"Default" Internet Service
Dave Howe
DaveHowe at gmx.co.uk
Sun Jun 13 11:59:53 UTC 2004
Sean Donelan wrote:
> Selling people barn doors and barn door audits is easier than figuring
> out how the rustlers are getting the horses. The problem is the horses
> aren't being rustled(?) through the barn doors. If they were, you would
> expect to see a difference between barns with doors and barns without
> doors. But in practice, we see people with and without firewalls with
> infected computers. Network level controls aren't as effective as
> some people hope at stopping many things. ISPs should stop porn, ISPs
> should stop music sharing, ISPs should stop viruses, ISPs should
> stop <insert here>. Yet somehow users manage to find a way around
> all of them.
> So what makes some users more likely or less likely to have infected
> computers? How do they become infected, but other users don't? What's
> different between the two groups?
Skill, Desire and Luck - not always in that order.
I usually set out my stall on this one by making a the following
assumptions -
1) any protective measure that relies on users having common sense will
inevitably lead to astonishment at how uncommon common sense is (core rule)
2)Warning messages are now so common users don't read them, and web
popup boxes even more so. By simple extension therefore, no warning
message is of any value - users will read just enough to discover how to
make it go away, and if the obvious way of doing so works, won't trouble
themselves further. (case in point - "how did that porn dialler get
there? I only visited a website or two. Yeah, there was some sort of
popup box but I closed it")
3) not all machines will be vulnerable - either by skill, initial
design, patching dilligence or obsolescence, some machines will be
inherently protected against any given outbreak. Downside there is -
said users will invariably decide they don't *need* to take protective
measures because this one attack couldn't affect them (case in point -
most linux users do not have AV software of any type, despite at least
one being free and open source)
4) any scheme that relies on blocking users from what they want to do
will be bypassed by at least some of those users; once some of the users
know how to do it, the blackhats won't be far behind teaching their
creations how to do it too, and the greyhats in writing little pretty
gui tools to do it automagically - relying that users knowing how to
bypass lockdowns being skilled enough to look after their own security
therefore violates rule 1
5) anything that relies on convincing the users (or better yet their
machine) that the action *is* what they want to do is onto a winner; see
rule 3 and indeed rule 1 for details.
so back to your list.
> ISPs should stop porn,
not going to work - prohibition just makes it harder to regulate stuff,
even leaving aside the moral issues of trying to block online what can
be bought in most newsagents.
> ISPs should stop music sharing,
why? users obviously want to do it, and in many places it is not a
criminal act (copyright violations being civil not criminal in most
countries)
ISPs should of course co-operate with any lawful warrant or court order,
and (for practical purposes) try to limit their own expenses in having
to deal with copyright violations on websites and so forth but in the UK
(Not sure about elsewhere) the real problem is commercial pirates
selling dodgy copies from stalls or car boots, and that predates the web
(and indeed the CD)
> ISPs should stop viruses,
Sure. I don't think that should be free though - plenty of services out
there offer filtered, reactive web access to remove all those nasty
worms, email viruses and so forth as fast as is possible. Doing that
work *costs* and has little or nothing to do with the business of
pushing bits down wires. Yey the free market....
> ISPs should stop <insert here>.
damn right. <insert here> has always bugged me :)
More information about the NANOG
mailing list