Let’s cut off the users’ connectors!
Steve Ranger at Silicon.com published an interesting (Chinese interesting, that is) article on Tuesday (6 Dec): Want to stop botnets overnight? Ban infected PCs from the net. The title is unfortunate, because I think even Steve knows that banning (known) infected PCs wouldn’t stop botnets anytime soon, nevermind overnight.
The time has come to ignore the howls of protest, the cries of ‘I didn’t know!’ and ‘It wasn’t me!’, and to decide that if a PC is infected with viruses or has become part of a botnet, it should no longer be allowed access to the internet…
ISPs can easily spot if a device is part of a botnet, or is riddled with viruses… [No]
Taking these rogue PCs off the net will save the rest of us time, money and hassle. It sends the message that accessing the web is a privilege to be earned and not a right to be unthinkinhgly [sic] abused… [It is now considered a ‘human right’]
…I’d wager the spam and botnet problem would disappear overnight if such measures were put in place. [No they won’t]
Want to stop botnets overnight? Ban infected PCs from the net.
Oh, where do I begin?
Rather than that, I turned to Kaspersky’s David Emm for an opinion. “On the face of it,” he said, “this seems very reasonable – but it’s not as straightforward as it sounds.
“A few years ago,” he continued, “the House of Lords Science and Technology Committee, in its report ‘Personal Internet Security, suggested that we ought to review the ‘neutral carrier’ status of ISPs and make them assume some responsibility for what goes through their network. If we were to do so, however, it would not be very easy to enforce. You would have to demonstrate that an ISP knowingly transmitted malware across its network.”
That word ‘knowingly’ has wider ramifications. What do we do with the user who has the latest security, but gets caught by an unknown 0-day virus? Warn him/her? And then it happens again, and once again. Cut him off at the connectors? It’s not the user’s fault – he or she was as well-protected as possible. Is it the security industry’s fault? Hardly.
“And anyway, continued David, “if we were to introduce such measures, there might be a danger that consumers would wash their hands of the problem and see it as the ISP’s responsibility.” Well, you could make a better case for it being the ‘fault’ of the ISP than the user; so what do we do? Shut down the ISP?
“The truth is,” says David, “that we all have to assume responsibility when we go online.”
Singling out the user is not the way to go.