Quarantine your infected users spreading malware

Michael Loftis mloftis at wgops.com
Thu Feb 23 17:18:16 UTC 2006



--On February 23, 2006 8:02:31 AM -0600 Jack Bates <jbates at brightok.net> 
wrote:

> We allowed users back online to run Housecall at trendmicro for free so
> they could get cleaned up and save some money. However, the resuspend
> rate was so high, we quickly changed to offline cleanup only. It will
> remain until we perfect our auto defense system.
>
> Customers just want things to work. They don't care if they are infected.
> It's amazing how many customers swear they aren't scanning or sending
> email, and refuse to understand that their computer is capable of doing
> things without them knowing.


What doesn't help is the ISPs out there who are complete dolts and first 
don't verify reports and second false alarm.  They'll cut a user off on a 
single complaint without any evidence or verification.  Or worse they have 
some automated system that false alarms without any way to verify you're 
cleaned up.  And if you can't get online you can't get cleaned up anyway. 
Catch 22.  



More information about the NANOG mailing list