North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Quarantine your infected users spreading malware
On Tue, 21 Feb 2006, Valdis.Kletnieks@vt.edu wrote:
When referring to AOL customers, though, you're talking about a target market that is accustomed to being offered a bundled package, and for lack of a better term, doing what it's told. Largely, AOL users aren't the problem. Comcast, Cox, Adelphia, and similiar providers with raw IP consumers are the problem. A la carte services are all good and well for the end user, but it's a double edged sword in that they're good for the botnet crews, too. I used to sneer at offerings like AOL or Compuserv, because they weren't what I needed. Now, I'm actually kind of glad they exist because some users clearly need the training wheels.If you're talking about a compulsory software solution, why not, as an ISP, go back to authenticated activity? Distribute PPPOE clients mated with common anti-spyware/anti-viral tools. Pull down and update signatures *every time* the user logs in, and again periodically while the user is logged in (for those that never log out). Require these safeguards to be active before they can pass the smallest traffic.Cost prohibitive.. In order to do that you'll need licenses from the AV companies..Oddly enough, AOL and several other large providers seem to have no problems advertising some variant on 'free A/V software'.
This is as much of a social problem as it is a technical one. I'm starting to understand the perspective of a legislative heavy federal government that has to pass laws to protect folks who are pretty much ignorant of the problem.
 I don't point those out because of specific problems, I point them out to describe service offering styles and network architecture. I have no interest in detailing why provider X sucks, or talking to your lawyers about it.