funsec mailing list archives
Public Policy and Consumer ISP Hygiene (was Comcast pop-ups)
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Sun, 11 Oct 2009 22:29:05 -0400
Many of us have agreed that, for competitive reasons, it's not possible for ISPs to lock infected users out of a network. I'd like to suggest a crazy idea for your reaction: A law governing ISPs that sets rules for these situations. It sets rules for how they can and should contact users about suspected infections and *requires* that they isolate such users until that user remediates their systems(s), and sets rules for how that is determined. The point of this would be to protect ISPs from the competitive impact of taking those users off the network: If they can't just take their business elsewhere, to a less-responsible ISP, then they will have more of an incentive to fix their problems. One could argue that such rules would be devastating to small ISPs (time to call Brett Glass; is he on this list?) On the one hand perhaps we could say (not sure if this is legal) that it only applies to large ISPs, perhaps those who provide their own physical infrastructure to the user (fiber, cable, etc.).On the other hand, such a distinction would create an incentive for smaller ISPs to have lax security in order to scoop up infected refugees from the large ones. (Think virual leper colonies.) Perhaps there's a better way to deal with this, or perhaps the answer is just that smaller ISPs will suffer. It's possible, in fact, that the ISPs who took customer service the most seriously would do well under such a policy. The ones who don't help users would suffer the worst. I'm thinking out loud here; I don't necessarily believe in this as a matter of policy. Certainly it would be highly disruptive to users and some thought would have to go into how it was implemented. Many users, for instance those still running Win98, really can't be secured anymore and may be effectively banished. And I don't like the idea of telling people what they can and can't run, but that's where the policy might actually head. On the other hand, if you want to clean up the consumer ISP networks in the US, this would seem to be a way to get a lot of it done. Not perfect of course, but it gives users a real incentive to keep their systems clean. Local consultants and security software companies should make out like bandits. Larry Seltzer Contributing Editor, PC Magazine larry_seltzer () ziffdavis com http://blogs.pcmag.com/securitywatch/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- dumb. Comcast pop-ups RandallM (Oct 10)
- Re: dumb. Comcast pop-ups Jon Kibler (Oct 10)
- Re: dumb. Comcast pop-ups Alex Lanstein (Oct 10)
- Re: dumb. Comcast pop-ups Rich Kulawiec (Oct 11)
- Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Larry Seltzer (Oct 11)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Larry Seltzer (Oct 12)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Valdis . Kletnieks (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Rich Kulawiec (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Rich Kulawiec (Oct 16)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 16)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Valdis . Kletnieks (Oct 16)
- Re: dumb. Comcast pop-ups Alex Lanstein (Oct 10)
- Re: dumb. Comcast pop-ups Jon Kibler (Oct 10)