50 ISPs Harbor Half of All Infected Machines

Orome1 writes "As the classic method of combating botnets by taking down command and control centers has proven pretty much ineffective in the long run, there has been lots of talk lately about new stratagems that could bring about the desired result. A group of researchers from the Delft University of Technology and Michigan State University have recently released an analysis of the role that ISPs could play in botnet mitigation — an analysis that led to interesting conclusions. The often believed assumption that the presence of a high speed broadband connection is linked to the widespread presence of botnet infection in a country has been proven false."

Duh.

[TaoPhoenix]

Well, since Verizon and Comcast harbor 10% of all user customer PC's all by themselves, this is not so impressive.

Re:Duh.

[Chrisq]

Well, since Verizon and Comcast harbor 10% of all user customer PC's all by themselves, this is not so impressive.

I was thinking the same thing. What percentage of all PCs doe these 50 ISPs "harbour"? If it is arround 50% there's no story.

Re:Duh.

[realityimpaired]

I'm guessing far fewer than 50%... while I could be wrong, the point they're trying to make is that a handful of small ISP's which don't seem to pay attention to security are a major source of the problem.

While I know it'll have a bunch of the net neutrality folks up in arms, it's relatively trivial for an ISP to redirect all outgoing traffic on port 25 through their internal mail servers, and to run server-side anti-virus on all outgoing mail. They can go one further, and rather than blacklisting potential viruses, they can work off a whitelist of allowed senders (sender e-mail address, in the case of my ISP), and require secure authentication to relay. My own ISP does exactly that, and while somewhat draconian it doesn't really affect the average user, and, when coupled with a blacklist of known viruses, it does take a significant chunk out of the potential to cause harm to others if you get infected yourself.

Re:Makes sense

[Anonymous Coward]

The study (linked to from the fine article) was of 200 ISPs, so 25% of ISPs are responsible for 50% of infected machines. Not surprising at all.

Re:Wrong way of looking at the problem

[stylewar]

guns don't kill people--- people kill people. Fix the OS, and botnets will pop up on a different OS. Botnets exist because of ignorance, not operating systems.

Re:Duh.

[AndGodSed]

While I largely agree, I am of the opinion that large mails are a bad idea. That said, email is no longer a communication protocol, but an idea/data sharing platform.

Client side mail programs and the antivirus that go along with them tend to fail when dealing with large mails, so the technology has not caught up with the new usage patterns that are emerging.

This is especially true for areas where people do not have "true" broadband and the timeout issue crops up. What I have seen happening is that the mail client (outlook especially) connects to the server the timout countdown begins. While the mail is being downloaded the Antivirus intercepts the mail and starts scanning it. Outlook is not aware that this is going out and if the mail is large enough+the line just that little too slow the timeout limit is reached and the mail download fails.

So while I understand why people want to send large mails (I'd much prefer other file sharing applications and services) the way email and the client side programs work breaks the model.

Re:Dialup Users?

[icebraining]

Not linked with high speed broadband != Linked with dial-up.

And low education is not necessarily linked with dial-up. Here in Portugal we have 12mbps for 20/month, which is affordable by most people, and yet we have terrible education levels compared to the rest of the EU (81% of the working population only have lower basic education levels).

Re:Wrong way of looking at the problem

[moeluv]

I won't dispute that windows has it's share of holes that is true. The thing is they end up being found more often because 90% PC's run it. If Linux or macOS had that market share they would be put under the same magnifying glass buy exploit writers. It's the same reason that more legit software is written for Windows than macOS or Linux. The writers want as wide a distribution as possible.

Who are they?

[HangingChad]

"The networks of just 50 ISPs account for around half of all infected machines worldwide," say the researchers.

Who are the 50? Publish the names and IP ranges and let the admins loose on them.

Re:Duh.

[KingMotley]

Spoken like a gmail/yahoo/hotmail web user. Sorry, I actually use a real email client, and send/receive emails to and from multiple email accounts all from my one email client.

See there is this thing called an email standard, and that standard specifies port 25 is used for that purpose. Maybe a better standard needs to be made, but until then I want my ISP to leave port 25 alone. If they catch me sending spam from it, feel free to send me an letter and email and block the port temporarily.

Re:Duh.

[ultranova]

While I largely agree, I am of the opinion that large mails are a bad idea.

I have often used e-mail to send photographs to people. No, I don't want to set up an "online photo-album" or other such thing, I just want a mail-equivalent for the Internet. Given this requirement, e-mail is the best system available.

That said, email is no longer a communication protocol, but an idea/data sharing platform.

Care to explain the difference?