Major Aussie ISP Disconnecting Trojaned PCs 388
daria42 writes "Australia's largest ISP, Telstra BigPond, has started disconnecting customers that it suspects have excess traffic-causing trojans installed on their PCs. The trojans have been flooding BigPond's DNS servers and causing extremely slow DNS requests for around a month now. Despite nightly additions of DNS servers, BigPond appears to be unable to cope with the extra traffic on its network." Note that the article says the disconnections are temporary and accompanied by communication with the affected customers, not just a big yanking-of-carpet.
My 1st Thoughts (Score:5, Insightful)
"It's about Time"
"Glad somebody is finally taking an interesting in keeping the neighborhood cleaned up"
"Oh crap, is this the first chink in the armor, ISP's can disconnect people based on their traffic... Virus, Trojan, P2P, Torrent"
Re:My 1st Thoughts (Score:2)
Re:My 1st Thoughts (Score:3, Informative)
Re:My 1st Thoughts (Score:3, Insightful)
Fortunately, they can yank the plug because these machines are attacking their DNS servers. Not because these computers are just sending out a lot of DNS requests.
Re:My 1st Thoughts (Score:5, Insightful)
They've always been able to do that.
Re:My 1st Thoughts (Score:2, Insightful)
Re:My 1st Thoughts (Score:3, Informative)
With a flatrate there is no such thing as "need for accounting", so the ISP isn't allowed to make logs, which are personalized.
so the original poster most likely meant , if they can't have personalized logs, they ca n't shut you down.
Re:My 1st Thoughts (Score:3, Interesting)
I can agree with you on the first 3 statements, but that last is just crap.
Why the fuck should an ISP want to disconnect a user because of his P2P or Torrent uses? If the ISP can't cope with the amount of data flowing through, it shouldn't disconnect a user. If I pay for a 2mbit DSL with no limitations to usage, I want a 2mbit DSL with no limitations. My ISP shouldn't fucking c
Re:My 1st Thoughts (Score:4, Insightful)
Yeah, that's a valid concern. I think what we are talking about here is the difference between being pragmatic and idealistic.
Idealistically, the ISP would never look at your traffic, and just deliver the pipe. Practically, zombies are degrading the service of other customers significantly, and the ISP is going to know what the problem is.
It's not a perfect Internet yet, we all know that, so I think it's pretty reasonable that certain measures are taken in cases like this.
Just remember to scream really loud when there is an incident of an ISP disconnecting you for something that is perfectly legal.
(PS. It's good to see that the use of Torrents appears to have a high legal/questionable content ratio, whereas the last time I looked at P2P, it was really hard to argue that it wasn't used mainly for illegally copying stuff)
Re:My 1st Thoughts (Score:5, Insightful)
Re:My 1st Thoughts (Score:3, Insightful)
when I was running an ISP I had many clauses for termination and had to use them on rare occasion.
If you think an ISP did not have this ability you are horribly niave.
Re:My 1st Thoughts (Score:3, Interesting)
404 File Not Found? (Score:3, Interesting)
Another said: "I am having problems loading Web pages, I get the 404 [page not found] error. I have to retry five to 10 times to get some places."
I may be daft but I don't understand how a DNS or network capacity problem could cause a web server to respond with an explicit "404 File Not Found" HTML error. I could see a timeout, DNS error, or any number of other errors, but a 404 would mean literally that you contacted the web server, it was unable to fi
Why is this news!?! (Score:5, Informative)
Seriously, why is this news?
Re:Why is this news!?! (Score:3, Insightful)
Re:Why is this news!?! (Score:5, Informative)
Re:Why is this news!?! (Score:3, Interesting)
http://img56.echo.cx/my.php?image=phnetspamprotect 13vb.jpg [img56.echo.cx]
You are also allowed access to another page with more details:
http://img56.echo.cx/my.php?image=phnetspamprotect 05zy.jpg [img56.echo.cx]
Re:Why is this news!?! (Score:3, Informative)
Hah, you're kidding right? NTL have one of the worst records [sucs.org] when it comes to responding to abuse reports. Trust me - I've had to deal with them several times about abuse matters and frankly they don't care.
Re:Why is this news!?! (Score:3, Informative)
Re:Why is this news!?! (Score:3, Funny)
Yeah, in 1792, but in a typically French fashion, they had to do it again in 1814, then in 1815, once more in 1830, and yet again in 1848 and then several times during the 1870's.
Then they tried to bring it back in 1946, but no-one could agree on who got to be King, so they ended up with President de Gaulle...
Re:Why is this news!?! (Score:5, Funny)
Re:Why is this news!?! (Score:2, Informative)
Re:Why is this news!?! (Score:2, Interesting)
Shut up (Score:5, Insightful)
By the way, most ISPs still are NOT doing this. Time Warner's Road Runner, for instance, never even looks in the direction of a trojaned machine on their network - at least in my area.
This is a good thing (Score:5, Insightful)
Re:This is a good thing (Score:2, Interesting)
Re:This is a good thing (Score:5, Insightful)
Re:This is a good thing (Score:5, Interesting)
Re:This is a good thing (Score:3, Interesting)
On the other hand, most people who don't know enough to keep their machines virus/trojan free are probably using the software that nearly every ISP sends out to "help" you connect to their services, which means they should be able to include enough diagnostic tools to be able to tell what's running on the machine.
Re:This is a good thing (Score:5, Insightful)
Even better is to block all access and redirect web requests to a server that explains what's going on and provides patches, etc. That way people (with more than one brain cell) don't _have_ to phone customer support.
Re:This is a good thing (Score:2, Insightful)
"If you don't disconect the offending computer, how will the idiot who owns it know they've been an idiot? Disconecting it totally is a great way to handle the problem, because it forces the idiot to call customer services to find out why their connection no longer works, at which point you can lart them for being a
Re:This is a good thing (Score:5, Insightful)
I think for 99.9999% of a residential ISP's customers, having their access to DNS blocked would not be noticably different from disconnection.
Besides, is someone has an infected PC, disconnection is a friendly action. It kicks them up the arse so they have to find out what is going on, and it prevents them being zombied.
We have a collective problem that many many people have PCs on the internet but don't have the kind of basic understanding we demand before we'd allow them onto the road in a car. Sending them back to the garage for a day or two with a hint to learn what the windscreen wipers are for is good for everyone.
Re:This is a good thing (Score:2)
I asked a friend for his DNS settings (small rural "broadband" ISP) and added the entries to my own. It's reliable, if slow.
Moll.
Re:This is a good thing (Score:5, Insightful)
Re:This is a good thing (Score:4, Insightful)
You just assume that the people will suffice by installing (purchasing?) some equivalent to a windscreen wiper such as antivirus software but that won't be enough for the really nasty ones.
Since the ISP can apparenty distinguish between good and bad traffic, can't they filter out any traffic which contains the troyans? They are assuming their non-IT clients can.
Re:This is a good thing (Score:4, Insightful)
If someone targets you for a sophisticated attack, you are probably not a normal internet user (eg you're commercial or a political site or something), you need professional IT support and shouldn't be using a normal retail ISP.
Th threat to normal customers is generic worms and trojans and so on. Things which the basic security everyone should be usig will protect against. Just the equivalnt of using windscreen wipers when it is raining.
IIRC my ISP supplies some kind of firewall/antivirus package for all customers. (I've had my connection since before this kind of thing became really necessary and don't connect from Windows, so I've never investigated what they are offerring). I can't imagine why any ISP would not do that -- the saving in customer support calls alone would more than pay for it.
Re:This is a good thing (Score:4, Informative)
Have you BEEN on the Comcast forums recently? Comcast is having a lOT of trouble with their DNS servers and it is effecting EVERYBODY.
Last week when it happened I just switched my DNS addresses to MIT's, (though now I have a nice list of addy's just in case MIT's goes down). I have been instructing my friends on how to change the default DNS listings because they are being effected themselves. Once they change them, they have no problems. Hell, I didn't even know Comcast was having problems AGIAN yesterday because I just kept system with the MIT addy's.
I have to think that if trojans are effectivly DDOSing Comcast's servers, if there is not some ultior motive behind this. DNS servers are the life blood of the Internet, to take them down means we would all have to know numbers to get around the Internet, and while I keep a few IP addy's in my bookmarks just in case, to except joe user to is rediculus.
Of course it is probably just Comcast, who, as a regulated monopoly, has no incentive to upgrade services, because for many, Cable Internet is the only "broadband" (HA!) available. I would wouldn't be surprised if rates go up agian to cover the cost of whatever "upgrade" Comcast comes up with to solve this problem.
Until then I am keeping my DNS addresses pointed to MIT's servers and I am NOT going to be using Comcasts.
Re:This is a good thing (Score:5, Interesting)
It's not that simple. The attack in question was done by a flood of DNS queries -- you're not really going to cut off port 53, as this is pretty much equal to knocking that person off the Net.
The typical case involves a lot of outgoing connections on port 25 -- you can't really block this as well unless the user in question uses nothing but webmail.
Traffic shaping won't help a lot, either -- it can protect the server, of course, but won't help the user himself. In this case, it will just make their legitimate use prohibitely slow -- their web browser/whatever will compete with the virus they have over the tiny allotted quota of allowed DNS queries.
IMO it's much better to just cut them off outright, telling them that the fault is on their side.
If you want to be nice, you can redirect all their traffic to a web server which gives them a nice idiot-proof message about what they need to do. This is what I've set up for a friend's basement ISP (~30 paying users) -- although in that case, the message was similar to "your payment is due for two months, you didn't heed our reminders".
Re:This is a good thing (Score:3, Funny)
Err.. yes... how exactly do you send mail if you don't use SMTP? Oh that's right, you use the email-over-telepathy protocol...
Sending mail without Port 25 (Score:3, Informative)
Is this really news? (Score:2, Insightful)
Where's the story?
Hmm... makes sense to me! (Score:5, Insightful)
Right- I can smell a cake burning. Let's add more flour! Come on- more flour!
Seems a sensible thing to do to me- tackle the computers causing the problems, rather than trying to react to the problem itself.
Re:Hmm... makes sense to me! (Score:3, Insightful)
I'd give Telstra a big round of applause for at least appearing to try other options before cutting customers off. A significant minority (maybe majority?) of the customers who get cut are going to be *very* uncomfortable when they get called by Telstra. Telling people that their rough driving finally caused their car to break down isn't easy. Many CSRs will be threatened this week.
I'm only been in AU for 2 month
Re:Hmm... makes sense to me! (Score:2)
Re:Hmm... makes sense to me! (Score:3, Informative)
Note that this coincides with its semi-privatisation (the government has a 50.1% stake in Telstra - which it can't wait to unload - the rest is publicly owned). Unsurprisingly, customer service has declined dramatically ever since "profit" became important. Telstra had previously been a "benevolent" monopoly because it had no reason to be anything else.
The idea of a fully p
Re:Hmm... makes sense to me! (Score:3, Insightful)
internet, what do you think happens next?
They call the ISP on the phone.
And they are told to clean their computer.
And the computer either gets cleaned,
or they remain off the internet.
Your cake analogy is flawed. Instead, think
of an analogy involving quarantine, computers,
viruses, ISPs and such. Wait. Instead of
an analogy, why not just reason about what's
going on in this situation.
What confusion of facts lets you believe that
quarantine is not addressing t
Re:Hmm... makes sense to me! (Score:3, Informative)
Which also is totally not a symptom of DNS timeouts either. You need a response from a webserver to get a 404.
The article just seems poorly written, I wouldn't go out and assume that telstra just decided to throw 500 new dns servers at it.
Drastic Measures (Score:5, Interesting)
Although I don't understand the purpose of a trojaned machine repeatedly hitting a DNS server, is this an attempt to cause an overflow and therefore making the DNS server itself vulnerable?
Re:Drastic Measures (Score:5, Informative)
Value for money wise they rate very poorly compared to the opposition - for ADSL at least.
For those of you that don't know, Telstra is a part government owned company, which owns much of the telco infrastructure in Australia. They like to make life difficult for any competitors.
Also one of the few ISPs in Australia that charges traffic in both directions.
Just in case you guys care
Re:Drastic Measures (Score:3, Informative)
To expand on this, a lot of you non-australians should probably know that Telstra Bigpond is the ISP that people choose when they don't know any better.
Not necessarily. Please don't generalise.
Where I live I have the choice of Optus or Bigpond (Telstra) cable internet. Optus prohibits servers in their acceptable use policy, and according to the Whirlpool forums [whirlpool.net.au] they block certain ports to enforce this.
ADSL is also available, but it has a much lower download speed. We also have the Optus Local phone s
Re:Drastic Measures (Score:2)
Hah! At least that proves that the problem is really serious and not just some silly excuse to take potshots against Windows boxen. They're giving up some revenues, after all!
They'd be giving up a lot more if they didn't fix the problem, as people would start to go to better ISPs. Bigpond's DNS performance has been terrible for at least a month now.
I for one would like to see these measures made permanent. Why should the rest of us suffer for the lazy few who can't look after their computers?
Re:Drastic Measures (Score:3, Informative)
Although I don't understand the purpose of a trojaned machine repeatedly hitting a DNS server, is this an attempt to cause an overflow and therefore making the DNS server itself vulnerable?
Well, let's say you've got yourself a spam zombie sending out a million messages. How many unique domains would that average out to be? 500,000? 100,000? Let's generously give it another order of magnitude and say 10,000 (i.e., average of 100 inboxes spammed per domain). Compare that to Joe Average user; how ma
Re:Drastic Measures (Score:3, Informative)
Although I don't understand the purpose of a trojaned machine repeatedly hitting a DNS server, is this an attempt to cause an overflow and therefore making the DNS server itself vulnerable?
In adition to the already commented use of sending spam, zombied machiens can be used to poison DNS servers. The poisoning basically involves sending lots of forged packets to the DNS server in what is known as a birthday attack [securityfocus.com]. There has recently been a rash of these kind of attacks as documented [sans.org] by SANS.
Mathematically... (Score:5, Funny)
If more ISPs did this, maybe we'd see a decline in sites that only work in MSIE...
Re:Mathematically... (Score:2)
Good idea to me (Score:5, Interesting)
Re:Good idea to me (Score:4, Interesting)
A better alternative for the ISPs, IMHO, would be to start behaving like the network administration team in a big company. Joe Sixpack would be better off if the ISP would install a centrally adminsitered system administration client on his machine that automatically scans and deploys the latest anti-virus program. I know that computer-savvy folks wouldn't like to give this much of control of their PCs to ISPs. However, for Joe, this would be the ideal hassle-free solution. With a proper security policy, privacy concerns would also not be an issue.
The ISP could also have an opt-out policy that non-clueless people could make use of.
Does this make sense?
Re:Good idea to me (Score:3, Insightful)
You can't realistically expect Joe SixPack, who doesn't know the difference between the CD tray and a coffee cup holder, to keep his computer up to date with the latest service pack or patch.
Why not? Most people don't know anything about how their cars work but do know that the oil needs to be changed at regular intervals and when the "Service Engine Soon" light comes on, it's time to visit a mechanic. They also know that if they don't do this their car will cease to function.
I'm really sick of the wh
Re:Good idea to me (Score:3, Insightful)
Not the state, but car manufacturers and dealers definitely do.
As people start treating their computers more and more as an "internet machine", the focus shifts from the hardware or software manufacturer to the ISP. To put it another way, if ISP X offers network and system management, and ISP Y only offers internet connectivity, i would definitely recommend ISP X to my friends an
Waste of time? (Score:5, Interesting)
Not all people pick up the phone and tolerate the script. Some people actually try to diagnose the problem first.
Most ISPs have language in their terms of service that permits this action. It is a shame that an ISP need to have their services almost knocked out before taking action.
I'd like to see some ISPs that ignore trojaned machines or support spammers get sued by other customers when their IP blocks end up on block lists.
Re:Waste of time? (Score:3, Informative)
My ISP had detected traffic on port 135 (some Windows thing exploited by malware), and automatically stopped forwarding any connections to or from my home machines. The only port which was allowed was port 80, and every web page request was redirected to a help page explaining what had happened.
After blocking port 135 at my router, all it took was clicking a l
Plusnet has a better way. (Score:5, Informative)
Very handy indeed.
Re:Plusnet has a better way. (Score:2)
I don't even run a Windows box.
That was my first thought, too: (Score:2)
Redirecting also is much more intuitive than a simple "cannot connect" error.
All ISPs should be doing this. (Score:5, Interesting)
Catch-22 (Score:5, Insightful)
Thats not to say it isn't impossible, but it wouldn't surprise me that taking a laptop/ipod/some other storage device big enough around to another friends house and getting all the updates is going to be beyond most people.
Also, last time I checked, I can't download all the updates that have been developed after XP SP2 was released from a machine running Windows 2000.
(side note: I'm on a 56k modem at home and therefore don't have a spare 3 weeks to get the several hundred megabytes of updates - and autopatcher xp hasn't been updated after sp2 was released)
Re:Catch-22 (Score:2, Insightful)
Re:Catch-22 (Score:2)
if all dns querys outside of this would be dropped from users that are flagged as bad, it would also make the dos ineffective in the meantime.
Not really (Score:5, Informative)
I don't know if this is what bigpond are doing, but that's the usual way to handle this and it seems to work extremely well. My ISP uses a similar trick when users go over quota.
Nothing new (Score:5, Interesting)
Re:Nothing new (Score:2)
Re:Nothing new (Score:3, Informative)
Normally there is no filtering whatsoever.
How will the user tell the difference? (Score:5, Interesting)
I can see it now:
Customer: My broadband is down again.
Bigpond: Oh, I see. Well from time to time this does happen for a brief moment...
Customer: It's been down all day, and it's happened every day this week.
Bigpond: I see.. What's your account *clickety* Oh yes, we've marked you as a computer with a trojan. Please do a virus scan and call us back, if it comes back negative we'll re-connect you.
I'd go with someone else but they're the only broadband provider for my area. And I live in Sydney (the suburbs, an hour from the city itself)
Just traffic? Or trojan traffic? (Score:5, Informative)
My ISP does exactly this, if it suspects trojan traffic it shuts you down (and snail mail you). You subsequently call the helpdesk, they ask what you did to resolve the matters (The ISP provides FREE anti-virus and firewall software). If they rae happy with your counter measures, theyll reconnect you in a jiffy.
If you can explain you have a legit reason to hit DNS 9765 times per second, I suspect they'll unlock you too.
I love it.
Slow response times? (Score:5, Insightful)
If Telestra is like any other large ISP I've seen, I figure that the first thing they should do is hire (or allocate) a good gaggle of AUP investigators so that their intelligence on this problem is reasonably real-time.
They could also write some scripts to log and categorize the DNS queries that they're getting from their customers. It should be fairly easy to automatically identify the worst offenders. You could then send notes to their owners, and if there's no reasonable response, pull the plug. Over the last few years, I think that I've written scripts to do pretty much everything but the last step, so I know it's doable. (that last step should almost always be manual).
Re:Slow response times? (Score:2)
The idea is that when their replybox gets closed, they won't be able to collect. However, the enthousiastic "we have removed this user's account" message that I seldomly receive is rarely within a week of the complaint, making the entire process useless.
For v
Other ISPs block ports in order to reduce threats (Score:3, Informative)
Re:Other ISPs block ports in order to reduce threa (Score:2)
Putting up random port blocks for everyone is going to cause random problems to legitimate users.
suspected PCs? (Score:2, Interesting)
Why not simply do a precise measurement (get the netflow from the router) and take actions based on correct data rather then guessing?
I for one wouldn't want to be cut off by my ISP because of someone at the ISP is guessing.
My permanent boycott of Telstra (Score:5, Informative)
Apart from the above, to some degree there are now price incentives to use other carriers as well, particularly for voice. If you've got a credit card, you also might want to check out TPG [tpg.com.au] for ADSL...they probably have the best deals I've seen.
NTL (Score:5, Insightful)
Other people with this problem have speculated that Linux machines (which NTL allows but "doesn't support") are sometimes mis-detected as Netsky-infected Windows PCs.
The moral is, if this sort of thing is going to become widespread, they need good detection of many different types of network usage, and they need to tell them by phone instead of just giving them what looks like a default-homepage highjack.
In a similar vein, remember MS marking VNC as spyware? Imagine if an ISP starts taking down VNC servers for the users own security, etc, etc.
sick are put in quarantaine net (on this uni) (Score:5, Interesting)
Pretty Standard (Score:5, Interesting)
It's amazing how quickly you can get your network under control doing this. And 9 times out of 10 the end user is greatful that you were willing to work with them to help them correct the problem.
Fixing infected machines on your network only makes the network a better place for everyone using it.
Not So Fast, Sonny Jim (Score:5, Funny)
I've seen Telstra claim that a customer on a 512/128 line (512kb/s down, 128kb/s up) uploaded 4GB in 20 hours. When I pointed out that this was impossible, they suggested that maybe the user's computer had been infected by a virus - and insisted that I check this before they would investigate.
I then spent some time explaining the concept of arithmetic to the Telstra support desk...
Best Practice (Score:5, Insightful)
Back this up with your regular tech support. Yes, some users will be too clueless but a good deal won't. A fair percentage of the clueless ones will catch on quickly when their internet gets shut off and stays off. I can guarentee you the network traffic they'd get would drop to a third of the levels seen before.
Actually, in this perspective AOL's lackluster virus and spyware protection make perfect sense.
How acquire spyware removal tools if disconnected? (Score:4, Insightful)
A better idea would be to restrict bandwidth and connections on infected computers. The ISP should also post everyone they disconnect a CD with the usual free tools and instructions on how to use them. Along with Firefox and Thunderbird, of course.
I agree though, action should be taken against owners of zombie computers. They're irresponsibly spoiling the internet for others. Such users who think 'Internet Explorer' is the internet and believe the internet = the web.
While such ignorant users should be allowed to run computers in private, once they're connected to the internet, they become a danger to everyone else. The way I see it, I'm not allowed to drive a car on the road without first taking a test to make sure I can use it safely, and recognise and repair common problems (or at least take the car to the garage). This requires knowledge of both how the mechanics of the engine work, and of the highway code. So why are people who have never even seen the inside of computer and don't realise that connecting an unpatched WinXP box to broadband is as dangerous as speeding down a motorway in the opposite direction to all traffic, allowed to do exactly that?
Re:How acquire spyware removal tools if disconnect (Score:3, Insightful)
Really??
J.
That's nothing (Score:5, Interesting)
Blows my mind.
(Uni computing services) != (commercial ISP) (Score:5, Insightful)
So our ISP (U of R computing services) not only disconnected him from the network,
So you get your Internet feed through Uni computing services - noted.
but refused to let him back on the network unless he agreed to give them his computer and let *them* run an antivirus scan on it , after which it would be returned.
That's actually not a bad idea. They want to be sure that the system in question is no longer a problem. I'm sure you can see where a user would have motivation to lie about the scan if it would get him back on the network.
but the point is that our ISP can not only watch your internet traffic(as they have been), but if you "get a virus" they can disconnect you and demand they have access to all your personal files at will.
Blows my mind.
Re: watching traffic, disconnecting users - re-read the Terms of Service you signed when you accepted their Internet access; I suspect you will find they've had these capabilities all along.
However, your comment about demand... access to all your personal files at will is completely ridiculous.
First, computing services will only need to examine your PC if it causing a problem for other users; if things have gotten to this point you are either unable or unwilling to maintain the machine yourself and have effectively abdicated this responsibility.
Second, you probably already gave them permission to require such a scan when you agreed to the ToS (see above).
Third, who says your personal files have to remain on the machine if/when you turn it in for virus scanning?? Your roommate was told to deliver the computer; he can sanitize it before he does so. (This should be obvious.)
The University is not a commercial ISP. They provide the Internet access as a tool for you to use to further your education. It is a shared resource, and if you are causing problems they can rectify said problems as necessary based on the ToS. If you don't like their ToS you are free to go back to dial-up or pay for a T1.
My ISP does this regularly (Score:4, Informative)
There are two restrictions: Netcologne certainly does not monitor all traffic - they react on abuse-messages. And this "service" is not available to business costumers.
Routine? (Score:3, Insightful)
However it never used to be, this aggressive step of securing our network was prompted by the ISP being threatened with a Usenet Death Penalty, twice.
Whether this BigPond story is any different (Because it deals with Trojans rather than mail relays) is another matter...
Cox Business ISP Does This (Score:3, Interesting)
Haven't had to deal with their nice security people myself (No Windows or Linux or Sendmail here!), but I've laughed at colleagues who have. Mostly the same people who believe a $70/month cablemodem or DSL connection can replace their $800/month fiber line for serious webhosting enterprises.
SoupIsGood Food
This is certainly within precedent (Score:4, Insightful)
Ah... this is unusual? (Score:4, Insightful)
Roger's Cable Internet (Canada) Is Doing it Too (Score:3, Informative)
Both were very easy to remove, I even used Microsoft's Malicious Software Removal Tool [microsoft.com] (gasp) that was quick and easy. I wish they would kick all of these infected PC's offline and we wouldn't be dealing with these erratic spikes that have now made turned FPS gaming into a modem like affair.
I bet a few of the "free" antivirus companies, like AVP could make a killing sending out "AOL Like" demo cd's that cure the ails of all these banished network newbies.
Re:moo? (Score:2)
If I feel particularly nice, I will look up the abuse E-mail address using dnssstuff.com and send a report.
Re:Potential boon for alternative OSes (Score:2)
Being ignorant on Windows is not much different than being ignorant on Linux.
Re:Potential boon for alternative OSes (Score:5, Informative)
1). the default user is not an administrator
2). 99.9% of malware cannot run. If it did, then it'd cause minimal damage (see 1.)
3). There is no ActiveX
4). etc, etc, etc
The average Linux (non root) user can be as clueless as he/she likes and won't get into trouble.
Re:Potential boon for alternative OSes (Score:3, Insightful)
1). the default user is not an administrator
Wait until Linux goes mainstream. Most people will just log in as root for normal activities to avoid the hassle of "su". After all, they don't have to bother with such annoyances under Windows. If they don't log in as root, they will happily supply the root password and/or click "OK" for any popup - just like on Windows.
The problem is that the average Joe has no idea how computers work, and they don't want to think about it.
Re:Last email they got (Score:3, Insightful)
2. If they had any smarts at all, they'd still allow the client access to a whitelist of sites - windowsupdate, symantec, etc, as well as allowing them access to their own web/ftp sites to download fixes. If they don't, they're only doing a half-ass job of helping to fix the problem.