Australian ISPs Asked To Cut Off Malware-Infected PCs 286
bennyboy64 writes "Australia's Internet Industry Association has put forward a new code of conduct that suggests ISPs contact, and in some cases disconnect, customers that have malware-infected computers.
'Once an ISP has detected a compromised computer or malicious activity on its network, it should take action to address the problem. ISPs should therefore attempt to identify the end user whose computer has been compromised, and contact them to educate them about the problem,' the new code states. The code won't be mandatory, but it's expected the ISP industry will take it up if they are to work with the Australian Government in preventing the many botnets operating in Australia."
let's wait and see (Score:5, Insightful)
if the Australian definition of 'malware' is 'bittorrent'
Don't be a policeman (Score:5, Insightful)
sigh (Score:2, Insightful)
Re:let's wait and see (Score:1, Insightful)
I'd really like to see this implemented worldwide if it's done right.
About time (Score:3, Insightful)
Re:let's wait and see (Score:3, Insightful)
Doing portscan 24/7, taking pause only when sending out 100 mails per minute?
Re:Don't be a policeman (Score:5, Insightful)
The problem is the Australian government are already trying to censor our internet connections at the ISP level and whilst getting rid of bot nets sounds like a great idea, building any sort of traffic monitoring in now sounds dangeroulsy close to their existing plan to filter the net.
Hell, this could even be their plan, bring in filtering to take down bot nets then slowly but surely start to block porn they don't like and pro-abortion web sites and before you know it any political site not to their liking
Re:Don't be a policeman (Score:5, Insightful)
"The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all." - H L Mencken
Of course this is dicey, as the current proposition is, in my opinion a good idea. But we all know that GP's right.
Re:Don't be a policeman (Score:4, Insightful)
I pretty much agree - but the ISP's already monitor traffic for a variety of reasons. Mostly bad reasons, but the monitoring is in place. It really isn't hard to determine that a machine's excessive traffic is due to viral infections. Shutting them down seems like a good idea. When the customer calls to complain, tech support has a kindergarten teacher on hand to explain how simple it is to upgrade to a safe unix-like operating system to avoid future infestations.
Problem solved.
Re:let's wait and see (Score:1, Insightful)
If this is so imprtant, then why don't the telecommunications companies listen in on all our phone calls and terminate the telemarketing calls that a wasting the usable phone lines which means I get a "network busy" signal?
Re:Don't be a policeman (Score:2, Insightful)
I think this is a dumb idea. ISPs shouldn't have to cover for Microsoft's insecure software. Why not require that everyone connected to the Internet use a better OS? That idea makes just as much sense, doesn't it?
Worse is that this can so obviously be used as a wedge to demand that ISPs do copyright policing, obscenity policing, and who knows what else.
Throttling based solely on quantity of traffic coming from a customer seems a simpler, fairer, less politically exploitable method.
Re:Don't be a policeman (Score:3, Insightful)
What about malware writers who figure out how the detection works? This is yet another arm race.
Re:Don't be a policeman (Score:5, Insightful)
I've worked for ISPs here in Sweden and most serious ISPs here see it as standard practice to warn and then disconnect users who are running zombie machines, nothing strange or totalitarian about it, it's about protecting their network and their other customers from harm.
/Mikael
Verify and notify before you disconnect (Score:5, Insightful)
My otherwise stellar ISP has a "shoot first, ask no questions security policy"
It is frustrating to lose access to my home server while at work and not be able to do any troubleshooting because I need physical access to the machine.
It is quite maddening to finally get home, verify that there is nothing wrong on my end, call up support and (eventually) find out that I've been deliberately disconnected because of a security problem that doesn't exist.
Re:Don't be a policeman (Score:1, Insightful)
I pretty much agree - but the ISP's already monitor traffic for a variety of reasons. Mostly bad reasons, but the monitoring is in place. It really isn't hard to determine that a machine's excessive traffic is due to viral infections. Shutting them down seems like a good idea. When the customer calls to complain, tech support has a kindergarten teacher on hand to explain how simple it is to upgrade to a safe unix-like operating system to avoid future infestations.
Problem solved.
Meanwhile in the real world: everything previously rejected by censorship initiatives now falls under malware and can be blocked/disconnected without the need for a law that is hard to get past parliament/congress or whatever they call it down there. Reminds me of the German family ministers initiavite to make "voluntary" contracts with ISPs to block undesirable sites because putting it into a law would take too much time and opposition.
Even if it sounds good on the surface, rest assured they won't stop there and they will get pretty creative when it comes to the definition of malware. Not to mention that the more of these filters get implemented, the more will follow. Another example was a court decision here where the judge said an ISP is not required to filter (potentially copyright violating foreign sites) because no filtering infrastructure is in place. Would there have already been an infrastructure, a lot more would have been mandatory to filter.
Re:let's wait and see (Score:5, Insightful)
Telemarketers pay for access to the phone system. Spammers and botnet controllers hijack other peoples access.
And what third world country do you live in to get "network busy" at any time except during a disaster? I am 26 and have never experienced it myself although I know it happens.
Re:internet licence (Score:2, Insightful)
Some kind of attitude test might be a good idea too.
Re:Don't be a policeman (Score:5, Insightful)
The idea is good because it would it that much harder to propagate botnets and even feasible, but the real problem is that almost all end users have no idea what malware is or how to stop it. Unless the enduser is supported in removing the malware, and in the case of rootkits this usually means reinstalling the OS, then it will only result in a huge number of complaints that the ISPs will not be able to cope with.
Most end users have no idea how to replace the spin motor on their washing machine, either.
I don't understand why people who are perfectly happy with getting knowledgeable technicians to work on almost all of their household equipment think that their PC is some sort of magical exception.
Re:Don't be a policeman (Score:4, Insightful)
"It's the next-best thing to requiring a license to use the 'net. "
Instead, you'll need a license to run a peer-to-peer protocol.* Any traffic from an "unlicensed application" will be assumed to be malware and thus blocked. That way, only "authorised" applications from vendors who have paid for a license will work. How many of those will be things like "iTunes" and how many things like "BitTorrent"...?
(*Just because I'm paranoid doesn't mean they aren't out to get us...)
Re:Don't be a policeman (Score:5, Insightful)
Having said all that, it is NOT the Aussie government advocating this action! Perhaps the errant public would be well served by their ISP informing them that their machine is infected. As it stands, I see machines that are "typhoid Mary's", So infected with trojan's, virus's and other malware that it is amazing they still work at all. The average user doesn't have a clue there is a problem beyond complaining that their machine is slow. (Which is often why they "upgrade" to a "faster" machine! Seems very fast until the new machine gets infected
Re:Don't be a policeman (Score:3, Insightful)
RTFA - They said if the ISP Knows a customer is using a malware infected PC; Working for an Australian (Adelaide) ISP at one point, I can tell you - this is the easy part, We don't have to monitor ports or anything - just wait for somebody to send an email to postmaster/abuse/etc on our domain complaining about spam from specified IP in our range.
Find the customers session - call them, tell them its malware, etc
Protip: Adelaide ISPs pretty much do this already; having your subnet blocked from sending email to somewhere important (like hotmail or gmail - which are important becuase customers send lots of email there) means customers get pissy, pissy customers is a loss of business - killing 1 customers session and suspending their service is better from a business point of view than having 10,000 customers complain and possibly move ISPs...
Re:let's wait and see (Score:1, Insightful)
Re:Microsoft's response (Score:3, Insightful)
Re:Microsoft's response (Score:5, Insightful)
Oh come on.
90% of security holes that have been exploited in the last few years are sitting on the chair in front of the computer. Even if Windows were to evaporate overnight and everyone using it were magically switched to a Mac or to Linux, inside a few weeks you'd see malware pop up which has Apple logos and Linux penguins and makes reassuring noises while insisting it really does need your password.
Re:Don't be a policeman (Score:4, Insightful)
Any network admin worth the lunch they bring in every day can find a seriously malware infected machine in about 10 minutes.
Re:Don't be a policeman (Score:2, Insightful)
Re:About time (Score:5, Insightful)
alice: I don't know what irc is!
3 hours later...
bob: alice, what happened to our internet? I couldn't connect to our server from work today.
alice: server?
Re:Microsoft's response (Score:3, Insightful)
Re:let's wait and see (Score:2, Insightful)
Re:Microsoft's response (Score:3, Insightful)
The 'botnet' consisted of about 100 Linux servers, none of whom could be proven to have been infected via automated means. Indeed, the man who discovered this threat speculated that they were compromised by sniffing FTP passwords. Not included in the report was how many actual machines were compromised. Individual Linux web servers can host hundreds of accounts or more.
As a proportion of Linux servers, this number is vanishingly small. Compared to the rate of infection of Windows PCs, both in real numbers and per capita, there's almost no comparison to be made.
The target of the malicious iframes that the Linux machines were serving up? Windows.
Methinks thou dost protest too much.
Re:Car Inspection (Score:3, Insightful)
Re:Don't be a policeman (Score:4, Insightful)
Well, quite. It doesn't help that Microsoft have conditioned people to ignore these warnings as being totally unimportant, and at the same time have worded them so badly that most people never even try to understand them, they just hammer away trying to find a way to do what they want without the warning coming up.
I've actually met IT professionals who seem to think that doing this is the correct way to troubleshoot a problem. Shoot me now...
Re:Don't be a policeman (Score:3, Insightful)
"The GP is right"??? Okay. And while we're at it we should advise women to stop wearing clothes cut above the knee, or more than 2 inches below the neck. Plus we should punish people who leave their car doors unlocked. Also we should punish people who have regular windows on their homes instead of unbreakable windows.
Point - This proposal strikes me as blaming the victim. It's not a woman's fault she got raped, just because she wore revealing clothing. It's not the car or home owner's fault somebody broke in and stole. Likewise in most cases it's not the user's fault somebody used a flash or java applet to hijack his machine (it's typically the fault of the webmaster).
Stop punishing victims.
Re:let's wait and see (Score:5, Insightful)
>>>freedom of speech means watching child porn.
Nudity is not porn except in the minds of mentally ill persons. And yet oftentimes mere possession of a naked photograph, even it's of your own family or yourself, will land you in jail. Witness the American students who were charged with child porn because they used their phones to shoot themselves without clothes. Why is taking a photo of yourself illegal??? It's stupidity. It's anti-liberty. Worse - fear of nude bodies is a psychological disease, and I suspect Conroy is patient zero.
Pick a number. Make it six digits. (Score:3, Insightful)
Re:Don't be a policeman (Score:3, Insightful)
When my car's "check engine" light comes on, there is almost always a real problem. When my computer pops up its warning, it might be something serious or it might mean I need to enter a password, or it might be attention-whoring from my AV program. To be useful, PC warnings have to be rare events that only happen when your machine really does need attention, not things that happen all the time.
Re:Don't be a policeman (Score:5, Insightful)
It's quarantine. If a person gets sick with a contagious disease, it may not be their fault and you probably don't want to punish them. But for public safety, you do need to contain them until they are no longer dangerous to others.
The same applies to sick computers. If it is spewing viruses and malware then stop it, whether the person who owns it was doing it intentionally or not. You can forward all traffic to a local ISP web sight that informs them of the problem and directs them to appropriate ISP approved scanning software or other solutions available within the quarantine zone. If the user does not trust the ISP, fine. They can go clean their machine themselves.
Whether you trust the ISP/Government to have the right motive is a separate issue. But quarantine is an established procedure for humans, and it's not that different here.
Re:Microsoft's response (Score:3, Insightful)
Did this get modded up so we could all marvel at the insanity of this person? Because those are some outrageously ignorant claims.
Re:Car Inspection (Score:3, Insightful)
Do you really want a government bureaucrat picking through your hard disk deciding what is malware and what isn't? Would the government even have technicians capable of determining whether your linux install is malware or not?