I said much the same thing in a discussion a couple of years ago. ISPs could easily detect when spam is being sent, revoke send-mail rights, notify the user and tell them to fix the problem and use webmail to send urgent emails.
Detecting computers taking part in DOS attacks may be trickier but in many cases, these computers will be used to send spam far more anyting else.
I've often wondered why, if these are PCs running Windows, why Microsoft cannot just shut down the PC on a Tuesday update.
Perhaps there's the issue of a compromised machine won't allow itself to be shut down. Perhaps the machine is sufficiently hidden to avoid detection. It can't be a privacy issue, because the machine is already compromised.
Bot infected PC's should be deloused by their owners, I don't buy into the notion that 3rd parties should have any access or rights to control anything on my machine.
The ISP I often use blocks client connections if the ISP detects that SPAM or DDOS attacks are originating from that connection. Their Abuse department then helps the customer with instructions about how to clean the PC. They also offer free virus scanners, and firewall software to all their clients and run server based virus scanners on all incoming and outgoing emails. I thought this was common practice with most ISPs...
Once there's a shut down mechanism in place, there's many more things it can be used for by whoever is in control.
That is my interpretation of this.
|why Microsoft cannot just shut down the PC on a Tuesday update |
If Microsoft could be trusted with such power it would be a great idea. But how long before they use that power to shut down a suspect terrorist, then to shut down a parking offender, then someone whos windows licence isn't up to date, then someone who doesn't like the latest special offer.
Since MS opened the door on this...
Using the health care model as a metaphor, MSIE should be destroyed, put down like a rabid animal, as it's highly susceptible to infections with no hope of any cure in sight.
You might say that MSIE itself is the infection, it being the primary cause of so much PC sickness. Similar to an autoimmune virus...
The quarantine idea makes a lot of sense but there are some issues...
First, less than scrupulous ISPs (read Comcast) could use it as a way around neutrality.
Given their track record they would almost definitely flag file sharers and other users who they felt were using too much bandwidth as "infected".
Second, the extra packet sniffing could raise ISP's costs significantly and privacy advocates are never going to like the idea of individual packet inspection and the logging that tends to go along with it.
Home users don't have the financial means nor the time or spare machines to do this. I know my PC at home is infected with something, so it's turned into a streaming / downloading machine only. I don't even use it access emails. I switch to Linux for anything remotely personal.
"Bot infected PC's should be deloused by their owners"
True...but just as there are some that sit back and for the 'gubment' to fix all of their problems, they also expect Microsoft and their antivirus to solve/fix all of their computer problems.
|The quarantine idea makes a lot of sense but there are some issues... |
... like who is going to pay for it. [webmasterworld.com]
|Home users don't have the financial means nor the time or spare machines to do this. |
Not a problem.
Some people can't maintain their autos either and when they go belching down the road they get sent home by the police until they can afford to repair the car.
If you're an egregious polluter, either on the road or the internet, and can't afford to fix the problem then you don't get to come out and play.
Quite simple really.
Another alternative to cleaning the PC is simply reload it with Ubuntu, Firefox or Chrome, and Open Office.
Problem solved and it'll run faster.
About time, but it'll never actually happen.
People know they're not supposed to turn up to the office when they're infectious, but they do anyway. The problem is, people are morons (on average). And there's no FDA-approved cure for that.
|I know my PC at home is infected with something, so it's turned into a streaming / downloading machine only. I don't even use it access emails. I switch to Linux for anything remotely personal. |
You are part of the problem, and demonstrate exactly why we need measures like this. You protect yourself by limiting use of the infected PC, but it is still sending spam to the rest of us, taking part in DDOS attacks, or whatever.
|If Microsoft could be trusted with such power it would be a great idea. But how long before they use that power to shut down a suspect terrorist, then to shut down a parking offender, then someone whos windows licence isn't up to date, then someone who doesn't like the latest special offer. |
Rather like the British government using investigatory powers it took to "fight terrorism" to gather evidence in cases of failure of clear up after dogs?
|If you're an egregious polluter, either on the road or the internet, and can't afford to fix the problem then you don't get to come out and play. |
Exactly, and,as I said on the thread on who should pay for it, fine them, or allow the victims to sue them (if the victim of a DDOS attack could sue any owner of a participating machine for statuary damages of , say a few thousand dollars, it would create a good incentive to keep your PC secure)
The Aussies are already considering it, but would you really trust a government to run their programs on your computer.
And of course Joe Public that just plugs in a computer & surfs away will never become technically savy enough to even know something is wrong.
|Computers with viruses could lose their internet access |
A new industry code that has been designed to control and prevent the spread of PC contamination throughout Australia could see any computer infected with a virus being refused access to the internet.
It has been reported that an operate-or-legislate ultimatum to identify computer systems that have become “zombie” computers and are being used for cyber-crime has been issued to the internet industry by the Federal Government.
The ISPs are already complaining about costs & killing network speeds with the current proposal for an internet filter which looks to be expanded to millions of blocked sites. Adding more load on the ISP networks will only make things even worse.
Letting the government "solve" problems inevitably just makes things more expensive.
|Adding more load on the ISP networks will only make things even worse. |
Blocking zombies will remove load. ISPs are reluctant to act for fear of losing customers, if they can say the law forces them to, and any ISP will do the same, it will reduce that threat.
And increase the price of connectivity. Forcing ISPs to do extra processing on every single packet would create far more load than botnets are adding to the network... and that's assuming it would even get rid of zombies, which it wouldn't, it would just be another step in the arms race.
I don't buy into the notion that 3rd parties should have any access or rights to control anything on my machine.
Quite right, but neither do we have the right to put infected machines on the net. It is down to ISPs to quarentine infected locations until the owners fix them.
Blaming Microsoft, or removing Microsoft will not provide the solution. If it's not Microsoft's O/S, it'll eventually be someone elses.
For sure, governments are not going to be the ones to deal with this, though legislation or advice.
It should be possible to identify the offending machines, via the ISP. as the average Joe surfer may not even know their machine is infected.
How are we to leave it, as it is or find a solution?
I think the cost argument is a red herring; I would think that an ISP could simply "sample" packets from each of their customers over time -- for example, sample packets for a few randomly-scheduled minutes a week, and notify those whose machines seem to be zombied using an ISP-side redirect on initial connection. If the customer doesn't respond, then the ISP could rightly decide whether they wanted to retain that customer, or perhaps limit that machine's bandwidth and/or access to mail services.
With all of the free malware detectors and fixers available on-line today, there's simply no excuse to allow a compromised machine on-line.
|Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, suggested that the security industry should follow the health care model of quarantining infected PCs to prevent them from being used to send spam and conduct denial-of-service attacks. |
Or, you could do your job and publish software without so many known security holes.
|Blaming Microsoft, or removing Microsoft will not provide the solution. If it's not Microsoft's O/S, it'll eventually be someone elses. |
No, it actually is MS. It is the underlaying software architecture of Windows. It is teaching the Windows users to click on any executable to "install" a program (that's the OS's job!). It is the not fixing of known bugs in MS software (especially their browser).
I am not a "MS hater", but it actually is them to blame. Too much marketing tricks, to few technology.
It happens to Apple O/S, too. ;)
Someone will exploit some other dominant O/S if it wasn't Microsoft.
|Rather like the British government using investigatory powers it took to "fight terrorism" to gather evidence in cases of failure of clear up after dogs? |
Exactly! Power is too big a drug to be trusted to the powerful (think Smeagol).
I really like the idea of remote isolation of infected machines. But such power should only be in the hands of those who cannot gain from it (not corporates, not governments...).
How about voluntary signup to an open non-profit 'Keep my computer safe' system? On detection of high volume spam or DDOS activity: "This computer is infected and is not allowed on the internet until safe. You may access any of the following neutral cleaning tools in the meantime"
Now I start to think about it. It is probably critical that an open neutral org does this BEFORE governments say they 'have to'. You just know what governments would say its for and then what they would later use it for. I would pay a few pounds to support such an open neutral org, and I bet a few million others would too.
|Home users don't have the financial means nor the time or spare machines to do this. |
I'm a home user with means and spare time so that statement is inaccurate. The point however was that 3rd parties shouldn't have access to home computers for ANY reason unless explicitly authorized by the home user. Heck, many major security holes are happening because of 3rd party interactions to begin with!
How do you fix an infected machine? You need to download something from the internet.
Last infection I had, I did enough research online to figure out that I needed to download HitMan Pro. The infection before that, I needed Malwarebytes. My McAfee and Ad-Aware installations couldn't find or fix either of these problems.
I'm pretty tech savvy. When your non-savvy user loses his internet access because he has an infected machine, who is going to help him? The ISP? Surely, you're not serious. Their AV company? Useless if their software doesn't find the problem. Microsoft? Laughable.
What you'll end up with is lawsuits by the score and ISPs backing down with time and money wasted.
|who is going to help him? |
Geek Squad - and the ISP should give them a $50 coupon toward the service ;)
|It happens to Apple O/S, too. ;) |
They only speak about updates there, not exploits. And even if an Apple user clicked on some Trojan Horse program, it would only infect that user, not the system.
I recently discovered a couple machines here frequently sending out emails. AVG was up-to-date, and a complete scan was finding nothing. I happening to know this because I can see the blocks of SMTP use every 10mins in our modem log files.
One of my first thoughts was, how long has thing been going on? Our ISP had already charged us quite a lot extra for over internet usage, how much of this was SMTP?. Any teckie working at an ISP looking at traffic would already know this is happening everywhere, why do they let this happen?
The problem is, if an ISP did block this, they would not be able to cope with the large amount of support calls, and the misery put on the customers to sort it out would be quite a problem.
I do feel ISPs could easy setup an automated service that warns customers of excessive SMTP use. Or the modem they supply could easy have this function built in.
Personally, I’m still unable to find the processes within our machines which is presumably sending out spam, so I blocked port 25 on our modem. Like most people, we use web mail anyhow.