversation might be being recorded or listened to.

Just wait for insitutional stupidity ... (3, Insightful)

gstoddart (321705) | more than 4 years ago | (#32653958)

I'm imagining some poor schmuck on the phone with an ISP trying to explain that the government mandated anti-virus software doesn't support their OS of choice (which the moron on the phone has never heard of) and being told that they can't have internet access because they don't have Windows.

Don't act like it won't happen. Heck, most ISPs if you're trouble-shooting almost demand that you remove the firewall and plug the machine directly into the cable modem, and only have trouble-shooting instructions for Windows and can't comprehend that you might actually be qualified to say that, since nothing has changed on your end, their network must be currently broken.

While I appreciate the intent of this, every time someone tries to legislate solutions to technical problems, they break more stuff.

Re:Just wait for insitutional stupidity ... (1)

Drakkenmensch (1255800) | more than 4 years ago | (#32654056)

And now imagine that through any combinaison of lobbying, negotiation, kickbacks and possibly blackmail, Symantech gets the EXCLUSIVE contract to have Norton be the ONLY allowed antivirus to be accepted by law. Ever paid 250$ for your antivirus? It could happen.

Re:Just wait for insitutional stupidity ... (1)

commodore64_love (1445365) | more than 4 years ago | (#32654224)

>>>being told that they can't have internet access because they don't have Windows.

My AOL Dialup ISP is like that. They don't support anything but 98, XP, Vista, and Se7en. Mac, Amiga, and Linux OS users are told by the sign-up website that they can not join.

Re:Just wait for insitutional stupidity ... (0)

gstoddart (321705) | more than 4 years ago | (#32654280)

AOL? Dialup? Amiga?

What are these strange words you use? ;-)

Re:Just wait for insitutional stupidity ... (1)

BrokenHalo (565198) | more than 4 years ago | (#32656464)

Over the years, I have been told by any number of ISPs that "we don't support Linux". I've found it easiest to just not bother telling them what sort of machines I run. I pay good money for their bandwidth, but they don't need to know how I use it.

Yeah, I know they can check their logs, and that isn't really a problem for me. If it was, there are always VPNs offshore that I can use.

Re:Just wait for insitutional stupidity ... (1)

Barny (103770) | more than 4 years ago | (#32659934)

When I first got my DSL (about 9 years back now) I was having issues with the crappy USB modem they gave me with the deal, I called them, they asked "what OS" when I said my router was running freeBSD they happily told me where to get a driver for the modem, stepped me through any conf files related to its setup and got me up and running.

Maybe American ISPs just suck for support?

Re:Just wait for insitutional stupidity ... (1)

BrokenHalo (565198) | more than 4 years ago | (#32661106)

Maybe American ISPs just suck for support?

I have no first hand knowledge of them - I live in Australia.

Re:Just wait for insitutional stupidity ... (1)

Barny (103770) | more than 4 years ago | (#32662834)

Same, but from what I hear, re verizon-math, etc, I can't help but paint a terrible picture of them in my mind.

Re:Just wait for insitutional stupidity ... (2, Interesting)

deniable (76198) | more than 4 years ago | (#32661010)

"No, I just have an Xbox and an iPad. Where do I get AV software?" OK, who's for trolling some support lines?

Devil in the Details (2, Informative)

static416 (1002522) | more than 4 years ago | (#32654006)

The problem is not the idea of everyone having anti-virus, it's that you want the ISPs to distribute and enforce it.

I don't know about you, but I would never install any software given to me by an ISP. In Canada, Rogers actually have a history of opening more security holes than they close with their Firewall/AV software. To the point that some large corporations IT departments won't let you VPN in from home if you have the software installed.

In my experience ISP software is typically one of the worst forms of insecure bloatware you can put on a computer.

Re:Devil in the Details (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#32654286)

This is true. I've tried both Telus and Shaw. And both their Antivirus and their Firewalls are pretty much next to useless, causing more problems then they are worth.

If the ISP's are going to force me to contractually install a firewall and antivirus on my PC supplied by them - I should be able to sue them for every infection that makes its way onto my PC that the antivirus can't remove within 24 hours.

If you are going to hold ME accountable, I'm going to hold YOU accountable.

Re:Devil in the Details (1)

Reziac (43301) | more than 4 years ago | (#32654734)

Agreed. Given that -- and the huge can of worms inherent in "which OS? which AV??" -- the only practical solution is for each internet connection to go through a security appliance supplied by the ISP, to which you can connect whatever you wish.

Oh wait, we already have those... I think they're called "routers" by the rest of the world. But if this happens -- I think it's reasonable to assume that it will actually be a Big Brother device, capable of snooping on and reporting everything you do online directly to the authorities, just in case you MIGHT be a pirate or MIGHT indulge in an unacceptable type of pr0n, etc, etc. Not to mention if you might intend to vote for someone who opposes this nonsense.

Re:Devil in the Details (1)

uninformedLuddite (1334899) | more than 4 years ago | (#32674780)

I can already see my computer saying "what are you doing, Dave"? if I mistakenly visit a non-Conroy approved site. To all the people saying that Australia is turning towards totalitarianism you need to pay more attention as it is the whole Western world that is turning! Not just us.

Re:Devil in the Details (1)

Reziac (43301) | more than 4 years ago | (#32675694)

That's true, and contrary to your sig, it's the New Left fascists who are doing the most damage, in the name of "liberalism". Here in California you almost can't breathe without their permission, nor without paying for the air. What they can't control with legislation, they control with regulation. They wouldn't restrict internet use for those affected by cybercrime; instead they'd take your kids and call you an unfit parent for exposing your children to such smut.

Re:Devil in the Details (1)

uninformedLuddite (1334899) | more than 4 years ago | (#32688192)

I am of that fringe whacko group who think that hey are all bastards and that the term 'right' describes the left and the right.

Re:Devil in the Details (1)

HungryHobo (1314109) | more than 4 years ago | (#32655026)

don't worry.
You'll be obliged by law to buy their antivirus but they'll make sure the only contract available stipulates that you cannot hold them accountable for anything whatsoever.

Re:Devil in the Details (1)

jc42 (318812) | more than 4 years ago | (#32657010)

... they'll make sure the only contract available stipulates that you cannot hold them accountable for anything whatsoever.

Hmmm ... Most countries have laws that at least make such terms illegal for the primary advertised purpose of what you've bought. Here in the US, it's commonly called "consumer fraud". You might check to see if your laws cover the case of a purchased product failing at what it was labelled and/or advertised for.

It's expected that makers of such things as anti-virus software would disclaim all responsibility for anything, since after-the-fact detection and removal of such stuff is known to be an NP-hard problem. Maybe we should be responding to threats like this one by challenging the software suppliers to live up to their advertising claims or pay damages. It might be interesting to see how the courts deal with the topic.

How would they enforce such a requirement? (1)

Julie188 (991243) | more than 4 years ago | (#32654036)

I think it's reasonable to say to people, hey, your ISP isn't responsible for data on your computer particularly if you don't even have basic protection on it. But it's another thing altogether to say, "you can't use the the Internet if you don't use anti-malware." That gets into all sorts of enforcement issues, what constitutes appropriate anti-malware, what happens if you don't comply ... can the ISP still bill you that month? What if you completely rolled your own, and there's no appropriate anti-virus software out there for your operating system. If ISPs must act as the enforcement gates, it's going to make a whole bunch of "network access protection" vendors quite happy. They'll get to sell a lot of complicated NAC gear to these ISPs.

I am beginning to think... (2, Interesting)

kayoshiii (1099149) | more than 4 years ago | (#32654044)

That Conroy et al are not so much interested in controlling what we do as much as they are shills for internet security software.

Actually remembering the last time I was involved with a government technology program and who was involved that wouldn't surprise me in the least.

Anti-Virus and Firewall software.. UGH (3, Interesting)

mlts (1038732) | more than 4 years ago | (#32654050)

Firewall software? Maybe because it was because I am a UNIX guy and the kernel of these operating systems had control of the IP stack without needing third party programs. Or because a true firewall is a hardened hardware router that can withstand attacks not just coming from the outside in, but prevents items from coming from the inside out (such as E-mail from any box other than the designated mail servers.) A software firewall that is not built into the OS proper is pointless [1], as the OS should protect against incoming attacks, and if a malicious application is installed, the game is over anyway, so protecting against outbound stuff is pointless.

As for anti-virus, maybe on Windows, but I have yet to see malware on a serious UNIX system unless it is a Trojan (and no A/V system can protect against that.) However, I just find it almost laughable when I have to install McAfee on a pSeries box with some script to show it is running for audit reasons.

Instead, maybe the law should be worded as "proper security measures shall be taken to protect against malicious software and remote attacks." This way, an OS that has a decent IPS built in doesn't need to have third party stuff tacked onto it to make it compliant.

[1]: An exception is the DroidWall app on rooted Android phones. It provides good security because a lot of apps ask for network communication privs which shouldn't have it, and a user otherwise wouldn't have control of what can and what can't communicate out.

Re:Anti-Virus and Firewall software.. UGH (3, Informative)

Mouldy (1322581) | more than 4 years ago | (#32654246)

"proper security measures shall be taken to protect against malicious software and remote attacks."

Define 'proper' in this context. Windows has come with built in firewall software for years, since XP SP2 IIRC. Is that 'proper' enough? What about the most up-to-date patched Windows 7 system? Where do you draw the line?

UNIX firewalls might be the best in the world today, but tomorrow someone might discover a critical flaw that opens up every Linux box to all kinds of nasties. Similarly, saying "Install Norton/Mcaffee/whatever" is susceptible to a similar flaw. It might be the recommended A/V product, but tomorrow some hax0rs might find a vulnerability with it and every computer in Australia is vulnerable to it.

Re:Anti-Virus and Firewall software.. UGH (1)

imanners (450214) | more than 4 years ago | (#32654538)

Governments and joe public only understand two things or options. So if there is a choice you can only give then two, ie, yes or no, Windows of Mac, Internet Exploder or Firefox, give it or I take it anyway.

In the mean time they will simply supply monitoring software that probably only works on Windows, because it will support all operating systems [Windows XP, Windows Vista, and Windows 7]. It will be up to you to decide on were you get the software for AntiVirus/Malware/Firewall from, after all, the Government isn't in the antiviral and malware business, yet.

Or, they will mandate it that the ISP has to ask the customer at point of signup if they have AntiVirus and a Firewall installed, and leave it up to the customer to say yes or no :o)

As I don't run Windows or Mac, only AIX and something else, I would of cause reply in the affirmative.

Other means/method for *NIX &/or Windows (0)

Anonymous Coward | more than 4 years ago | (#32654806)

"because I am a UNIX guy and the kernel of these operating systems had control of the IP stack without needing third party programs." - by mlts (1038732) * on Tuesday June 22, @11:44AM (#32654050)

First of all: By "control of the IP stack", what EXACTLY do you mean here? Be specific... thanks!

Secondly: I can tell you that doing pretty much what a firewall program can do was already "built in" into Windows NT-based OS' by Microsoft, in "Port Filtering" (often called 'the poor man's firewall') in fact!

(Yes, it works quite well alongside actual software firewall programs, hosts files & other forms of blocking softwares/browser addons, & hardware router/firewalls also... and yes, it's done in "kernel mode" in the IPFLTDRV.SYS driver (working alongside TCPIP.SYS driver itself, which is however, lately @ least, a "Plug-N-Play" driver & ipsec.sys (optional), which are also both kernel mode drivers afaik)).

---

"Or because a true firewall is a hardened hardware router that can withstand attacks not just coming from the outside in, but prevents items from coming from the inside out (such as E-mail from any box other than the designated mail servers.)" - by mlts (1038732) * on Tuesday June 22, @11:44AM (#32654050)

A HOSTS file can do this for you, both for *NIX based OS + Windows too.

Simply by putting in lists of KNOWN BAD sites &/or servers, You can effectively not only stall access to them by users, but, this also stalls ANY MALWARES ACCESS TO THEY AS WELL (such as in the case of botnet "command & control" servers), because if YOU the user cannot access a site?? Neither can a malware (one that's running under YOUR user logon rights context)...

(Additionally, HOSTS files aren't "3rd party software" that isn't "tightly integrated" (what a crock of CRAP that term is, lol, because all apps call out to libs in the OS in the end, especially NTDLL.DLL on Windows @ least) or that eats up CPU cycles, as it's only a filter that the IP stack uses!)

APK

P.S.=> Just some "food for thought", before you reply with some (hopefully) specifics on what you meant in the block of text I quoted from you at the top of my reply here... apk

Better Idea (2, Insightful)

SnugglesTheBear (1822258) | more than 4 years ago | (#32654146)

I say Australia should have the ISPs refuse service to anybody running a windows box. This would remove at least 70% of the malware and would improve customer satisfaction!

Re:Better Idea (1)

Dogbertius (1333565) | more than 4 years ago | (#32655172)

70%? Shouldn't it be 99%? I didn't realize that Macs and Linux boxes were capable of running malware. Blast you WINE users!

WWOT fp (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32654192)

Follow the funding (2, Insightful)

AHuxley (892839) | more than 4 years ago | (#32654198)

So we have a "Office of Online Security be established within the Department of Prime Minster and Cabinet"
Then we see a cut to "The Online Child Sexual Exploitation Team", a unit of the Australian Federal Police of $2.8 million.
http://www.smh.com.au/opinion/politics/fight-to-filter-out-evil-leaves-bad-guys-to-do-their-worst-20100514-v4cq.html [smh.com.au]
We also have some fun news via http://www.zdnet.com.au/inside-australia-s-data-retention-proposal-339303862.htm [zdnet.com.au]
Beyond the "want the source and the destination IP addresses for internet sessions" they are dreaming of linking
""They want allied personal information with that account, including, [the department] said, passport numbers.""
with "automate the process of requesting and obtaining access to telecommunications data."
One day your ip could be linked to your isp and photo id while you surf on a filtered internet with Windows anti-virus and firewall software running.
Some great projects and funding for someone :)

who pays for security? (0)

Anonymous Coward | more than 4 years ago | (#32655566)

"... should be forced to install anti-virus and firewall software".
sure, sure, if the GOVERNMENT pays for it!
(if you use linux, you should get a coupon over $anti-virus+$firewall,
which you can use to redeem cash, or deduct from your due taxes)

Hahaha, sure. (1)

bmo (77928) | more than 4 years ago | (#32656388)

The installation of a virus scanner does nothing to stop new malware. Such beasties are only as good as their databases, which always lag behind the current malware. And having it installed doesn't mean it's kept up to date or it's actually used. How many "trial" versions of NAV have I seen over the years that are massively out of date? Hundreds.

What I also want to know is what kind of anti-virus software is there for Solaris machines? If you run a real operating system, do you have to take it off the 'net now because you can't even buy "antivirus software"?

Australia is really beginning to become an IT shithole, judging by the news. But I don't think raging neckbeards in the street is going to intimidate the stupid politicians.

--
BMO

I run Linux... (1)

IchBinEinPenguin (589252) | more than 4 years ago | (#32658744)

Can I just scan for the evil bit [faqs.org] instead?

Australia + Cyber (0)

Anonymous Coward | more than 4 years ago | (#32659634)

Dear rest of world, please ignore anything relating to Australia + Cyber-anything, while that fool Conroy is still a minister. We are trying our best to get rid of him soon.

Some ideas are great. Some are just crap. (1)

thegarbz (1787294) | more than 4 years ago | (#32662482)

Ignoring the rest of the Australian governments internet policy, some of the stuff coming out of them is good. Some is incredibly bad. This one just happens to be a bit mixed and misdirected.

One of the best proposals they released is asking ISPs to monitor your traffic for obvious signs of infection. As a geek with a reasonably hardened setup at home I was dumbfounded when I got one of the emails detailing Confiker.C was all over my network. We have 2 fully patched Windows 7 computers, and a fully patched Windows XP machine (my sister's laptop). The laptop in question had Cnfiker.C in the past and I cleaned it and fixed the windows update settings on the laptop as well as re-instating the broken AV software and all was fine or so I thought for about 3 months.

3 full months it didn't click that our media centre is a Windows XP machine. Mainly this is because I've never once gone on the internet with it via a web-browser or opened email, downloaded software from dubious sources etc, this all lead to the belief that it was impervious to virus attack. I never considered an attack from inside the network, thanks to the evil government's mandated warnings though I have changed things considerably. What chance does the housewife next door (the one who runs an open wifi access point) have if even I missed such a thing?

Now this policy is both good and bad. There needs to be some level of mandated security. As for the details, that one is a bit more grey. I like the idea of not allowing computers that don't have an inbound firewall but does this need to be at a computer level or is the basic drop any unidentifiable packet policy of my router good enough? Does the policy require an aftermarket firewall or is windows firewall good enough? I am willing to bet that most if not all users have these systems and they are simply not turned on. All the same principles applies to antivirus. Is it good enough to have the software but not download the latest updates?

On top of all this there's the psychological problem too. A lot of users are just too ignorant of the threats to be connected to the internet. Antivirus and Firewalls will NOT protect them. My sister and mother are classic cases. Both of them are savy enough not to click on .scr files in emails, or indeed open any file in emails that look dubious. That didn't stop Antivirus 2009 from getting on their computers because they thought they were safe (safe because I installed antivirus and firewalls).

Giving clueless users the feeling that they are safe will simply lead to complacency.

Excuse me while I go open this email with naked pictures of Britney Spears. Oh don't worry I've got the government watching my back.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?