"Default" Internet Service (was: Re: Points on your Internet driver's license)
Sean Donelan
sean at donelan.com
Sun Jun 13 02:34:39 UTC 2004
On Sat, 12 Jun 2004, John Curran wrote:
> One could imagine changing the paradigm (never easy) so that
> the normal Internet service was proxied for common applications
> and NAT'ed for everything else... This wouldn't eliminate all the
> problems, but would dramatically cut down the incident rate.
In the BBS days, how did most viruses get on computers? Have things
really changed that much?
Take a look how computers are being compromised. Its amazing just how
many compromised computers have NAT, firewalls, proxies, etc.
1) pre-infected, i.e. already compromised before connecting to your
network (laptops are dangerous)
2) self-infected, i.e. compromised because the user installed the
software containing the virus
3) network-infected, i.e. compromised solely by being connected without
any action by the user
Some broadband providers have been selling service that includes a
NAT/firewall on the connection for several years. What is the difference
in infection rate of those users? Is it just wishfull thinking by some
people that NAT/firewalls/proxies will solve the problem? Or do they have
hard data to back them up?
Preventing users from compromising their computers is a lot like
preventing users from accessing porn or music. Basically anything the
user wants could be potentially harmful, and the miscreants know that.
So how do you make sure users can only access "safe" content?
More information about the NANOG
mailing list