Quarantine your infected users spreading malware

Bill Nash billn at odyssey.billn.net
Tue Feb 21 16:35:17 UTC 2006

On Tue, 21 Feb 2006, Valdis.Kletnieks at vt.edu wrote:

>>> If you're talking about a compulsory software solution, why not, as an
>>> ISP, go back to authenticated activity? Distribute PPPOE clients mated
>>> with common anti-spyware/anti-viral tools. Pull down and update signatures
>>> *every time* the user logs in, and again periodically while the user is
>>> logged in (for those that never log out). Require these safeguards to be
>>> active before they can pass the smallest traffic.
>> Cost prohibitive..  In order to do that you'll need licenses from the
>> AV companies..
> Oddly enough, AOL and several other large providers seem to have no problems
> advertising some variant on 'free A/V software'.

When referring to AOL customers, though, you're talking about a target 
market that is accustomed to being offered a bundled package, and for lack 
of a better term, doing what it's told. Largely, AOL users aren't the 
problem. Comcast, Cox, Adelphia, and similiar providers with raw IP 
consumers are the problem.[1] A la carte services are all good and well 
for the end user, but it's a double edged sword in that they're good for 
the botnet crews, too. I used to sneer at offerings like AOL or Compuserv, 
because they weren't what I needed. Now, I'm actually kind of glad they 
exist because some users clearly need the training wheels.

This is as much of a social problem as it is a technical one. I'm starting 
to understand the perspective of a legislative heavy federal government 
that has to pass laws to protect folks who are pretty much ignorant of the 

- billn

[1] I don't point those out because of specific problems, I point them out 
to describe service offering styles and network architecture. I have no 
interest in detailing why provider X sucks, or talking to your lawyers 
about it.

More information about the NANOG mailing list