Well stated situation, Bob. However, I was trying to propose something more akin to a backbone policing endeavor, which would ideally keep any major botnet infections from taking hold -- there will always be zero-day issues, of course, but by the time 10K machines are infected, it should be easy enough to identify their traffic and simply eliminate it.
So the scenario I envision would be one where the customer only has an issue b/c their computer is running so slow (any successful small-time or failing big-time infections have similar effects as they do today), at which point the user does whatever they wish, call RentANerd, etc. My idea (well not MINE) is to simply squelch the channels by which the botnets are attempting to do their own useful work, and also the channels by which the update themselves and spread. Again, this would only affect major & known botnets/malware, but ... imagine for instance if our networks only had to support 1/10 or 1/1000 the amount of spam! We'd all be jumping for joy, and shouting, "It works! It works!" :) So yeah, I don't expect any small-beans ISP's to deal with it, I expect some sort of global or nation policing effort, ON the backbone, so to speak... of course, the implementation could go horribly wrong, and the system itself could be compromised... but getting it wrong is how we best learn to get it right, correct? Pie in the sky, at present, as far as I know, since I haven't been participating in the Portland Infraguard group for a few years, but I expect that these things are in fact discussed by those with both the might and the right to get're done. cheers, ben PS - To summarize, it'd have to be "good for business". Reducing traffics jams and increasing accident-recovery times are crucial for the shipping industries who rely on the public roadways, isn't this about the same as the internet? (No, we wouldn't have state troopers rebuilding your carburetor when you're pulled over...) On 2/13/07, Bob Miller <[EMAIL PROTECTED]> wrote:
Ben Barrett wrote: > And why aren't google, microsoft, and major ISP's really cracking down > on the botnet infrastructure?? They have all the tools and the power.... Let's see what happens. $ISP puts in place a system to identify pwnzored boxes. The first day, they identify 250,000 of them. So they select a random 10,000 and shut off their internet access. "Customer Support, may I help you?" "The Internet is broken." "Let me check... Oh, your computer is part of a 'botnet. We shut it off for your protection." "What do you mean I bought part of .NET?" "Your computer is infected with malware and is ruining the internet for everyone else. We shut off your connection." "Well how do I get it turned on again?" "[hold hand for five hours while reinstalling Windows+patches+antivirus yada yada]" "Thanks!" <click> 2 days later: "Customer Support, may I help you?" "The Internet is broken again!" "Let me check... Your compuer is infected again." "This sucks. My brother uses AOL and he never has these problems. I'm switching to AOL. Cancel my account. You suck. I'm telling all my friends you suck." <click> Net result for $ISP: huge customer service costs, many lost or PO'd customers. So $ISP certainly isn't going to take the initiative. You can write your own dialogue about what would happen if Google tried it. Microsoft, to its credit, did clean up XP a lot in Service Pack 2, and suffered from a delayed and feature-free Vista, costing shareholders billions. -- Bob Miller K<bob> [EMAIL PROTECTED] _______________________________________________ EUGLUG mailing list euglug@euglug.org http://www.euglug.org/mailman/listinfo/euglug
_______________________________________________ EUGLUG mailing list euglug@euglug.org http://www.euglug.org/mailman/listinfo/euglug