This is definitely a business opportunity for any ISPs that wish to take advantage of it... Hire clueful abuse desk people, set up a good IDS, run spamassassin on your mail servers, and offer free antivirus software to the broadband connected bare win32 PCs. I am sure midsize ISP marketing departments will be able to brand this with a slick name and print brochure or TV commercial.
"Tired of spam and junk on the internet? Sick of Pop-ups? Worried about the spread of worms and viruses? We're better than the competition, and here's why...!"
We implemented an IDS system. The ROI comes from the inbound attacks being detected/prevented/shunned. But it's also listening to the outbound stuff, so when we see that a customer has the flavor of the week, we cut him off, give him a call and some friendly advice, and everyone's happy. When we see IRC joins and port scans from a customer server, we give him a call, advise him that he's been rooted, and offer to assist in his recovery (can you say business opportunity, folks?).
Blocking ports is fine as long as you let people know what you're blocking and why, offer alternative solutions and offer to unblock if it's an absolute requirement. Often, once properly educated about the risks, a lesser experienced admin will be excited about the opportunity to do it the more secure way, and will begin preparations, so I've found the "unblock" is usually temporary.
