Quarantine your infected users spreading malware
Bill Nash
billn at odyssey.billn.net
Tue Feb 21 16:35:17 UTC 2006
On Tue, 21 Feb 2006, Valdis.Kletnieks at vt.edu wrote:
>>> If you're talking about a compulsory software solution, why not, as an
>>> ISP, go back to authenticated activity? Distribute PPPOE clients mated
>>> with common anti-spyware/anti-viral tools. Pull down and update signatures
>>> *every time* the user logs in, and again periodically while the user is
>>> logged in (for those that never log out). Require these safeguards to be
>>> active before they can pass the smallest traffic.
>>
>> Cost prohibitive.. In order to do that you'll need licenses from the
>> AV companies..
>
> Oddly enough, AOL and several other large providers seem to have no problems
> advertising some variant on 'free A/V software'.
>
When referring to AOL customers, though, you're talking about a target
market that is accustomed to being offered a bundled package, and for lack
of a better term, doing what it's told. Largely, AOL users aren't the
problem. Comcast, Cox, Adelphia, and similiar providers with raw IP
consumers are the problem.[1] A la carte services are all good and well
for the end user, but it's a double edged sword in that they're good for
the botnet crews, too. I used to sneer at offerings like AOL or Compuserv,
because they weren't what I needed. Now, I'm actually kind of glad they
exist because some users clearly need the training wheels.
This is as much of a social problem as it is a technical one. I'm starting
to understand the perspective of a legislative heavy federal government
that has to pass laws to protect folks who are pretty much ignorant of the
problem.
- billn
[1] I don't point those out because of specific problems, I point them out
to describe service offering styles and network architecture. I have no
interest in detailing why provider X sucks, or talking to your lawyers
about it.
More information about the NANOG
mailing list