Knocking Infected PCs Off the Internet 206
nk497 writes "Malware could block your access to the internet – but in some cases by those on the right side of the security fence, who are deploying tactics such as blocked ports, letters in the mail and PCs quarantined from the net to combat the most damaging threats. The DNS Changer clean up saw some PCs prevented from accessing the web. Should such tactics be used more often to prevent malware from spreading — or is that taking security a step too far?"
Not just infected PCs... (Score:5, Insightful)
My local university does this. It's actually a pretty good idea if it's done right. Of course, the other side of the reality is that in addition to knocking infected computers off of the internet, my university also knocks off computers suspected of internet piracy. If you torrent anything on campus, even a legitimate download, you have to go to the Computing Services office to explain yourself and get it back online.
Our internet service providers are often our media providers. Comcast, AT&T, Time Warner, etc, are all interested in the idea of controlling your access to things like that, and if they're given free range to scan your computer and knock them off the internet - they will certainly look for evidence of torrenting as well.
Re:Not just infected PCs... (Score:5, Interesting)
Re: (Score:3)
You cannot stop spam without also stopping free speech, since both use the same methods to get their payload delivered. And at its heart, spam is just speech you don't want to hear, much like dissent is speech the government doesn't want to hear.
There is no way for a computer to reliably distinguish the two, and the only people who can are also biased and have a vested interest in their own agenda.
Re:Not just infected PCs... (Score:4, Insightful)
You cannot stop spam without also stopping free speech, since both use the same methods to get their payload delivered. And at its heart, spam is just speech you don't want to hear, much like dissent is speech the government doesn't want to hear.
There is no way for a computer to reliably distinguish the two, and the only people who can are also biased and have a vested interest in their own agenda.
Bullshit. When spam is served up by compromising users PC's and running a botnet, which is how most spam is sent, it has nothing to do with free speech. Want to sent 1000 emails a day manually from your own PC? That's free speech.
As for locking people out, I agree wholeheartedly. By now even mainstream media has run story after story that should open peoples' eyes to safe computing practices. If you get infected you should be cut off until you fix the problem.
Re: (Score:2)
You cannot stop spam without also stopping free speech, since both use the same methods to get their payload delivered. There is no way for a computer to reliably distinguish the two, and the only people who can are also biased and have a vested interest in their own agenda.
Bullshit. When spam is served up by compromising users PC's and running a botnet, which is how most spam is sent, it has nothing to do with free speech. Want to sent 1000 emails a day manually from your own PC? That's free speech.
And if you want to send 1,000,000 emails a day via script from your own PCs/hosted servers/etc, that's free speech too. And you might actually have 1,000,000 willing recipients of those emails. But network monitoring tools will still flag your machine.
Re: (Score:2)
And just how do you expect to distinguish the two cases without peeking at the user's hard drive?
Re: (Score:3)
Yes, it is a difference. Free speech is legal, but breaking in to New York Times printing shop to print your opinion is illegal. Paying them for it is legal. Using other peoples computers for sending spam without consent is illegal. Using your ISP's paid pipe for
Re: (Score:2)
I used to do this in my dormitory some 7 years ago. My iptables-triggered scripts added the infected PCs to the squid ACL whose members' every web request was redirected to information page that explained what happened and what to do.
Wait, you OWNED the router in your dorm? or did you merely Pwon it?
Re: (Score:2)
The only solution I see is a mandatory license to use the electronics akin to drivers license. Believe it or not, the idiot user is not only a nuisance but a danger to others.
I have often pondered the idea of an internet license. I reject it on philosophical grounds, especially since it would require that at some level one would be forced to forgo anonymity. But one would think it to be a great temptation to the US authorities at the state and federal level.. Not to mention more-repressive governments elsewhere. You need a radio license. And a driver's licence. And, depending on the state, a gun license. Then there is the hunting license the fishing license etc etc. An internet
Re: (Score:2)
Re: (Score:3)
So when you let your idiot boyfriend use your car, and he manages to crash the car into another vehicle, does that mean your license to use a car should be revoked?
Depends. Does the BF have a driver's license? If so, then no. But if he did not, and you knew this, and lent your car to him anyway... it seems reasonable for you to share in the blame.
Re: (Score:3)
Re:Not just infected PCs... (Score:5, Insightful)
My local university does this. It's actually a pretty good idea if it's done right. Of course, the other side of the reality is that in addition to knocking infected computers off of the internet,
The problem is that detecting infected computers invariably requires some level of privacy intrusion, and possibly committing numerous felonies to probe the machine. That's why only large organizations do this; because they own all the machines and can dictate that policy. It's entirely another matter when the system isn't owned by you, and that's what's under discussion.
The internet was designed to allow free and unfettered communication between any and all nodes. On the internet, every IP address was a peer to every other. But then corporations came, and they started walling things off, messing up the protocols, and trying to convert the internet to an asymetrical content distribution network to push their wares. And then the government came in and offered protection to that corruption of the network. Then other countries joined with the same pattern of uptake; And now countries are starting wars or engaging in war-like acts with each other, all to answer the question: Who will control the internet?
Given that, the question of whether you should be able to attack and offline other nodes on the network, for whatever reason, comes down to whether you believe you should have the same rights on the network as groups, organizations, corporations, and governments. The internet itself doesn't care which side you take -- you're just another peer, and all the ideologies now warring over control of it are heaped on top of it.
If you're an old school hacker, the answer is obvious. If you're a 20-something, you probably accept intellectual property, and the idea that the internet can be owned (as a collective entity, as membership to, not as individual components).
As an old-schooler, I will only say this: The Native Americans believed land couldn't be owned. It's a fine ideal. But the other guys had guns, and it didn't matter who was right, only who was left.
That depends upon the infection. (Score:5, Informative)
That depends upon what the infection is.
In many cases, the infection is a worm that attempts to connect to other machines on known ports with known connection strings. This is how network-based Intrusion Detection Systems (IDS) work.
Re: (Score:3)
A botnet is a nuisance because it DOES annoying things.
If the botnet is instructed to send spam, you can detect computers sending "too much" Email. If the botnet is instructed to DDOS a certain host, you can detect it sending the malicious requests.
If a host in a botnet is a "sleeper", it doesn't matter much if you firewall it off. But the hosts doing the malicious, detectable stuff should be firewalled off.
The problem is that if a botnet consists of 2 million computers, and the spammer wants to send off 2
Re:Not just infected PCs... (Score:5, Informative)
The problem is that detecting infected computers invariably requires some level of privacy intrusion, and possibly committing numerous felonies to probe the machine.
In many cases it doesn't. Sometimes it just requires noticing that one customer is responsible for 30% of all traffic flows in a particular core router. You can call that privacy intrusion, but in most of Europe doing flow monitoring is mandated by law, so you might as well run statistics.
And yes, the ISP I work for has in a few cases blocked customer traffic from infected machines. It is a medium-sized ISP, so that can be done without angering the infected customers. It can be difficult to get hold of the right people at the customer, and the large ISP's probably only have billing contacts for most customers.
Re: (Score:3)
Its all a matter of degree. As to if its a privacy violation. I think there are some bright lines though.
If all you doing is statistics on traffic flows and ports used that is ok. Its just like the real world when you send mail from your house you expect the postal carrier will know who the addressee is, but you would not expect them to know anything about the content of a sealed envelop.
Certainly if you make any attempt to break into an encrypted flow, you have crossed the privacy line. I would say on
Re:Not just infected PCs... (Score:5, Informative)
The problem is that detecting infected computers invariably requires some level of privacy intrusion, and possibly committing numerous felonies to probe the machine. That's why only large organizations do this; because they own all the machines and can dictate that policy. It's entirely another matter when the system isn't owned by you, and that's what's under discussion.
The company I work for block computers with certain malware off the network, and also block computers running torrents (after which you get a polite visit from the IT department) . It does this ONLY through network traffic analysis. Viruses/malware need to create network traffic to spread. Also many of them contact a "home" server. There is a rootkit out now which is only detectable through network analysis. No intrusion on the PC. Just looking at network packages.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
What is the basis for this axiom?
If I give someone a message they can read simply by looking at it with the instruction on who to deliver the message to sitting right next to the content, I don't the content to not be read.
If I put that message in an envelope and post it in the mail, anyone but the recipient of that letter is not allowed to open it. In the USA it is a federal offense. It's illegal in pretty much every other country too.
Re: (Score:3)
Re: (Score:2)
Sure there is also malware you can't detect, but even for some of these you can get trustworthy data, and if not you just don't do anything.
Re: (Score:2)
Detecting an infected computer requres a judgement call that cannot be taken away from the blatant conflict of interest possible with those who could enforce it.
Re: (Score:3, Insightful)
What?
That makes no sense, even at the level of basic english sentence structure, let alone in the real world.
Re: (Score:3)
The Native Americans believed land couldn't be owned. It's a fine ideal. But the other guys had guns, and it didn't matter who was right, only who was left.
That's a pretty compelling case for accepting the idea of intellectual property. If the good guys don't assert ownership and control then the bad guys certainly will. The thing is, not everyone agrees on who the good guys are...
Re: (Score:3)
It does give pause for thought. I was reading about how you guys had meet ups where you traded software and designs in the old days. The people were like Wozniak, they didn't have an interest in making money, only doing something cool and having fun. As nice as that is, and being the 20-something that I am, I totally understand were Bill Gates was coming from when he appealed to that crowd to stop pirating software.
It should have probably ended there. A bit of a reminder so that people know that they wer
Re: (Score:2)
I do tech support for one of the ISP's you mentioned, and you know what one of the first comments we here most often from infected customers? 'Why didn't you stop this from happening?' Everyone wants us to protect them from the bad, but do it in a way that they can continue to be reckless. We don't currently block infected machines, but if we see bot like activity we email them.
As to the torrenting, we will work with a customer to port forward their router, even if it's to get their torrent client working.
Re: (Score:3)
Re: (Score:2)
My suggestion. Clean the system again, preferably fresh install. Flash the router with its latest firmware (downloaded from an other location), this way if its image has been compromised it should get over written. Configure the router ( before you put it back online ) to drop any traffic OUTBOUND that is not 80, or 443. Sounds like this person only really used web. If its possible log all the outbound connections; you might stand up another box to host the log server. That box could be any old PC but
Re: (Score:2)
Just a guess but maybe coming in via IPv6?
Re: (Score:2)
Years ago a friend ran into the "gnat's ass" virus. It embedded itself into everything: executables, the MBR, even the BIOS. Wiping the machine didn't dislodge it. If your client got infected by a variant, he's got problems. At the time, my buddy had to boot and run Norton from a rescue disk with the /force option on, and even then had to re-start it 7 times before it finally got that crap out of his BIOS. You may have to swap the motherboard and HDs to get a grip against this monster. Don't forget to check
Re: (Score:3)
Got a new system, and it still infected? Hmm... Did he re-use any of his peripherals? I've actually seen a mouse retrofitted with a flashdrive, and used with U3 to install scanner software and collect the data, then the hacker would come back later and swap it for a normal mouse.
What personnel are involved? It's starting to sound like the punk may have access to the hardware. He may be an employee or family member.
I think your hacker is tricky, but not necessarily good. He's found a method that you haven't
Re: (Score:2)
So I did the usual recommmendations, change passwords, scan PC
Wrong order, and not specific enough regarding the scanning. Don't change passwords on a suspect machine; keyloggers make changing passwords pointless. Don't Malware/AV scan from a suspect machine (or from anything but a known-good machine), because rootkits make local AV scanners pointless while the infected OS is running. It's often best to backup then nuke the OS. Never reinstall from a HDD based "restore". It could be infected too. If scanning is warranted (too much work to rebuild the system), ta
Re: (Score:2)
My local university does this. It's actually a pretty good idea if it's done right. Of course, the other side of the reality is that in addition to knocking infected computers off of the Internet, my university also knocks off computers suspected of Internet piracy. If you torrent anything on campus, even a legitimate download, you have to go to the Computing Services office to explain yourself and get it back online.
So if you do nothing wrong but happen to use a protocol they don't like, they still cut you off? - This means that you're presumed guilty until proved otherwise, and that is morally and ethically wrong.
This is certainly a violation of your civil rights but can be legal when kept within a university campus whose network can be considered private. As long as they don't prevent you from having a personal network connection in parallel with the one offered by the university, I'd say it's legal.
Give away liberty to get safety, deserve neither (Score:2)
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
Read that. Then memorize it. Then never forget. Please. Thanks.
Microsoft will object to this (Score:5, Funny)
because it will drop the IE part in the browser statistics to zero... :-)
It should be more than obvious (Score:4, Insightful)
This will be abused. Life is too short to list how and why. Let's just say that people will be knocked off (up?) for expressing something "offensive". Feel free to define that as you wish. The authorities and fanbois will.
Re:It should be more than obvious (Score:5, Insightful)
No kidding, it stuns me that anyone would even consider allowing this as a precedent.
Two major problems, as I see it:
First, how do you know my PC doesn't mean to send out thousands of emails an hour? That may come from an infection; I could works as a (semi-legitimate) spammer; or perhaps it just means I run a large listserv. How do you know that I don't mean to port-scan thousands of IPs per hour? That could come from an infection; I could work as a researcher collecting vulnerability statistics; or I might work as a consultant paid to do penetration testing for dozens of companies on an ongoing basis. Opting for a "solution" that would also block legitimate activity counts as a great big "no-no".
Second, who gets to define "malware"? The major ISPs in the US would love to have even the thinnest possible excuse to outright ban P2P traffic; for an example, look at what happened to NNTP - Once considered a "must-have" ISP service, as soon as Cuomo gave them an out (on the basis of a mere 88 out of 80k groups), they all ditched their USENET servers ASAP. And aside from the opportunity to ban legitimate but undesirable traffic, try explaining to Grandma that the "coupon program" she keeps reinstalling can and will use her machine like a Columbian prostitute. Some people will choose to use spyware, even knowing that fact, for whatever service it provides them; should the ISPs have the right to tell a adult what they can and can't do online?
All that said, I would still like to see it made legal to hunt down and painfully kill malware authors and spammers. Fix the problem at the source, not the destination.
Re: (Score:2)
All that said, I would still like to see it made legal to hunt down and painfully kill malware authors and spammers. Fix the problem at the source, not the destination.
I'm sure everyone would be queuing for flights to ex russian states!
Re: (Score:3)
>>>ex russian states
There is no such thing.
Re: (Score:3)
>>>ex russian states
There is no such thing.
Finland?
Re:It should be more than obvious (Score:5, Informative)
First, how do you know my PC doesn't mean to send out thousands of emails an hour? That may come from an infection; I could works as a (semi-legitimate) spammer; or perhaps it just means I run a large listserv. How do you know that I don't mean to port-scan thousands of IPs per hour? That could come from an infection; I could work as a researcher collecting vulnerability statistics; or I might work as a consultant paid to do penetration testing for dozens of companies on an ongoing basis. Opting for a "solution" that would also block legitimate activity counts as a great big "no-no".
Actually, my terms of service forbid most of what you describe. Want to do that? Get a business subscription.
Re: (Score:2)
except for the fact that the TOS is referenced in any and all Residential contracts as being the determining factor along with the ability of the ISP to update at any time and your continual use of said service is aproval of the new Updated/Restrictions. Although I live in California where an EULA is not a valid contract, it has been ruled by the courts that a TOS can be and is a valid part of a consumer contract.
Re: (Score:2)
All of the activities you mention are fine if not conducted anonymously. It's anonymity that's the problem. Given that, it makes sense to block certain anonymous behaviors. Want to not get blocked? Sign a key with a valid chain demonstrating you're willing to attach your name and/or company to your actions.
Re: (Score:2)
should the ISPs have the right to tell a adult what they can and can't do online?
That depends if the adult is causing others online harm.
If you were a security researcher doing unsolicited penetration testing, throwing little stones at the wall of a building, to see if one might break through a weak spot (like a open window... or accidentally smashing a window), expected to be sued by the owner of the building for any damage you cause and to be charged with willful damage.
Re:It should be more than obvious (Score:4, Informative)
This will be abused. Life is too short to list how and why. Let's just say that people will be knocked off (up?) for expressing something "offensive". Feel free to define that as you wish. The authorities and fanbois will.
Well the current situation is definitely abused... Now the question of course is what kind of a solution is used to treat the problem, but personally I'd like to be notified if I had a contagious desease that I did not know about and could be harmful for me too.
Here's how one ISP handled it: http://www.net-security.org/article.php?id=1703 [net-security.org]
Re: (Score:2)
While I'd like to see hardening on the network layer, I have to say that in the current climate I see a lot more potential for abuse in redesigning consumer networks to validate all the data that's coming in is "appropriate" then redirecting connections clearly containing an infected computer to a page with instructions on how to clean it.
Who will handle the validation rules? Will it accept bit-torrent v2? Will it accept
Re: (Score:2, Interesting)
The problem is that we took a network designed by and for people who all trust each other, and allowed a bunch of untrustworthy, greedy, and politically ambitious people to run wild with it. I would like to say w
This could work if... (Score:3)
In short, I don't think that it'll work. If it would, we wouldn't have a malware problem in the first place.
Can someone explain how software developers aren't at least partially legally responsible for their faulty software allowing maliciousness to spread through them in the first place?
Re: (Score:2)
It's a Turing Oracle problem. There's no way to know all the things a system can do without testing every possible situation.
It's impossible to make a bugproof program of any real use, or any nontrivial complexity.
Re: (Score:2)
The cases that prove that program property X is undecidable and program property Y is superexponential to determine are almost universally pathological ones that nobody would want to do anyway. When they're not, they can often be worked around.
You CAN prove useful things about large classes of bugs in programs. No, you can't prove those things about every program you can run on a Turing machine, but that's irrelevant, and clinging to it causes serious defeatism that sets back the field. You don't have to be
Re: (Score:2)
Oh, yeah, and to take it back to the topic, the question of whether some random black box computer is infected with something is also undecideable. And, worse, impractical to even make a good guess at.
I think it's taking it a step too far... (Score:5, Insightful)
Wheres the guy ... (Score:2)
Re: (Score:3)
Here you go [craphound.com]. Fill it out yourself:
Your post advocates a
( ) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able t
Why introduce censorship, if you can call it (Score:3, Insightful)
Why publically introduce censorship, if you can call it "computer infected by malware".
'nuff said.
Re: (Score:2)
Re: (Score:2)
So is quarantining people infected with Ebola infringing on their free speech then?
Of course it is, assuming they don't get to communicate (most are probably too busy trying not to die though).
Sometimes infringing on free speech is necessary. The question is simply where the line is.
Re: (Score:2)
So is quarantining people infected with Ebola infringing on their free speech then?
It is when you claim they have Ebola just to shut them up.
Re: (Score:2)
If the vehicle cannot be brought into compliance it shall be destroyed.
That's a bad idea anyway. Return it to the owner after recording the VIN and notify them "this car can not be brought up to compliance. It is illegal to drive this on the road. You have hereby been notified. If this vehicle is caught on the road again (and it's not been stolen, etc) then you will lost your drivers license for one year and pay a fine of $X". Sure, 99% of cars in this situation would be pieces of junk, but would you want to be responsible for that 1% that is actually worth something as a clas
Why introduce censorship, if you can infect... (Score:2)
The proper way (Score:5, Interesting)
My ISP xs4all.nl, one of the most reputable when it comes to internet freedom, will shut a subscriber's net access down when there is good indication of infection.
The way they do it is smart, you get a mail on your administrative account and you are diverted to a message explaining why you can only access the net via the ISP's own proxy.
The last is to give you a chance to get on-line help or updates.
Once you can convince the helpdesk you have cleaned up your computer(s) they'll switch you back on.
The helpdesk is also very helpful to the clueless on how to clean up their computer.
Re: (Score:2)
They are my isp too, and I had the same thing happening.
Their helpdesk is the only non scripted helpdesk with a dutch isp, they take the time it takes to solve the problem, instead of playing hide and seek while blaming their customers like most other companies do.
Re: (Score:2)
Well sure, but if you went out on the streets handing outf hardcore pornographic photos to everyone you met, all day long, every day, wouldn't you expect repercussions? If your PC is an infected piece of crap, spewing junk all over the internet your ISP should unplug you. In fact, I'm sure they'd be very happy with you switching to another ISP so your problem disappears off with you!
Yes, should be blocked or attacked (Score:4, Insightful)
The thing is, a malware infected system that is attacking other systems is broken - just usually in a way the user of that system does not notice.
But broken it is, and all blocking/damaging the system does is make it apparent to the user of that system that it is broken, so that they can fix it (or buy a new system).
It's yet another reason why backups are very important...
well... (Score:2)
DNS changer (Score:3)
The DNS Changer clean up saw some PCs prevented from accessing the web.
No the maleware would have done that after the fraudulent DNS servers got shutdown. DNS change is a case where COMPROMISED SYSTEMS WERE ACTIVELY KEPT ON THE NETWORK, what should have been done is those machines should have been allowed to fail to resolve hosts, after the fake DNS servers where shut down, than would have had them fixed literally months sooner.
Re: (Score:2)
Already done... (Score:3)
My ISP, xs4all blocks my connection automatically when trojans or other malware starts to make outbound connections.
I know this as I am responsible for several people on this connection, one of them connected a laptop which triggered this.
When this happens all my ports are closed at the ISP and I get a notice to connect to their proxyserver so that I can download protective means.
When I solve the issue I get a checkup and after that all goes well, the ports are reconnected.
Hell no. (Score:4, Insightful)
Let's not bullshit around here. The idea of kicking people off the Internet because of "malware" is about the opposite of security.
We've already had the RIAA and MPAA try to portray any copied media as malware. There are hacks that will allow you to play you legitimately-purchased game without having to have the disk in the drive that are seen as malware by the major antivirus software.
How many times over the years have you had to tell your antivirus software to ignore a false positive? What if you'd been thrown off the Internet every time that happened? How long before the big content providers start using this approach to create an ad hoc "two strikes" policy? Or "one strike"?
Now how about if Comcast decides that if your system is kicked off the Internet for having "malware" that they won't let you use your broadband connection until they are allowed to scan your system remotely?
Anything that smacks of this kind of centralized, or even potentially centralized control is bad news. Even if it's not centralized now, you know it will be if Comcast (and others) have their way.
Look, just provide broadband to my house. I'll protect myself and you protect yourself. Unfortunately, the days of just getting "plain old broadband" to your house and then being left alone seem to be dwindling. More and more our use of the Internet is being monitored, tracked. How long before we're knocked off if we don't allow ads in our browsers? Maybe they'll declare ad-block to be "malware".
Re: (Score:2)
Which is rather ironic when you remember the BMG rootkit scandal.
Re: (Score:3)
This just proves that YOU need to see more of
1) DaemonTools
2) JackTheRipper
3) The Firefox extension with a PROOF-OF-CONCEPT wifi SNIFFER (not malware) that we heard about last year.
4) This is important: Android *Rooting* software. See what BIG ISP (tm) did there?
None actually act beyond specs. You still get forced to fight AV software that misleads you with scary sounding payload names. Google shows they are just misleadingly flagged components. Most of these are distributed via ZIP files, so your AV surrep
the question will become. (Score:5, Insightful)
Who defines what is malware if this happens.
I have no doubt that if the isp in question is also a media company, programs that access the internet and are of their competitor's 'might' occasionally be flagged as malware.
I can also see that alternative o.s.'s could theoretically be flagged as such.
But above 'all' how could they determine if malware is installed simply from the isp side and without requiring special programs on their customer's pc's to access their services.
responsibility (Score:4, Interesting)
Back in olden days, this went without saying. If your system was infected with a worm and you didn't take prompt action to clean it up, you were disconnected from the net. Likewise with other conduct unbecoming of a host on the internet, like forging Usenet cancels or sending spam. After all, access to the Internet was a privilege, not a right. A college with net access was expected to police its users, the university or cooperative that provided the college with access was expected to police them, and so on. There was a chain of responsibility all the way from the end-user to the backbone. That all changed over the course of the 1990s, as the Internet was opened to anyone with an adequate checking account, and the proliferation of commercial ISPs made it trivially easy for a cracker to move from one account to another, so the threat of being banished from the net lost its teeth.
Dumb pipe (Score:4, Insightful)
Yes, spam/bots are annoying as hell, but it's not the ISP's responsibility. Anything less threatens the very nature of the Internet as an open platform.
I feel this is pointless because (Score:2)
Re: (Score:3)
Simple.
Treat spam as spam no matter who is sending it.
If you get credible complaints, shut the user's access down, period.
Users who are willfully blind to computer security are aiding and abetting.
Re: (Score:2)
What if someone takes an infected computer to Starbucks - no one can get internet access at Starbucks anymore? What if a person takes computer security very seriously but their mother/father/wife/etc. just doesn't understand? What if, in a work situation where people take their work laptops home with them, someone manages to get infected over the weekend and
Depends on the Terms of Service (Score:2)
Some of the responses I'm seeing so far from other Slashdotters is amazing given the support towards Net Neutrality. You do not get to determine what is "malicious" from your point of view and decide whether to keep it on or off the Internet. It gets sent out, period.
- If my home ISP, workplace, campus connection, etc. has in writing via a TOS they can quarantine me from the rest of the internet for being contagious, I'm good with that.
- If said home ISP, workplace, campus connection, etc. suddenly decide
Public infrastructure (Score:5, Insightful)
We don't let people drive unsafe cars on the roads, or connect non-FCC certified equipment to the telephone network, or fly uninspected airplanes over other people's rooftops, so why should we let infected computers onto the Internet?
If it's clearly infected, you quarantine it and make sure all that can be accessed from that machine is instructions on how to remove the infection, updates for virus scanners, etc. Basic common sense.
Absolutely! (Score:2)
I once accidentally connected an unprotected unpatched Windows machine onto the internet--it was a test machine that was not supposed to ever be connected to the wider network. I got an email from my ISP complaining about and informing that they'd cut off its access. The only anger I felt was at myself for having screwed up. My ISP did the right thing, isolating the damage from my mistake to within my own network.
Just say no..I mean yes. (Score:4, Insightful)
Yes for all cases like DNS Changer the best thing to do is take any C&C systems offline and make no attempt to mitigate any side effects. LEA caused countless thousands to go on about their daily activities with compromised systems and not know about it. Shutting off the damn C&C would have immediatly caused these people to realize they were hacked or hire someone to determine the same. Instead continuing to run the DNS service hid this fact potentially unecessarily endangering people with compromised systems.
Now if the question is should you deliberatly disconnect someone from the Internet if you don't like or suspect the packets they are sending the answer is hell no.
what about false positives? norton and McAfee had (Score:2)
what about false positives? Norton and McAfee had issues with that.
Now think of how bad it can be if say windows based systems got flagged and kicked off.
Re: (Score:2)
Re: (Score:2)
that is if you get stuck with the call center script readers who may just say reload your OS or make maybe even say delete the app called windows explorer (talking about the system one) as they may just need the name of the flagged app or even say as part of your isp account you get Norton Security Suite for free so install that and run a scan even when say microsoft security essentials is way better.
Stupid (Score:4, Interesting)
My ISP cut off my internet connection after accusing me of spamming while providing no evidence that I was. I blocked port 25 at my router but that wasn't good enough for them. Since I couldn't connect to the internet I couldn't install any sort of anti-malware software. And once I did, I found it wasn't infected with anything. And I never got anything from my ISP showing what was going on.
They wanted to have a tech come in and check things out and have third party validation that my computers were clean. I told them the only tech coming in my house would be a competing ISP. And they could pound sand if they thought I was going to pay someone to inspect my computer which I need running and on-line to do my job of web development.
All without any actual documentation to show what they were accusing me off. They didn't even contact me before shutting off my internet to see if we could do a quick fix if needed. It's a good thing their competitor is Century Link (previously known as Qwest).
The only reason I got quick resolution is because they had a local office I went to and started in on them there. Their phone support kept trying to pass me off and just refused to do anything. They had customers hearing about how they just shut off my internet connection for no reason and with no warning so that was a bit of motivation for them to stop being morons.
I really hate that Qwest is the only competitor. I unblocked port 25 recently and if they give me grief again I'm done since there's no other option. Turns out, sites in progress have various email features that need to be checked.
LiveCD Anti[Redated]ware for free?? (Score:2)
So other than Windows Defender Offline what livecds are available that can be updated without downloading a full disc EVERY TIME??
(bonus if you can load the payload onto flash media for systems without a ROM drive and Double Bonus if a single copy can do both 32 and 64 bit)
Why did AV publishers stop doing live install cds??
Re: (Score:2)
Why did AV publishers stop doing live install cds??
They realized it was cutting into the re-occurring subscription fees for installed AV packages, which are a major source of their revenue (this includes most free AV companies also, as they try to up-sell you on premium subscriptions). Microsoft is an exception, since their AV business mainly serves as a method of defending their core OS business.
ISPs are the real solution (Score:2)
By taking such an action, they simply bump off infected systems until they clean it up, or call the ISP's help desk and prove that it is NOT malware.
By the same token, if an ISP notices that a system is
Massive infection (Score:2)
Where have I seen such warning messages before? (Score:2)
I can see the re-tweets now:
"Your computer is infected and internet access has been disabled. Click Here[www.malware-infection.site] to restore."
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
For DNSChanger, you can easily spot an infection by the fact that it's making DNS queries to a known set of DNS servers owned by the malware authors. Spotting that kind of traffic accurately is trivial. For a lot of other malware once the command-and-control network is identified it's easy to spot infections by their attempts to connect to the C&C servers (an uninfected computer wouldn't have any reason to be trying that). So no need for DPI or anything, a simple Perl script parsing the firewall logs wi
Re:Herd Immunity and blocking ports (Score:5, Informative)
People who are being spammed by your PC can legitimately use the minimum force necessary to stop the harm, not including shooting it or you. This is the starting point in law: a harmed individual, who has some limited rights to respond in self-defense.
If your PC is trying to infect theirs, they can tell the local board of health, and have have you asked to quarantine yourself until the disease is cured. In this case, the board of health is the ISP, and they're asking you every time you try to send spam/viruses. They're allowed to wear a surgical mask while asking, as well, in this case over their port 25. They're not allowed to put you in an impervious plastic bag to stop you from breathing: that's not minimum force.
If you or your PC resists being quarantined, they can apply to the courts for an order to have the PC locked up and treated against it's will. That'a a real court, with real judges and court orders, not an ISP. In that case you can argue against it, but you'd better have a legally valid reason, not "you can't do that to me". And if necessary you can object, and argue it out before a judge.
--dave
Re: (Score:2)
If it does, we have bigger problems to solve first.
Newsflash: We have big problems when it comes to Internet security. The network was designed by and for people who all trust each other, and it is being used by people who are not trustworthy.
Oblig. Bad Car Analogy (Score:2)
Nobody is proposing a solution with that level of finality. What we are saying is; like your car, there are times that you can't pass a safety inspection. We've tried asking nicely, but some people just won't get those brake lights fixed. So, we're having it impounded. You can have it towed to a repair shop, get it fixed and be on your way. And only be out a few hundred dollars.
Re: (Score:2)