Forgot your password?
typodupeerror
Security IT

Australian ISPs Asked To Cut Off Malware-Infected PCs 286

Posted by timothy
from the good-of-the-tribe dept.
bennyboy64 writes "Australia's Internet Industry Association has put forward a new code of conduct that suggests ISPs contact, and in some cases disconnect, customers that have malware-infected computers. 'Once an ISP has detected a compromised computer or malicious activity on its network, it should take action to address the problem. ISPs should therefore attempt to identify the end user whose computer has been compromised, and contact them to educate them about the problem,' the new code states. The code won't be mandatory, but it's expected the ISP industry will take it up if they are to work with the Australian Government in preventing the many botnets operating in Australia."
This discussion has been archived. No new comments can be posted.

Australian ISPs Asked To Cut Off Malware-Infected PCs

Comments Filter:
  • let's wait and see (Score:5, Insightful)

    by Anonymous Coward on Tuesday September 15, 2009 @02:11AM (#29422953)

    if the Australian definition of 'malware' is 'bittorrent'

  • by kregg (1619907) on Tuesday September 15, 2009 @02:14AM (#29422961)
    ISPs should just provide internet access not police and monitor traffic.
    • by DavidD_CA (750156) on Tuesday September 15, 2009 @02:37AM (#29423063) Homepage

      Since infected computers often lead to DDOS and spam botnets, I think this is a good idea.

      Up for debate is the method they use to detect a rogue machine, but if they can perfect that then I'm all for this.

      Clueless users probably go for months without realizing they're sending out hundreds of emails a day, or helping to bring down some remote server.

      It's the next-best thing to requiring a license to use the 'net. ;)

      • by some_guy_88 (1306769) on Tuesday September 15, 2009 @02:53AM (#29423143) Homepage

        The problem is the Australian government are already trying to censor our internet connections at the ISP level and whilst getting rid of bot nets sounds like a great idea, building any sort of traffic monitoring in now sounds dangeroulsy close to their existing plan to filter the net.

        Hell, this could even be their plan, bring in filtering to take down bot nets then slowly but surely start to block porn they don't like and pro-abortion web sites and before you know it any political site not to their liking

        • by calmofthestorm (1344385) on Tuesday September 15, 2009 @03:11AM (#29423201)

          "The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all." - H L Mencken

          Of course this is dicey, as the current proposition is, in my opinion a good idea. But we all know that GP's right.

          • Re: (Score:3, Insightful)

            "The GP is right"??? Okay. And while we're at it we should advise women to stop wearing clothes cut above the knee, or more than 2 inches below the neck. Plus we should punish people who leave their car doors unlocked. Also we should punish people who have regular windows on their homes instead of unbreakable windows.

            Point - This proposal strikes me as blaming the victim. It's not a woman's fault she got raped, just because she wore revealing clothing. It's not the car or home owner's fault somebody b

            • by IPFreely (47576) <mark@mwiley.org> on Tuesday September 15, 2009 @08:57AM (#29424979) Homepage Journal
              You missed the point. It's not punishment.

              It's quarantine. If a person gets sick with a contagious disease, it may not be their fault and you probably don't want to punish them. But for public safety, you do need to contain them until they are no longer dangerous to others.

              The same applies to sick computers. If it is spewing viruses and malware then stop it, whether the person who owns it was doing it intentionally or not. You can forward all traffic to a local ISP web sight that informs them of the problem and directs them to appropriate ISP approved scanning software or other solutions available within the quarantine zone. If the user does not trust the ISP, fine. They can go clean their machine themselves.

              Whether you trust the ISP/Government to have the right motive is a separate issue. But quarantine is an established procedure for humans, and it's not that different here.

        • by SlashWombat (1227578) on Tuesday September 15, 2009 @04:13AM (#29423435)
          The Aussie Government has both good and bad ideas WRT the internet. On the good side, is genuine broadband via a new fibreoptic backbone at an estimated cost of 43e9 dollars. On the bad side is the excretable idea of mandatory filtering. (Which can easily be circumvented ... thus making those who do wish to view kiddie porn even more anonymous!)

          Having said all that, it is NOT the Aussie government advocating this action! Perhaps the errant public would be well served by their ISP informing them that their machine is infected. As it stands, I see machines that are "typhoid Mary's", So infected with trojan's, virus's and other malware that it is amazing they still work at all. The average user doesn't have a clue there is a problem beyond complaining that their machine is slow. (Which is often why they "upgrade" to a "faster" machine! Seems very fast until the new machine gets infected ... takes about a week!)
          • by digitig (1056110) on Tuesday September 15, 2009 @04:55AM (#29423615)
            I'm surprised that the ISPs don't do this already. When one of my family members connected an infected PC to my home network my (UK) ISP promptly contacted me to tell me that the network was a source of malware attacks and to sort it or they would disconnect me. For which I was grateful, and I helped the family member resolve the problem.
            • Can't Nastyware authors detect which ISP you have? Presuming so, it just leads to another Phish attack. Combined with the completely abusive recordings their LEGIT tech support has, you get this:

              "Hello, this is ________. Your account details need to be updated because we think you have malware on your computer. Have you rebooted your computer? Rebooting your computer can help remove local events in a browser that are slowing your machine down. Once you have rebooted your computer, stay on the line and an ac

      • Re: (Score:2, Insightful)

        by bzipitidoo (647217)

        I think this is a dumb idea. ISPs shouldn't have to cover for Microsoft's insecure software. Why not require that everyone connected to the Internet use a better OS? That idea makes just as much sense, doesn't it?

        Worse is that this can so obviously be used as a wedge to demand that ISPs do copyright policing, obscenity policing, and who knows what else.

        Throttling based solely on quantity of traffic coming from a customer seems a simpler, fairer, less politically exploitable method.

      • by Peet42 (904274) <Peet42@noSpAm.Netscape.net> on Tuesday September 15, 2009 @04:06AM (#29423413)

        "It's the next-best thing to requiring a license to use the 'net. "

        Instead, you'll need a license to run a peer-to-peer protocol.* Any traffic from an "unlicensed application" will be assumed to be malware and thus blocked. That way, only "authorised" applications from vendors who have paid for a license will work. How many of those will be things like "iTunes" and how many things like "BitTorrent"...?

        (*Just because I'm paranoid doesn't mean they aren't out to get us...)

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        RTFA - They said if the ISP Knows a customer is using a malware infected PC; Working for an Australian (Adelaide) ISP at one point, I can tell you - this is the easy part, We don't have to monitor ports or anything - just wait for somebody to send an email to postmaster/abuse/etc on our domain complaining about spam from specified IP in our range.

        Find the customers session - call them, tell them its malware, etc

        Protip: Adelaide ISPs pretty much do this already; having your subnet blocked from sending email

      • I agree with the parent. One of the major issues with Malware is that it cannot be detected locally. As much at it gives me the creeps, detecting Malware from a third party location, like an ISP is definitely a feasible solution, especially when dealing with non savvy end users.
    • by Runaway1956 (1322357) on Tuesday September 15, 2009 @03:22AM (#29423235) Homepage Journal

      I pretty much agree - but the ISP's already monitor traffic for a variety of reasons. Mostly bad reasons, but the monitoring is in place. It really isn't hard to determine that a machine's excessive traffic is due to viral infections. Shutting them down seems like a good idea. When the customer calls to complain, tech support has a kindergarten teacher on hand to explain how simple it is to upgrade to a safe unix-like operating system to avoid future infestations.

      Problem solved.

      • When the customer calls to complain, tech support has a kindergarten teacher on hand to explain how simple it is to upgrade to a safe unix-like operating system to avoid future infestations.

        What's wrong with the tech support monkey teaching them how to set up a restricted account for every day use? Why couldn't they instead tell the user that browsing the web from an Administrator account is what caused the issue, accompanied with clicking "Yes" "Accept" and "Allow" at every box which pops up in front of them?

        Linux is not a cure, it's a choice. Education is the cure.

        • Linux is part of the cure. It helps in treating one symptom of the disease. Ignorance is drastically reduced after just one installation of any unix like operating system.

          Of course, there are those who take pride in their ignorance. Some of those individuals insist on running as root when they finally upgrade to Linux.

    • by mikael_j (106439) on Tuesday September 15, 2009 @03:39AM (#29423305)

      I've worked for ISPs here in Sweden and most serious ISPs here see it as standard practice to warn and then disconnect users who are running zombie machines, nothing strange or totalitarian about it, it's about protecting their network and their other customers from harm.

      /Mikael

      • by Fred_A (10934)

        I've worked for ISPs here in Sweden and most serious ISPs here see it as standard practice to warn and then disconnect users who are running zombie machines, nothing strange or totalitarian about it, it's about protecting their network and their other customers from harm.

        It certainly makes sense, but what happens next ? How do most clueless users manage to clean their machines, with no network access ? And how do they get their access back ? What's the process to certify their rig as being "clean" ? Or has a "home Windows cleaning" (no, not those windows) industry sprung up to meet the demand ?

        • by mikael_j (106439)

          Well, the procedure when I was handling abuse cases was:

          1. Warning, user told to clean up machine and informed that further complaints or indications or malware infestation would result in temporary disconnection.
          2. Temporary disconnection until the user contacted us and said he/she had fixed the problem.
          3. If we reconnect the user and the problem persists, the user's connection is once again disabled and the user is told to have his/her machine properly examined and fixed by a computer store or similar professiona
        • by IBBoard (1128019)

          It certainly makes sense, but what happens next?

          What happens after you've been disconnected? You get it fixed or you find an ISP who cares less and end up dragging the Internet down from somewhere else.

          How do most clueless users manage to clean their machines, with no network access?

          That'd be something like "a computer store" - one of the ones where they have Techs to help fix things.

          And how do they get their access back ? What's the process to certify their rig as being "clean" ?

          The obvious solution would

    • by theolein (316044)

      The idea is good because it would it that much harder to propagate botnets and even feasible, but the real problem is that almost all end users have no idea what malware is or how to stop it. Unless the enduser is supported in removing the malware, and in the case of rootkits this usually means reinstalling the OS, then it will only result in a huge number of complaints that the ISPs will not be able to cope with.

      • by PeterBrett (780946) on Tuesday September 15, 2009 @04:01AM (#29423397) Homepage

        The idea is good because it would it that much harder to propagate botnets and even feasible, but the real problem is that almost all end users have no idea what malware is or how to stop it. Unless the enduser is supported in removing the malware, and in the case of rootkits this usually means reinstalling the OS, then it will only result in a huge number of complaints that the ISPs will not be able to cope with.

        Most end users have no idea how to replace the spin motor on their washing machine, either.

        I don't understand why people who are perfectly happy with getting knowledgeable technicians to work on almost all of their household equipment think that their PC is some sort of magical exception.

        • by Fred_A (10934)

          I don't understand why people who are perfectly happy with getting knowledgeable technicians to work on almost all of their household equipment think that their PC is some sort of magical exception.

          That one is easy.

          Microsoft (and Apple) keep pushing the idea that computers and essentially their operating systems and software are super simple. Pah, a child a 5 could get this (fetch me a child of 5 !).
          People here know that it's actually horrendously complex and that it's often a miracle that it works at all, especially if we let users tinker with the stuff, but marketers have to sell their wares, so that kind of talk just won't do. So they lie through their teeth (they're trained to do this from a young

    • Re: (Score:3, Interesting)

      by Horus1664 (692411)

      I'm in the UK and used to use Zen as my ISP. I found their tech support very helpful in spotting dodgy activity emanating from my home network and advising me on ways to investigate and correct my problems. They did warn that I should take immediate action or they would have to consider suspending my connection. I found this a sensible, helpful and mature approach to the situation.

      If done properly involvement of the ISP in identifying and helping resolve infected PCs should be welcomed I would have thought

    • Re: (Score:2, Insightful)

      by natd (723818)
      This isn't suggesting the ISP's make any decisions, just to apply a new set of rules and have a procedure for disconnection. I suffered for weeks some years back from what looked like DoS attacks and masses of Spam which was largely coming from a single Internet Cafe on George St Sydney. I first spoke to the owner, who basically told me to get stuffed with what I assume were Chinese profanities chucked in for good measure. I appealed to him a few more times to at least try and clean up his machines, he told
    • ISPs should just provide internet access not police and monitor traffic.

      Yeah, and if they help my neighbour get rid of their malware, there will be less useless (even harmful) traffic clogging up the pipes I want to use.

      Even though I get along well with the "privacy paranoid" group, I think it's reasonably for ISPs to monitor for malware/spam traffic, and contact the users who get hit by it (which in many cases is through no fault of their own), tell them what's going on and offer help changing the situation.

      That's good for the malware-infected customer; it gives the ISP a bett

    • by dissy (172727)

      ISPs should just provide internet access not police and monitor traffic.

      The alternative is that the government ends up policing and monitoring traffic.

      Both are bad yes, but one just a teeny bit more so.

  • by rrrhys (1475013) on Tuesday September 15, 2009 @02:14AM (#29422965)
    Don't make me choose between the internet and bonzibuddy.
  • sigh (Score:2, Insightful)

    by Mr_Plattz (1589701)
    This is actually a good idea. Sadly, it's another step in the direction of moderated, government approved, unable to opt-out internet.
  • > "Once an ISP has detected a compromised computer or malicious activity on its network, it should take action to address the problem..."

    Damn I hope the entire process is automated - sniff/clip/boom....including the customer help line. Gonna be some super fine yelling and screaming at the line judge over this one.

    I mean, since 'the problem' has already been determined and all...
  • by Runefox (905204) on Tuesday September 15, 2009 @02:16AM (#29422985) Homepage

    Rogers, here in Canada, has been practising this for a few years now, and will notify and disconnect computers that are sending network packets that match known malware. I think it's an automated process, too.

    It's sort of funny, there was once a time when someone set the DHCP lease length too short, and several customers wrongly got blasted off the internet as they had been "infected".

  • Reminds me (Score:5, Interesting)

    by Shadikka (876072) on Tuesday September 15, 2009 @02:19AM (#29422991)
    A couple of years ago, a major ISP in Finland had a somewhat similar system. They wouldn't allow infected computers to take any other network access than HTTP and they redirected all HTTP traffic to a page saying "you're infected" and providing short instructions on how to fix it. It seems that they're not doing it anymore, but I don't know the reason.
    • I am guessing that the people who got infected probably saw the "you're infected" page as being normal [per earlier slashdot article] and once they realized they couldn't go anywhere else they blamed the ISP for it and went elsewhere.

    • Re:Reminds me (Score:5, Interesting)

      by dnaumov (453672) on Tuesday September 15, 2009 @03:33AM (#29423285)

      A couple of years ago, a major ISP in Finland had a somewhat similar system. They wouldn't allow infected computers to take any other network access than HTTP and they redirected all HTTP traffic to a page saying "you're infected" and providing short instructions on how to fix it. It seems that they're not doing it anymore, but I don't know the reason.

      The largest ISP in Finland, Elisa is still doing it and the system is actually working very well. I haven't seen a single false positive yet (yes I work in their helpdesk).

      • by theolein (316044)

        Wish I could mod you up. It's interesting.

      • Re: (Score:2, Funny)

        by SanguineV (1197225)

        I haven't seen a single false positive yet (yes I work in their helpdesk).

        Every system was infected with Windows?

      • by smurfsurf (892933)

        Same thing here for my ISP, Netcologne in Germany. Works like this for years. They even provide a malware removal download.

    • Re: (Score:3, Funny)

      by AHuxley (892839)
      90 % of the consumers where upset?
  • by pecosdave (536896) * on Tuesday September 15, 2009 @02:25AM (#29423009) Homepage Journal

    I've contacted ISP's about their customers attempting to "hack me" because they were infested with Code Red and Nimda and for some reason my Apache server on Linux looked incredibly tasty. They of course proceeded to ignore me and not even to contact their customers.

    • Re: (Score:3, Interesting)

      by Falconpro10k (602396)
      i always enjoyed seeing those in my snort logs, or even the logs in my pix in later years. And yes, I'd send the sniffer trace to the abuse address of the isp, never made a damn bit of difference. This is what infuriates me about consumer isps. If one of my clients who buys service from me started to get sniffer trace emails to my abuse mailbox, i'd be on the phone at the least.
    • by Gandalf_Greyhame (44144) on Tuesday September 15, 2009 @04:11AM (#29423429) Journal

      I've contacted ISP's about their customers attempting to "hack me" because they were infested with Code Red and Nimda and for some reason my Apache server on Linux looked incredibly tasty. They of course proceeded to ignore me and not even to contact their customers.

      I had a similar experience at University. I was living on campus and had my Apache server running along nicely on my Linux box, and kept on getting these weird error logs. As soon as I saw it I had a feeling that it was Code Red, so I checked up on the net just to confirm. It was. So I then traced it back to its source - one of the University's own computers. I contacted the Uni's IT staff and informed them that they had a machine that was infected with Code Red. Do you know what response they gave me?

      "It isn't our machine that is infected. Your machine is the infected one."

      For anyone who didn't read the above properly, or can't be bothered going back over it again, I was running Apache on Linux and the Code Red worm infected Microsoft IIS Web Servers.

  • About time (Score:3, Insightful)

    by Falconpro10k (602396) <jmark2@gma[ ]com ['il.' in gap]> on Tuesday September 15, 2009 @02:29AM (#29423025) Homepage
    Want to put a stop to malware/botnets? This is it. If a simple email/phone call asking "are you using irc/running your own mail server?" gets a response of "I don't know what irc is!", shut them down until they can clean out their machines, hell, even give them help, such as redirecting them to an isp sponsored AV or something (and no, i'm not talking enforcing it like some schools do with clean access or other network admission control.) Doing this sensibly could very seriously take a bite of out a lot of the problems on the 'net today.
    • Re:About time (Score:4, Interesting)

      by badfish99 (826052) on Tuesday September 15, 2009 @02:53AM (#29423139)

      Having sold "unlimited" access at a fixed price, ISPs run on tight margins, so one simple email or phone call, plus the subsequent dealing with the customer, will wipe out the whole year's profit from that customer. So what in practice will happen if ISPs go down this route is that they will simply start blocking the ports for IRC and mail. And then the malware will move to another protocol, and that will be blocked, and so on.

      I suspect the the law of unintended consequences will mean that we'll end up with ISPs that provide access only to http and https.

      • by timmarhy (659436)
        the cost of an email with a follow up call is nothing compared to the saving they will get from reduced bandwidth.

        as usual, nerds are hopeless with business decisions.

      • by jimicus (737525)

        I suspect the the law of unintended consequences will mean that we'll end up with ISPs that provide access only to http and https.

        You ever looked at any ISP's own online help or tried contacting one lately?

        Certainly here in the UK, most ISPs seem to think that's all they do anyway.

      • SSL much?
      • by IBBoard (1128019)

        I suspect the the law of unintended consequences will mean that we'll end up with ISPs that provide access only to http and https.

        Or the unintended consequence will be that (shock horror) ISPs will only sell what they're actually able to sell, and people won't be expecting "all you can eat" Internet access for £5 per month! You want excessively more bandwidth than is the norm? Pay for it.

    • Re:About time (Score:5, Insightful)

      by supernova_hq (1014429) on Tuesday September 15, 2009 @05:28AM (#29423801)
      tech support: Are you using irc/running your own mail server?
      alice: I don't know what irc is!

      3 hours later...

      bob: alice, what happened to our internet? I couldn't connect to our server from work today.
      alice: server?
  • by the_raptor (652941) on Tuesday September 15, 2009 @02:42AM (#29423081)

    My (Australian) ISP has been doing this at least for spam relays for a few years now. If they detect you are being used to spam they cut all your traffic and redirect port 80 to a page telling you what has happened and giving you links to AV tools and an automated traffic checker that will unblock you once you have dealt with the malware. Two of the guys I live with got infected and so I have personal experience dealing with the system. To me it seems like a perfectly sensible and responsible reaction to a serious problem. IMO any ISP not doing this is an irresponsible netizen.

    To me it is like your CC company notifying you of suspicious charges or the phone company asking why your mobile is suddenly making hundreds of calls from Azerbaijan. It not only stops the current problem but if people are actually notified that they have a problem they are far more likely to take steps to protect themselves in the future.

    • by shentino (1139071)

      The problem is that we've already had assholish ISPs use DPI as a means of discriminating against legitimate traffic.

      Before I would allow an ISP to do that to me they'd need to earn my trust first.

      • EXETEL are a one of the best ISP's down here. The only problem with them is that the network is getting so saturated these days (none of the major telcos will invest in new capacity until the Aussie government sorts out its 10 billion AUD future broadband scheme) that they are shaping P2P and limiting "bonus" data to 3am to 8am. Kind of sucks but the other option is for all traffic to be slow if the links max out due to unrestricted P2P.

        Other than the network capacity issue they are pretty "wink wink nudge

        • I meant to say they are shaping P2P except during the bonus data time of 3am to 8am. As I am only on ADSL1 I don't notice any shaping.

    • Re: (Score:2, Interesting)

      by KenMcM (1293074)
      Exetel also conducted a trial of its own [exetel.com.au] in regard to ISP level web filtering technologies. It made participation in this trial mandatory for all of its subscribers, disallowing them the freedom to opt-out. There's some food for thought.
  • by vxvxvxvx (745287) on Tuesday September 15, 2009 @02:43AM (#29423087)
    I know when I was living on campus at a state university my computer was caught in one of their malware scans. I was running Linux and had firewalled ping requests among other things. Their scanning system automatically assumed if a computer did not respond to ping it was infected.
  • Obviously there is the risk that the scanning could be "extended" but I would back it IF:

    1 - Users could opt-out
    2 - The list of blacklisted "malware" was maintained and published by a non political body
    • by Todd Knarr (15451)

      You wouldn't need to scan the computer. Just watch for the network traffic signature of malware (eg. open ports known to belong to malware that respond to the appropriate malware's protocol when probed, or open ports belonging to a Web server serving up malware). My ISP already scans for open ports as a regular security precaution. As for opt-out, no. The people who are the most problem are exactly the ones who'd opt out instead of fixing the problem (because in their mind the problem isn't the malware, it'

  • by Anonymous Coward on Tuesday September 15, 2009 @02:50AM (#29423131)

    If you cut off all the Malware-Infected PCs, only Macs will be left. (ok, maybe some linux boxen).

    *ducks*

  • It's illegal to drive on public roads without a driver's licence.

    It ought to be illegal to use a computer connected to the internet without some form of minimum qualification. i.e. an "internet licence"

    • Prove that this will save lives as the drivers license does and I'm sure some politician will hurt himself rushing to say it in front of a camera.

    • Re: (Score:2, Insightful)

      by neumayr (819083)
      It should be illegal to speak in public without some formal education in psychology and rhetoric.
      Some kind of attitude test might be a good idea too.
    • by Adambomb (118938)

      Yeah, they thought [slashdot.org] of that too.

  • by erice (13380) on Tuesday September 15, 2009 @03:42AM (#29423329) Homepage

    My otherwise stellar ISP has a "shoot first, ask no questions security policy"

    It is frustrating to lose access to my home server while at work and not be able to do any troubleshooting because I need physical access to the machine.

    It is quite maddening to finally get home, verify that there is nothing wrong on my end, call up support and (eventually) find out that I've been deliberately disconnected because of a security problem that doesn't exist.

  • Microsoft's response (Score:5, Interesting)

    by AnalPerfume (1356177) on Tuesday September 15, 2009 @03:44AM (#29423347)
    EVERY country needs to be doing this, and not making it voluntary either. Any problem on the internet affects everyone connected to it. Cutting off PCs in one country has limited effect in isolation. Considering botnets are an exclusive Windows problem, Microsoft should be forced to pay for the scheme too. It's their mess after all.

    I'm curious about how MS will respond to this if it comes into being. On one hand they'll lose a large number of users, after all, does anyone outside the MS camp really believe that it's not gonna be 100% infected Windows PC's that will be affected? What will MS do?

    Will they offer discounted or free vouchers for repairs, upgrades etc? How many of these machines will be unlicensed? Will they pay to fix unlicensed copies of Windows if the owners either have no money to spend on a sticker with a number on it? In the current economic climate you can't blame them. Is a subsidy to clean the PC worth the ISP's time and hassle knowing it'll be infected again by the end of the week at the latest, and they'll have to repeat the same warning and threat of disconnection all over again. Will they provide paid anti-malware software? Who pays for all of this? Will they provide training for Windows users to at least give them a chance of having a few months online without a letter?

    This would reflect badly on MS in any free press, even having to be the only ones to offer fixes is embarrassing enough. Given that MS control the mainstream media it'll go unnoticed as far as PR is concerned, but it's yet one more thing eating into their profits at a time where they're struggling.

    The alternative is to lose a large number either to Linux, or off the internet altogether. Anyone who's had the internet for a while knows what it's like when it goes down for a few hours, will those people really decide the internet is not worth it?

    I'm guessing the great philanthropists and all round nice people at MS are busy lobbying at every level to stop this from happening or at least water it down (notice the ISPs are being "asked" not "told"). They need to keep market share by any means necessary, ideally without spending a cent on it. The rest of the world can suffer as long as MS's interests are not hurt.

    Given that Windows has all the security of a paper tank in a thunderstorm this will be hilarious to see the workload the scheme entails, and over time the number of Windows PCs in Australia still connected because they're NOT infected. They will drop like flies. Give it a few years and it'll be a Windows free zone.
    • Re: (Score:3, Insightful)

      by Norsefire (1494323) *
      Given the story a few days back about the Linux botnet, and this [slashdot.org] story a few months ago about the Mac botnet ... The real problem is education, idiots will be idiots no matter what platform they use.
      • Indeed, the recent story about ONE Linux botnet, and another recent story about ONE Mac botnet is equal to the 100's if not 1,000's of ACTIVE Windows botnets, past, present and future. As much as Microsoft enjoy a good monopoly when it's their name on the door, this is one they earned without corruption by making terrible software.
    • by jimicus (737525) on Tuesday September 15, 2009 @04:28AM (#29423499)

      Oh come on.

      90% of security holes that have been exploited in the last few years are sitting on the chair in front of the computer. Even if Windows were to evaporate overnight and everyone using it were magically switched to a Mac or to Linux, inside a few weeks you'd see malware pop up which has Apple logos and Linux penguins and makes reassuring noises while insisting it really does need your password.

    • will those people really decide the internet is not worth it?

      Let's hope so.

    • by rennerik (1256370)

      EVERY country needs to be doing this, and not making it voluntary either. Any problem on the internet affects everyone connected to it. Cutting off PCs in one country has limited effect in isolation. Considering botnets are an exclusive Windows problem, Microsoft should be forced to pay for the scheme too. It's their mess after all.

      Um, not exactly. Evidence of Linux botnets [computerworld.com] and OS X variants with confirmed infections in the wild. Methinks you're buying a bit too much into the late 90s / early 2000s era FUD against Microsoft. Maybe if this was ten years ago your sabre-rattling might have been acceptable. But these days, to categorically deny the leaps and bounds at which Microsoft has improved security in both Windows Vista and Windows 7, and not realizing that malware is more and more becoming a user education problem than anythin

      • I agree with you, we do need to put it in perspective.

        ONE small Linux botnet found recently because of badly configured systems? It's a tiny drop in the ocean. Is that in any way close to sharing blame with Windows for their 1,000's of LARGE botnets being actively used? Microsoft like to spread FUD about Windows market share being almost total, with Linux and OSX hardly getting a mention. They're right, but it seems they're talking about the botnet scourge ALL PC users have to suffer, regardless of our choi
      • Re: (Score:3, Insightful)

        by grcumb (781340)

        Um, not exactly. Evidence of Linux botnets [computerworld.com] and OS X variants with confirmed infections in the wild.

        The 'botnet' consisted of about 100 Linux servers, none of whom could be proven to have been infected via automated means. Indeed, the man who discovered this threat speculated that they were compromised by sniffing FTP passwords. Not included in the report was how many actual machines were compromised. Individual Linux web servers can host hundreds of accounts or more.

        As a proportion of Linux servers, this nu

    • Re: (Score:3, Insightful)

      by LoudMusic (199347)

      Did this get modded up so we could all marvel at the insanity of this person? Because those are some outrageously ignorant claims.

  • Why not make it compulsory to get networkable devices certified to be malware-free every year just as cars need to go through statutory vehicle inspections? If bandwidth is such an important resource, shouldn't we consider networkable devices to be potentially dangerous and perhaps consider the idea of requiring a license for ownership?
    • Re: (Score:3, Insightful)

      by Sabriel (134364)
      Because such a cure would be worse than the disease; we don't need nor want that much bureaucracy.
    • Re: (Score:3, Insightful)

      by Hatta (162192) *

      Do you really want a government bureaucrat picking through your hard disk deciding what is malware and what isn't? Would the government even have technicians capable of determining whether your linux install is malware or not?

  • Instead of disconnecting the user, my (Australian) ISP has a more proactive approach. By default they block:
    Port 25 (smtp) inbound and outbound
    Port 80 (http) inbound
    Port 135 DCOM SCM inbound
    Port 139 (netbeui/ipx) inbound
    Port 443 inbound
    Port 445 Microsoft Windows File sharing / NETBIOS inbound

    The option to disable port blocking is given on their website, and changes take effect within 15 min. This blocks the propagation of malware without running the risk of accidentally disconnecting users on false positive

  • by Drakkenmensch (1255800) on Tuesday September 15, 2009 @08:44AM (#29424809)
    If you are disconnected for being malware infected, exactly what WILL be the process for being reconnected, assuming you aren't just black listed for life as an internet persona non grata? Will it be some byzantine bureaucratic DMV-like red tape nightmare with hundreds, even thousands of people showing up every day as botnets simply infect more and more systems to make up for those it lost during the morning disconnect purge?

Genius is ten percent inspiration and fifty percent capital gains.

Working...