Australian ISPs Asked To Cut Off Malware-Infected PCs 286
bennyboy64 writes "Australia's Internet Industry Association has put forward a new code of conduct that suggests ISPs contact, and in some cases disconnect, customers that have malware-infected computers.
'Once an ISP has detected a compromised computer or malicious activity on its network, it should take action to address the problem. ISPs should therefore attempt to identify the end user whose computer has been compromised, and contact them to educate them about the problem,' the new code states. The code won't be mandatory, but it's expected the ISP industry will take it up if they are to work with the Australian Government in preventing the many botnets operating in Australia."
Reminds me (Score:5, Interesting)
Re:I think it's a great idea. (Score:3, Interesting)
Re:let's wait and see (Score:5, Interesting)
My ISP (EXETEL) already does this.. (Score:5, Interesting)
My (Australian) ISP has been doing this at least for spam relays for a few years now. If they detect you are being used to spam they cut all your traffic and redirect port 80 to a page telling you what has happened and giving you links to AV tools and an automated traffic checker that will unblock you once you have dealt with the malware. Two of the guys I live with got infected and so I have personal experience dealing with the system. To me it seems like a perfectly sensible and responsible reaction to a serious problem. IMO any ISP not doing this is an irresponsible netizen.
To me it is like your CC company notifying you of suspicious charges or the phone company asking why your mobile is suddenly making hundreds of calls from Azerbaijan. It not only stops the current problem but if people are actually notified that they have a problem they are far more likely to take steps to protect themselves in the future.
Many school networks already do this (Score:4, Interesting)
Re:My ISP (EXETEL) already does this.. (Score:1, Interesting)
It also happens in the Netherlands with XS4All.
At some point a server at work was hacked. Since I connect to home using an SSH key, my home machine was compromised as well.
My ISP then sent me an email, and cut off all access except:
- email (it went via their spam filtering email server)
- HTTP (if gone through their proxy; otherwise only their website)
This is a solution that also works for grandma, because she has no clue how to clean their computer, doesn't know how to find someone to pay to do this right, and doesn't want to burden the children with what she percieves to be an unimportant plaything (after all, the postal services still work).
Re:About time (Score:4, Interesting)
Having sold "unlimited" access at a fixed price, ISPs run on tight margins, so one simple email or phone call, plus the subsequent dealing with the customer, will wipe out the whole year's profit from that customer. So what in practice will happen if ISPs go down this route is that they will simply start blocking the ports for IRC and mail. And then the malware will move to another protocol, and that will be blocked, and so on.
I suspect the the law of unintended consequences will mean that we'll end up with ISPs that provide access only to http and https.
Re:Reminds me (Score:5, Interesting)
A couple of years ago, a major ISP in Finland had a somewhat similar system. They wouldn't allow infected computers to take any other network access than HTTP and they redirected all HTTP traffic to a page saying "you're infected" and providing short instructions on how to fix it. It seems that they're not doing it anymore, but I don't know the reason.
The largest ISP in Finland, Elisa is still doing it and the system is actually working very well. I haven't seen a single false positive yet (yes I work in their helpdesk).
Microsoft's response (Score:5, Interesting)
I'm curious about how MS will respond to this if it comes into being. On one hand they'll lose a large number of users, after all, does anyone outside the MS camp really believe that it's not gonna be 100% infected Windows PC's that will be affected? What will MS do?
Will they offer discounted or free vouchers for repairs, upgrades etc? How many of these machines will be unlicensed? Will they pay to fix unlicensed copies of Windows if the owners either have no money to spend on a sticker with a number on it? In the current economic climate you can't blame them. Is a subsidy to clean the PC worth the ISP's time and hassle knowing it'll be infected again by the end of the week at the latest, and they'll have to repeat the same warning and threat of disconnection all over again. Will they provide paid anti-malware software? Who pays for all of this? Will they provide training for Windows users to at least give them a chance of having a few months online without a letter?
This would reflect badly on MS in any free press, even having to be the only ones to offer fixes is embarrassing enough. Given that MS control the mainstream media it'll go unnoticed as far as PR is concerned, but it's yet one more thing eating into their profits at a time where they're struggling.
The alternative is to lose a large number either to Linux, or off the internet altogether. Anyone who's had the internet for a while knows what it's like when it goes down for a few hours, will those people really decide the internet is not worth it?
I'm guessing the great philanthropists and all round nice people at MS are busy lobbying at every level to stop this from happening or at least water it down (notice the ISPs are being "asked" not "told"). They need to keep market share by any means necessary, ideally without spending a cent on it. The rest of the world can suffer as long as MS's interests are not hurt.
Given that Windows has all the security of a paper tank in a thunderstorm this will be hilarious to see the workload the scheme entails, and over time the number of Windows PCs in Australia still connected because they're NOT infected. They will drop like flies. Give it a few years and it'll be a Windows free zone.
Re:I think it's a great idea. (Score:5, Interesting)
I've contacted ISP's about their customers attempting to "hack me" because they were infested with Code Red and Nimda and for some reason my Apache server on Linux looked incredibly tasty. They of course proceeded to ignore me and not even to contact their customers.
I had a similar experience at University. I was living on campus and had my Apache server running along nicely on my Linux box, and kept on getting these weird error logs. As soon as I saw it I had a feeling that it was Code Red, so I checked up on the net just to confirm. It was. So I then traced it back to its source - one of the University's own computers. I contacted the Uni's IT staff and informed them that they had a machine that was infected with Code Red. Do you know what response they gave me?
"It isn't our machine that is infected. Your machine is the infected one."
For anyone who didn't read the above properly, or can't be bothered going back over it again, I was running Apache on Linux and the Code Red worm infected Microsoft IIS Web Servers.
Re:My ISP (EXETEL) already does this.. (Score:2, Interesting)
Re:Don't be a policeman (Score:3, Interesting)
I'm in the UK and used to use Zen as my ISP. I found their tech support very helpful in spotting dodgy activity emanating from my home network and advising me on ways to investigate and correct my problems. They did warn that I should take immediate action or they would have to consider suspending my connection. I found this a sensible, helpful and mature approach to the situation.
If done properly involvement of the ISP in identifying and helping resolve infected PCs should be welcomed I would have thought...
Re:Don't be a policeman (Score:5, Interesting)
Re:Reminds me (Score:1, Interesting)
Really? The web is already overcrowded with bogus sites claiming I am "infected" and this amazing javascript from china will magically cure my PC, give me unlimited free beer and resurrect my late aunt. This is a bad path to follow.
Re:Microsoft's response (Score:2, Interesting)
Let's get real here... (Score:2, Interesting)