Well stated situation, Bob. However, I was trying to propose something
more akin to a backbone policing endeavor, which would ideally keep any
major botnet infections from taking hold -- there will always be zero-day
issues, of course, but by the time 10K machines are infected, it should
be easy enough to identify their traffic and simply eliminate it.
So the scenario I envision would be one where the customer only has
an issue b/c their computer is running so slow (any successful small-time
or failing big-time infections have similar effects as they do today), at
which point the user does whatever they wish, call RentANerd, etc.
My idea (well not MINE) is to simply squelch the channels by which the
botnets are attempting to do their own useful work, and also the channels
by which the update themselves and spread. Again, this would only affect
major & known botnets/malware, but ... imagine for instance if our networks
only had to support 1/10 or 1/1000 the amount of spam! We'd all be jumping
for joy, and shouting, "It works! It works!" :)
So yeah, I don't expect any small-beans ISP's to deal with it, I expect some
sort of global or nation policing effort, ON the backbone, so to speak...
of course, the implementation could go horribly wrong, and the system
itself could be compromised... but getting it wrong is how we best learn
to get it right, correct? Pie in the sky, at present, as far as I know,
since
I haven't been participating in the Portland Infraguard group for a few
years,
but I expect that these things are in fact discussed by those with both the
might and the right to get're done.
cheers,
ben
PS - To summarize, it'd have to be "good for business". Reducing traffics
jams
and increasing accident-recovery times are crucial for the shipping
industries
who rely on the public roadways, isn't this about the same as the internet?
(No, we wouldn't have state troopers rebuilding your carburetor when you're
pulled over...)
On 2/13/07, Bob Miller <[EMAIL PROTECTED]> wrote:
Ben Barrett wrote:
> And why aren't google, microsoft, and major ISP's really cracking down
> on the botnet infrastructure?? They have all the tools and the
power....
Let's see what happens. $ISP puts in place a system to identify
pwnzored boxes. The first day, they identify 250,000 of them. So
they select a random 10,000 and shut off their internet access.
"Customer Support, may I help you?"
"The Internet is broken."
"Let me check... Oh, your computer is part of a 'botnet. We shut
it off for your protection."
"What do you mean I bought part of .NET?"
"Your computer is infected with malware and is ruining the
internet for everyone else. We shut off your connection."
"Well how do I get it turned on again?"
"[hold hand for five hours while reinstalling
Windows+patches+antivirus yada yada]"
"Thanks!" <click>
2 days later:
"Customer Support, may I help you?"
"The Internet is broken again!"
"Let me check... Your compuer is infected again."
"This sucks. My brother uses AOL and he never has these problems.
I'm switching to AOL. Cancel my account. You suck. I'm telling
all my friends you suck." <click>
Net result for $ISP: huge customer service costs, many lost or PO'd
customers. So $ISP certainly isn't going to take the initiative. You
can write your own dialogue about what would happen if Google tried
it. Microsoft, to its credit, did clean up XP a lot in Service Pack
2, and suffered from a delayed and feature-free Vista, costing
shareholders billions.
--
Bob Miller K<bob>
[EMAIL PROTECTED]
_______________________________________________
EUGLUG mailing list
euglug@euglug.org
http://www.euglug.org/mailman/listinfo/euglug
_______________________________________________
EUGLUG mailing list
euglug@euglug.org
http://www.euglug.org/mailman/listinfo/euglug
