FBI tells the public to call their ISP for help

Florian Weimer fw at deneb.enyo.de
Fri Jun 15 20:06:42 UTC 2007

* Owen DeLong:

> Wrong... Most of them are subject to the problems they have because
> of their contractual relationship with Micr0$0ft.  Specifically,
> they made the unfortunate mistake of purchasing software from
> Micr0$0ft, agreeing to the Micr0$0ft End User License Agreement
> (contractual relationship) and then running the Micr0$0ft software,
> which lead directly to their system getting owned (or pwn3d if you
> prefer) due to the enormous number of design flaws, well known
> exploits, and other deficiencies in the code purchased from
> Micr0$0ft.

In most parts of the world, the Microsoft EULA is not enforceable.
Most users don't buy their software from Microsoft, either.  It's
preinstalled on their PC, and Microsoft disclaims any support.

> In what way, exactly, is this in any part the ISPs fault?  Why
> should their ISP bear the brunt of the costs for Micr0$0ft's poorly
> written code?

Most ISPs recommend using Microsoft software or provide software for
the Microsoft platform, and require to turn on JavaScript, which makes
browsers much more vulnerable.  (Obviously, this doesn't matter in
practice, but still.)  They don't exist in a vacuum.

But the whole thing underlines a very difficult problem compromised
end users face: they haven't got anyone to turn to.  Someone quoted
rates for some services, and these aren't acceptable (you can almost
get a newer, faster PC for that price).  Part of the problem is
piracy, which makes it difficult to reinstall everything from scratch.
Another one is the lack of an audit trail which would tell *why* the
customer got infected, so that you could get some learning effect.

More information about the NANOG mailing list