Should ISPs Cut Off Bot-infected Users? 486
richi writes "There's no doubt that botnets are a major threat to the safety and stability of the internet — not to mention the cleanliness of your inbox. After years of failure to act, could we finally be seeing ISPs waking up to their responsibilities? While ISPs can't prevent users getting infected with bots, they are in a superb position to detect the signs of infection. Contractually, the ISP would be reasonably justified in cutting off a user from the internet, as bot infection would be contrary to the terms of the ISP's acceptable-use policy."
Yes (Score:5, Insightful)
Should ISPs Cut Off Bot-infected Users?
Yes. Some ISPs already cut off P2P users. By comparison botnets are a real threat.
Re:Yes (Score:5, Insightful)
Not being able to get online is probably the surest (maybe only) way to get a novice (or under) computer user to take their bot machine offline.
Re: (Score:2)
Would ye two guys still feel the same way if it was YOU who was cutoff, and it turns-out you've an infection you don't know how to get rid of?
.
Re:Yes (Score:5, Insightful)
So long as the "I'm clean now, let me back in!" part is easy, then, yes.
Re: (Score:3, Interesting)
It's incredible what some of these people charge for a few hours of running a few tools on a computer. I've seen prices upward of $250 for removing simple (non-rootkit) infections (Geek Squad, I'm thinking of you). That's insane. I capped my virus/rootkit cleaning charge at $75 over five years ago, and I rarely make less than $20/hr doing so, considering the actual time I spend in front of t
Re:Yes (Score:4, Insightful)
Re:Yes (Score:4, Insightful)
I agree. Sounds like a good policy.
Not being able to get online is probably the surest (maybe only) way to get a novice (or under) computer user to take their bot machine offline.
I can't wait for a browser exploit that spoofs the walled garden, thus allowing the botmaster to force you to install something really nasty.
Imagine being able to pwn a low privilege account and then having them log in as administrator to install your custom "virus removal" software. You'd never have to bypass any of those fancy OS protections again!.
Re: (Score:3, Interesting)
Because getting the user to say yes to installing things is hard now? There's no fancy OS stuff to avoid when an administrator user on the computer opens the front door in order to see the dancing cat video.
Re:Yes (Score:5, Insightful)
Of course, the ISP has every right to cut off bot-infected users, and should do so. (There's still the problem of not letting the user get online to get the bot removal software, but that's relatively minor and there are several ways around that).
But a lot of Slashdotters, being more technically competent than the typical Internet user, have experience with ISPs who do, in fact, do something silly, and cutting off bot-infected users has great potential for the ISP to screw over the customer via silliness. ISPs could very well
Re: (Score:2)
Yeah, my main worry is they'd use it as an excuse to cut people off for other reasons. But since they're already doing that, I guess that worry is moot.
But I think an ISP should do some investigation to make sure they're cutting off the right people. No being cut off for running a mail server for example.
Re: (Score:2)
Yeah, my main worry is they'd use it as an excuse to cut people off for other reasons.
This is the potential harm from any sort of "rule" or "policy": it's always open for abuse.
That said, I don't believe this should be a reason why ISPs should not act. It doesn't take a rocket scientist to ascertain activity from a spambot or open relay, with a little more research to ascertain whether or not a zombie node is being used for a DDoS attack.
Said another way: just because you own a car doesn't mean you get to
Re: (Score:3, Informative)
Brilliant! Also, that makes good business sense, as they would have to use the email service that you, as an ISP, kindly provide ... for a fee. We really can't allow those lusers to manage their own mail, oh no sirree.
I would think it was fine if ISP's set up new accounts with most ports closed *and then provided a good, efficient interface for users to open what they want to be open* ... but most (most! there are some good ones out there) ISP staff get that deer-caught-in-the-headlights look when you start
Could not be more wrong (Score:4, Insightful)
Being able to connect to any port and to receive connections on any port is the definition of Internet access. I absolutely should be able to run a mail server on my home machine.
Now, if the ISP were to block incoming port 25 by default, and people who wanted it could fill out a quick form or something, maybe that would be okay.
Re:Yes (Score:4, Informative)
We are trying to be good net citizens an not have mail bots running from our network.
No kidding. (Score:3, Interesting)
I mean they don't already? My ISP (Cox) does. Back in the day one of my roommates got a worm. Didn't know this, of course. I came home, my Internet wasn't working. Called the ISP, they told me what was up. I said "Ok computer is unplugged I'll have him clean it when he gets home." They said "Good deal, your net is back on."
Seems like a good idea to me.
Re: (Score:3, Interesting)
But how long until they are taking cars off the road simply because they are driven by the wrong kind of person, or at the wrong speed! This can't be allowed!
Re:Yes (Score:4, Interesting)
But how long until they are taking cars off the road simply because they are driven by the wrong kind of person, or at the wrong speed! This can't be allowed!
It's already happening [abc.net.au].
Re: (Score:2)
Slippery slope argument doesn't always work.
Yes its true that it can be abused, and the video that you just downloaded 'magically' contains a virus that only the RIAA and your ISp can find out - but if there's a proper standards test (hell, even packet sniffing will sort that out) - then yes please.
But what we'd need is a standard test. No assumptions.
Re: (Score:3, Funny)
So what you're saying is that bots are damaging the tubes?
Re: (Score:2, Informative)
I'm with Comcast, and they already offer a free subscription to the Norton Security Suite as part of my subscription.
I don't use it, but it's readily available, and free, to Comcast customers.
Hint: If you're with almost any ISP and you're paying for Antivirus you're almost certainly wasting your money. I don't think I've ever been with an ISP that didn't provide free Antivirus if I wanted to download it.
Of course, I'm running Linux, so Norton doesn't do me a lot of good for any of my machines. But there
Yes! (Score:5, Insightful)
A doctor would quarantine a contagious patient. An ISP should quarantinean infected PC.
Re: (Score:2)
Re: (Score:2)
Yes.
But to continue the metaphor:
Just because a new virus / disease will come out at some point does not mean that time spent treating the existing problems is a waste.
Re: (Score:2)
Any sane enterprise has a mechanism in place where their network fabric will contain a segment if the IDS detects a definite threat.
This really shouldn't be a question -- ISPs should mitigate damage done by customers with poor or no security. It is debatable to stick the customer with the bill for cleanup, but it might be a good idea so Joe Sixpack actually learns to either zip up his fly or pay someone to do it for him. Perhaps a warning or two, then start billing for the janitor work.
Re: (Score:2)
Yes, yes! A million times YES! A doctor would quarantine a contagious patient. An ISP should quarantinean infected PC.
Is the ISP a qualified doctor?
Another bad analogy: road-side accident - would you expect the police arriving to the scene to do more than make the person safe and, at most, deliver some basic CPR? Should the road be closed only because it is a irresponsible driver at large?
Yes would be the answer (Score:5, Insightful)
>"Should ISPs Cut Off Bot-infected Users?"
After a suitable warning to the customer/administrator, yes. Absolutely. But it should be made very easy for the customer/administrator to reactivate their service, too.
Re: (Score:3, Insightful)
Second this. You don't want the solution to be punitive to the infected computer owner, you want it to be disruptive to the botnet operators. A simple "your zombie PC has been disconnected, please contact us to reconnect" followed by instructions on cleaning malware would cut the problem in half. Added bonus, after it happened to them for the first time, the end user would hopefully wise up a bit about security and adopt minimum standards of prevention and safety.
Re: (Score:3, Insightful)
Second this. You don't want the solution to be punitive to the infected computer owner, you want it to be disruptive to the botnet operators. A simple "your zombie PC has been disconnected, please contact us to reconnect" followed by instructions on cleaning malware would cut the problem in half. Added bonus, after it happened to them for the first time, the end user would hopefully wise up a bit about security and adopt minimum standards of prevention and safety.
This could be done in an acceptable manner:
It could also become a nightmare for customers if implemented poorly
Re:Yes would be the answer (Score:5, Insightful)
The answer might be to do something like Comcast's approach of redirecting flagged accounts through a web proxy with a frame at the top and blocking other ports. You don't want to cut them off entirely, since the fix for their problem will go a lot better if they can browse the web and download AV software.
The danger is that they will implement "policies and procedures" and have know-nothing flunkies carry them out mindlessly, but then that's a danger anyway. They will need to actually have knowledgeable people willingly review cases that don't fit on the flow charts. Things like, NO, I do not have Windows virus XYZ, I don't do Windows.
Fully agreed, there must be no punitive element to this. There should be an educational component since most home Windows users simply don't know any better. Even the restrictive aspect should be the minimum necessary to contain the damage and inform the user.
Re:Yes would be the answer (Score:4, Interesting)
Telenor in Norway does this already in a limited way.
If they detect large amounts of email originating from your network they will block the sending of email. (by blocking outgoing connections to the standard mailserver ports).
From what I've read of their limited releases of information on the programme it works quite well. They of course contact you letting you know that you have this problem. Usually through email but if you do not reply they call you ;)
My brother got infected by a worm a while back and my father was not pleased :p Suddenly he couldnt send email... whops? :p
(Oh, and they allow you to email to 'internal' addresses though to allow you to contact them to resolve the issue..)
Should ISPs Cut Off Bot-infected Users? (Score:2)
Yes.
User agreement (Score:3, Interesting)
Yes (Score:2, Funny)
Yes* (Score:3, Insightful)
Yes, but not before first providing ample warning notifications by e-mail, SMS, and robocall.
If you cut somebody off from the net straight away, that prevents the person from downloading the necessary file to take the steps necessary to remove the bot.
Of course... (Score:2)
Re:Of course... (Score:5, Insightful)
No. You have a DOCTOR cut it out. The question here is whether or not most ISP's are competent in determining what really is bot activity. A bunch of false positives will be miserable -- as will having to prove to some first-tier customer support person that your system is not infected (as in never was) or that it is actually cleaned and should be allowed back online.
And pity the person that has their ISP connection blocked that uses voice over IP to call customer support. If the ISP blocks the MODEM life is going to be interesting.
Oh, and you won't need to look up that phone number, will you?
Overall, getting infected systems of the net is a wonderful idea, but one that could be a complete mess if done poorly.
Who said they don't already? (Score:2, Insightful)
My cable ISP cut me off in 2001, when my roomate got a worm/bot infection due to bad P2P settings. I understand the good intentions, but it then became difficult to reach the right person who could reinstate service once I convinced them my network was clean.
No reason not to do the following (Score:3, Insightful)
For all the information the ISPs track from us, they have a responsibility. Pleasing cost (razor thin margins) is no excuse to engage in restless behavior. In a capitalist society we recognize that if you can't pay for the costs of doing business, you go out of business and your competitors eat your lunch. Preventing crime that involves using your service is a reasonable and legitamate business cost. After all, the botnets tend to be one of the major user of ISP resources - particularly if they are doign a Denial of Service attack. So shutting them down lowers the ISP costs, increasing their thin margins.
Re: (Score:2)
"Shutting Off" needs to be better defined. Isolated would be a better phrase.
They should have all WWW traffic redirected to a "You have been infected" site. Complete with instructions about how to fix your machine and an automated way to assert your machine is now clean.
Hell, it's a revenue opportunity - give them an optional page where they can buy [anti-virus software] and the ISP gets a cut.
Am I evil enough to be in marketing?
Re:No reason not to do the following (Score:5, Insightful)
Wait, your big plan is to:
1. Cut off their access (presumably also to e-mail)
2. Send them an e-mail that they must reply to if they want to be able to read email.
And where exactly are they supposed to read this email?
of course they should shut you off (Score:4, Insightful)
Sure it's fair.
Once you're infected the rest of the Internet with crap, you're costing them more money in tech support calls from people complaining about you. Why would they pay to keep launching your crap packets into the core? Be your own ISP if that's your agenda. If you take care of your network, you won't run into this.
Don't stop there. (Score:2, Insightful)
Cut off vs. filtered (Score:5, Insightful)
ISPs should be responsible for filtering out bot activity, but it's not really fair to anyone to cut them off entirely. After all, it's not entirely their fault they got infected... hell even if they're responsible with updates and activity they could have been compromised by some new vulnerability.
Has firewall technology not been able to keep up with bulk ISP traffic or something?
I understand that users ought to control their own home firewall, but ISPs should have firewalls / filters they control further upstream, where they can add rules to block certain types of traffic only when necessary. But I guess if they have it, then that means they're kinda liable for configuring it effectively and can thus be held responsible for attack traffic that does get through.
Anyway, I don't like the idea of being cut off from network access without at least a few weeks' advance notice and time to respond. Which is virtually an eternity in botnet time... which makes that whole approach somewhat pointless.
Re:Cut off vs. filtered (Score:4, Insightful)
So much for "network neutrality".
It's easy to avoid getting infected.
They could do it nicely (Score:5, Interesting)
They could just redirect them to a portal, where they get informed that their computer is sending out viruses.
The portal would offer a free virus scanner and the option to have several ports closed by the ISP (checked by default) ;)
- ports that could later be reopened by going to the "experts"-page
If the user insists, they of course can go on and use the internet anyway. But only after clicking "ok" to a sentence declaring that they are now informed and
"solely liable to any damage they might do to the internet"
Re: (Score:2, Troll)
Re: (Score:3, Funny)
That happens to me every time I visit certain websites.
I get a popup telling me I'm infected and to click "OK" to have my computer scanned.
It's ever so nice of them to do that for me.
Re: (Score:2)
"Expert mode" won't work. [msdn.com] Neither will a dialog box [msdn.com].*
* - Sure that article says "The default answer is Cancel" but it should probably say "The default answer is whatever makes everything appear to work again" which in this case is OK. And the user actually won't have to fix anything in your scenario.
"Thank you for buying our data/voice bundle." (Score:2, Insightful)
Re: (Score:2)
Meanwhile the voice service is VOIP and is blocked!
NAP/NAC (Score:4, Interesting)
The router should verify if the endpoint is clear for internet access, and if it's not, it should limit user access to antivirus vendors, known OS upgrade services etc and requesting user to follow this link to repair their computer(or have it cleaned by someone skilled enough).
There are (or should be!) multi-platform NAP/NAC solutions to do this.
Of course, users should have opt-out option, which allows them to disable the NAP, and take responsibility of maintaining their systems themselves without "middle-maintenance".
Opted out systems would receive direct disconnect until user verifies by phone to the operator that their misbehaving system has been fixed. (for example, spam zombie)
Local ISP has been doing this for a while (Score:2, Interesting)
Define 'shut off'. (Score:2)
At the ISP I used to work at more than a decade ago, if we had a customer who wasn't responding to notices by e-mail, we'd move them to a special IP pool, where given ports would be redirected to proxies to make sure they got the message (eg, you're behind on your payments).
You could use this to give them a message they've been infected, while still giving them access to domains / hosts or their anti-virus software.
Of course, in those days, it was all dial-up, so we assigned IP addresses as they came in ...
The serivce in ISP (Score:4, Insightful)
They're Internet SERVICE Providers. Not Internet Police, nor Internet Guardians. They exist to provide people with access to the Internet for a fee. Now a lot of ISPs already do plenty that is contrary to the best Interests of the customers. Bad behaviour ranges from price gouging and using misleading advertising, to draconian terms of service (usually because they're able to due to a monopoly or collusion), to playing fast and loose with customer's private data (often in the name of anti-piracy). Do you really want to give these same ISPs the power to take a customer's money and provide them with nothing based on nothing other than their own conclusion that a customer is infected? That's madness. An ISP should be providing a customer with help to remove the infection, not removing their access to the Internet.
Re: (Score:3, Insightful)
Along with acceptable use restrictions. Running a botnet node is not acceptable. Doesn't matter whether it's intentional; it's bad for the network. Them cutting you off isn't punishment; it's containment. Terminate the malware and you can be reconnected.
They do (or at least they did) (Score:3, Interesting)
My parents PC was a fully functional mail server sending out 4-5 GB of e-mail a day, they didn't know this of course and complained about internet speeds all the time, the ISP figured it out pretty fast though and sent someone over to get it off the network and clean it for 'em.
I was quite surprised at how civil they were about it.
Slight hypocrisy. (Score:5, Insightful)
So on one hand, ISPs should not regulate the type of traffic and should not sniff, etc...
On the other hand, ISPs should cut off virus-infected computers. Apparently, they ARE sniffing or monitoring in some way in order to cut you off.
Just wait for a company to decide that being a torrent feeder is being part of a botnet and thus torrent feeders must be cut off. Good luck getting back on again.
If it is really botnet activity, why not just block the botnet activity but not the non-botnet activity? If you can't determine if it's botnet activity well enough, then how are you going to choose who gets cut off?
(I am not necessarily decidedly against this, but at the moment, it seems to be somewhat hypocritical to be against ISP filtering and for ISP cutting off [on their own]. Enlighten me. :) )
Some already do (Score:2)
Already Done (Score:2)
I'm pretty sure I remember Rogers in Toronto cutting me off a years ago due to malware-related data they detected coming from my IP address. They gave me 24hrs notice (but I was away at the time) before cutting me. How a bot-net is considered different is beyond me.
I'm surprised this kind of thing isn't done already worldwide.
Craziness. (Score:4, Insightful)
What is it about spam and malware that causes people to completely lose their minds? What are you worried about botnets anyway? Either your system is secure and it won't be a problem for you, or your system is not secure and you are, by your own admission, "part of the problem." This isn't like quarantining carriers of a deadly disease. It's not exactly difficult to secure your own system against the nasties on the internet. But people are here supporting the idea of severing a person's internet connectivity because they've been a victim of some asshole on the internet. I think we can all agree that the internet is culturally revolutionizing, and has already proven itself to be an extremely important tool in the promulgation of free speech. But once you throw this crap in the mix we have people asserting these authoritarian opinions which, quite honestly, scare the shit out of me.
At the very least, if there is some set of criteria for disconnecting somebody from the internet, there must also be criteria for how to get reconnected and a very clear and doable set of instructions how to get back online. Otherwise you will end up permanently silencing people.
Re:Craziness. (Score:4, Informative)
You're not exactly 100% right.
Firstly, people who are infected often spread the infection amongst other computers, using the social aspect. Maybe you won't open an email from someone you don't know, but your best friend?
Secondly, you're protecting them as much as you're protecting yourself - if they buy something online, their details might be stolen.
Thirdly, they might not realise, and spread the virus anyway through other means, but disconnection makes it sure.
Fourthly, even if your computer is uber-filtered, DDOS attacks, spam sending and other nasties can be done using a botnet, so even if you're not part of it, there's no way around that.
Re: (Score:3, Insightful)
What is it about spam and malware that causes people to completely lose their minds?
http://en.wikipedia.org/wiki/Tragedy_of_the_commons [wikipedia.org]
The internet is a public space.
We have laws that prevent people from harassing you in public or shitting (literally and figuratively) in public spaces.
People who violate these laws frequently end up summoned before a judge &/or in a psych ward.
Are you suggesting that because we're applying these standards to the internet that suddenly all the old arguments do not apply?
Re: (Score:3, Informative)
Because botnets send spam and botnets coordinate DDOS attacks. I run all Linux, yet I can be affected by botnets every single morning when I first check my mail. An Apache web server running on Linux can be DDOSed by a botnet that cannot infect it.
Fully agreed that there must be a clear way to get back on the internet that doesn't involve submitting to an anal probe. The restriction also shouldn't be complete, just enough to block the botnet until it can be sorted out. It must never be punitive in nature.
No way (Score:5, Interesting)
This has happened to me once. I got a virus and a couple hours later, my internet was off. I called the service desk and I was told that my computer was infected and get this, I need to download a patch to fix it. "How do I download a patch when my internet is off, I asked." "Bring your computer to the service center when we open on Monday." I instantly canceled my service. I was a college student at that time. Some tasks required the internet. In fact the only way to turn in my physics homework was to upload it to the server by 2am on Tuesdays and Thursdays. I don't need to be worrying about my internet shutting off at random times and having to make a midnight dash to campus to use the library computer.
I try to keep my computer clean. I run firewalls and I have virus scanners, but if you haven't been infected with a virus before then you haven't been on the internet long enough. Sooner or later you'll get infected and god forbid if you rely on the internet. IE VoIP or server hosting. Why do I get punished for what other people do? Should car manufacturers be able to remotely turn off your car when your car starts to leak oil or freon?
Re: (Score:2)
Precisely what I was about to argue.
Being cut off the internet sure as hell won't help you clean up your mess.
Nice car analogy as well.
+1.
Re:No way (Score:4, Insightful)
I've been on the Internet for about 25 years. No computer under my administration has ever been infected by malware of any sort.
You aren't being punished. The Net is being protected.
Bad analogy. The manufacturer is not shutting off your car. The toll-road operator is telling you to leave and not come back until you fix your oil leak.
Re: (Score:3, Informative)
Bad analogy. The manufacturer is not shutting off your car. The toll-road operator is telling you to leave and not come back until you fix your oil leak.
Bad analogy. The toll road operator is telling you can't drive you car on the road, so you can't get it back home where you have all the tools required to fix the job yourself. Instead, he tells you he runs a repair service which is chargeable and only after you've proven your car is not leaking oil anymore (can't drive it on the road, remember?) you can't drive it on the road.
Sounds like racketeering to me.
Re:No way (Score:4, Interesting)
"How do I download a patch when my internet is off, I asked." "Bring your computer to the service center when we open on Monday."
I did a stint at a college help desk. We would have patched your system fully, re-scanned it for anything else, and offered to defrag it if you had the time. And of course offered to install the college-provided office suite if you had time, or just drop the URL on your desktop for you to at your pleasure.
And we would have done it for FREE. Well, your parents did pay an obscene tuition, but with that comes the assumption that they don't want you wasting time with mundane tasks such as cleaning up your machine, and of course the interruption of being infested by your roomie's machine either. Boy, the first couple of weeks starting the Fall term were days and nights of cleaning up incoming machines that had spent the summer on facebook and pr0n.
Quit yer whinin. They probably put in the 80-hour weeks I did getting the incoming crew settled down, and can use a weekend off. Were they gonna charge you? I bet not.
Kids.
Oh, BTW, this was at a very prestigious Northeastern lberal arts and science college. Obscene barely describes the tuition, but the kids coming in were impressive; polite, patient, quick to understand what was going on. It renewed my faith in America, compared to your average state college rabble. Unfortunately, they will be indoctrinated in the most unfortunate theories and balderdash, but many of them overcome that and go on to be productive and valuable members of society. The rest become politicians.
sort of . (Score:2)
Re: (Score:2)
- Microsoft ?
- a non-partisan collection of anti-virus vendor websites
- ISP specific help pages
- ISP specific log entries outlining proof and nature of infection.
- a page that allows, once a day to get service restored on a probationary period to test for successful eradication.
- netbsd.org/freebsd.org/ubun
Yes please (Score:2)
While you're there, throw them a lot of information about why they should have an anti-virus - why they should scan regularly, and while downloading from 'that shady place' is a bad idea.
Maybe it'll stick once they realise they have no internet.
Nose, meet spite. (Score:2)
ISPs should be able to identify the IP addresses the bot is contacting and block it from getting out of the ISP.
Then it should track down those IP addresses and inform their ISPs that they are hosting a control node for a botnet.
Backbone providers should shut down access from any ISP that refuses to shut down botnet control nodes.
Re portals/interstitials (Score:2)
Doing it via the browser is a very bad idea. Not only can it be spoofed, it undermines the "don't click those things" mantra that we are trying to ingrain in users' minds.
Cut them off, instant phone call and/or mailing. If they need it, allow them access to antivirus (I b
The ISP should work with the customer... (Score:2)
to help him fix the problem. The customer is probably not the villian here and probably doesn't even know that he is botnet infested (after all, ALL windows machines slow down eventually and have to have the OS re-installed, right?). The ISP should try to contact the customer by phone, email or snail mail and first let him know of the problem. Perhaps send him some general information on how to fix his problem, or just point him to the right URL's on the net where he can find the information he needs to
Security and Medical (Score:2)
Reframe this as a friendly Win-Win (Score:3, Informative)
I'd actually appreciate a friendly email from my ISP informing me that they are detecting strange traffic from my IP address and suggesting that I might want to check for a Botnet infection. Detecting sneaky outgoing traffic and other malfeasance is beyond the technical range of many customers.
They might even provide links to resources I could use to detect and remove the Bot. They might even make these resources free, useful (Like pretested and configured against the current signature and MO of the Botnets they're seeing) and come off as concerned and helpful.
This is one area where our interests and the ISP's are aligned. Starting the process with a "cutoff" seems like a lose-lose...
Re:Lets ask in different context (Score:5, Interesting)
Re: (Score:2, Insightful)
GP may be exaggerating the problems of the slippery slope, but I think there is a point there. Cutting infected computers completely off the internet is unacceptable, how the hell do you fix the problem with no internet access? If my desktop were to get infected, I'd use my laptop to look up instructions and/or programs I'd need to clean it.
The "walled garden" approach is more justifiable, but I still see it as a dangerous game, because the ISP winds up controlling who is in the walled garden. I would as
Re: (Score:3, Informative)
We also provide download links for security software right from our tech support portal, and a complimentary CD with the same software with every new subscriber. 3 times a year we offer a
Sometimes it isn't so simple (Score:3, Insightful)
There are viruses now that can infect routers and modems.
I can only imagine how pissed off a customer is going to be if their ISP insisted that they pay a professional to clean their computer and are still being denied internet access because their router is infected.
Re: (Score:3, Insightful)
You assume that your users are incapable of cleaning an infection? It's quite possible that they know what they're doing but got infected twice. You're also assuming that any repair shop actually knows what they're doing. Geeksquad routinely misses malware after you pay them to clean it and they often mistake malware-filled laptops as "not fast enough to run windows xp".
Re: (Score:3, Insightful)
how the hell do you fix the problem with no internet access? If my desktop were to get infected, I'd use my laptop to look up instructions and/or programs I'd need to clean it.
Sounds like you answered your own question. You don't use the infected computer to fix itself. If the computer is infected then step #1, even before diagnosis, is to remove the machine from any network connections, wired or otherwise. This is especially important in a business environment. If the infected computer is your only access to the internet, take it into a shop and let the pros deal with it. If it's not, spend some time to research the problem, burn the needed tools and documentation onto a CD
Re: (Score:3, Insightful)
Very true but... I would also point out that ISP customers are...paying customers.
It seems to me like cutting them off is an acceptable solution but, just like the use of deadly force may be legal in some situations, it shouldn't be a matter of "shoot first and ask questions later" either.
I would say, cutting them off is acceptable in circumstances when either a) the end user can't be contacted in a reasonable amount of time b) the end user refuses to acknowledge the problem or take steps to fix it in a rea
Re: (Score:3, Funny)
Re: (Score:3, Interesting)
Re: (Score:2)
even -1 would be too high a rating.
This is not a slippery slope scenario. Botnetted individuals have been cut off for years, so that's not new at all.
Meanwhile, that comment in the article about "Razor thin internet margins" is a load of complete and utter bullshit. Comcast's revenues, as one example, have been on the up for over 4 years straight, up and through these "troubled economic times". If the margin goes down but the volume goes up exponentially then focusing on margin is a load of crap.
Re:Lets ask in different context (Score:4, Insightful)
When the latest Ubuntu ships I often leave my torrent client seeding for a couple weeks.
Re: (Score:2, Insightful)
Re: (Score:3, Insightful)
That door has always been wide open.
Re: (Score:3, Insightful)
They already do that, and their right to do so is written in their contracts.
Re:No Way! (Score:4, Insightful)
Exactly. Whats from stopping an ISP from simply cutting you off because you were using too much bandwidth, stating that you are infected?
Nothing. Just like nothing is stopping them from doing it now.
Re: (Score:2)
Re: (Score:2)
Couldn't you DDOS over those two ports?
That said, since 80 and 443 are used for HTTP - I don't think you can have anything listening on those ports (the OS shouldn't let you, since its a reserved range, and since you're a client, you can't put a listener if you haven't called for a GET), so the control messages won't ever arrive. I am not sure about this though - anyone enlighten me?
Re: (Score:2, Flamebait)
Re: (Score:2)
Firstly, ISPs can (and might) monitor your traffic.
Secondly, I think a simple filter (a known botnet controller IP turning up in your packets raising a flag) - won't be intrusive.
Also, regarding your comment about firewalls and virus-scanners - it'd teach people to use them. I know lots of people who have no Virus Scanner, or have a really old version which expired after 30 days 2 years ago.
Also, isn't port 25 the one used for email sending? How would that work?
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:2)
Then you (The ISP) will be vilified when the user gets a $400 bill.
He'll tell his friends and neighbours.
Your ISP will then become *INFAMOUS*.
Instead, slow down the guy's connections and try to send the guy notices to tell him that he is "Owned".
Re: (Score:2)
. . .
Because not all of the population of China and Russia are botnet controllers. You are overgeneralising here. I hope you're joking - but my sarcasm meter is broken.
Re: (Score:3, Interesting)