"Default" Internet Service

Mon Jun 14 21:26:28 UTC 2004

Smith, Donald wrote:

>First are the consumers willing to pay for a "safer" internet
>DSL/dial/isdn?
>
Why should they have to?

>I believe if they were there would be a safer service available. I have
>seen several "secure" isp's fail in the last
>few years. If you have any data that shows that there is a market for a
>more secure dialup/DSL/isdn... please share it.
>
No, but it won't belong before you will find half a dozen reasons why as 
an ISP you will want to do it - but then it may be too late.

>2nd blaming infected machines on the internet is similar to blaming your
>postal carrier for bringing you junk mail and bills.
>
Crap

> About 1/2 of all of
>the large "infection" events on the internet are the result of people
>running unpatched unsecured applications on their machines. The other
>half of the infections I see are due to an end user opening an email and
>running an attachment.
>
Correct

> Even with a secure OS this simple method of infection will continue to work.
>
Correct

However you are ignoring the fact that once the machine is infected, the 
machine can be used by hundreds of people (skript kiddies) to damage 
other parts of the internet, further they can (and are) being used by 
organised crime to extort money out of large financial institutions and 
companies, and that's not to mention DDoS's on the smaller people who 
are just in the way.

>How and when did it become the responsibility of the ISP to protect the
>end users machines? 
>
It hasn't, however the data coming from an ISPs network has always been 
the responsibility of the ISP.... and I would suggest if you cannot stop 
the endusers getting infected, then you should look at stopping those 
machines from abusing other machines on the internet....  If you will 
not do that you should not be peered.

>Do ISP's get paid to protect end user machines?
>
No, they get paid for traffic, which is the reason some ISPs out there 
don't care if their customers are DDoSing anothers network.

>If you want to blame someone maybe the company that provided the
>insecure os that requires monthly patches to fix portions of the broken
>code they sold. Or you could blame the end users who open unknown
>attachments. 
>
Yup, we've been doing that for years, and they have been fixing things 
as fast as possible (not always, and not until more recently) however 
they are making steps in the right direction, so I feel it's about time 
ISP's started taking some of the responsibility for traffic on their 
network.  As far as the attachments go, education is the only way - and 
if they cannot be educated they shouldn't be on the Internet.

>I would like a real solution to the problem. Simply blocking ports is
>not successful. 
>So I recommend 2 steps. 
>
>First buy OS's that are more secure out of the box.
>
That's not going to happen anytime soon, even with Microsoft starting to 
follow the 'right' road.

>2nd Teach users NOT to click on every thing they see.
>  
>
...and how are you going to do that?  If you give a user a $10 account 
where they have full internet access they click on everything, then they 
get infected, their machine is controlled by someone else across the 
world and is used for DDoS attacks or spam (or..hacking, or...?) .. what 
are you going to do to educate them in the middle....?  What is the ISP 
going to do to make sure that the enduser has been educated?   What are 
you the ISP going to do to ensure the machine that was infected has now 
been disinfected...?

I don't expect you the ISP to solve all these problems, nor do I expect 
you the ISP to stop your users from getting infected.... However you the 
ISP are responsible for traffic coming from and going to your users, and 
most of us don't care if you want to allow your users to get infected, 
however we do care if you allow your customers to attack us....  Whether 
it be an attack in the form of spam, DDoS or trojan/virus spreading.

/ Mat