ISPs and Security

[morganlefay]

I have just read an article on home users and security issues

http://www.washingtonpost.com/wp-dyn...2004Oct25.html

Most users dont know the difference between a desktop firewall and an AV program...and are unaware that they are infected with malware.

USA Today noted, "Debate continues over who is responsible for securing the Internet. Tech suppliers say they are doing all they can and consumers need to do more. Critics say tech suppliers should work harder to stem the flow of malicious traffic at major Internet gateways. 'This survey reinforces the truth that nagging consumers to add firewalls and anti-virus tools, and to implement difficult updating processes, is a failed strategy,' says Alan Paller, research director at the SANS Institute, an Internet security training center."

I was wondering what the AO members thoughts are on the ISPs\providers responsiblity on filtering malicious traffic??

IMHO ... I think they should be filtering traffic for home users, currently my ISP offers a firewall service...for a monthly "fee". Having a hardware firewall already...so I dont need it...and I consider myself fairly computer\security savy...but I would not say I am the "average" home user (although my kids are..I clean about 200 spyware each week off their computer)...and obviously we cant leave it up to the home user to be securing themselves...Its just not working.

If the ISPs were able to shut off this type of traffic...from the home user...

Wouldn't it make for more secure internet????

Wouldn't the ISPs benefit from this...in the reduction of traffic and bandwidth??


Dont get me wrong...I understand that there are several unpatched business\webservers etc out there... and that business requirements greatly differ from home user (would be a different service offering from the ISPs as the filtering may interfer with services required by business)

but if we could "control" the home users enviroment it should dramatically reduce the malware...


Or is this TOO Big Brotherish

Just thoughts

MMLF

[MrLinus]

I'm not surprised that users don't understand the difference between AV and Firewalls. When you see advertisements that state "All you will ever need is AV product X!" or "Product Y is the ultimate solution to hackers!". Now, in the fine print of the fine manual it might make the distinction but let's be real here. Users do not RTFM.

In some ways, I do think the ISPs should filter out some of the spam/viruses. There is a user on my subnet with my ISP who -- to this day! -- is still infected with Code Red. Now it could be a honeypot but I've complained a few times about the attempted propogation that this thing sends out. Heck, I even offered to provide -- for free -- help to this guy to solve the issue. My ISP has begun to filter "spam" as well as have AV detection software. It does make it easy for me to identify the ones that are infected but I recognized that it's not a perfect system. The question would be would users? Probably not.

I went to a get together this weekend and decided to help a friend out by checking her machine. She had been complaining that the machine was shutting itself down (it's a laptop and the manufacturer -- HP -- had placed the fan under the laptop, so it overheats! Poor design). That said, she didn't have AV installed (there was an icon on the desktop she said so she figured it was installed -- it was the actual Norton's 2002 AV installer Icon). So I did a check for trojans, viruses, worms and spyware. By the time I was done I had removed about 30 trojans and about 450 various spyware types.

Then I went about explaining to her what I was doing, what I was installing and what she needed to do. Needless I did get the standard reply of "but I don't know computers..." to which I replied "You don't need to understand everything -- just how these work and how to keep them working".

[CXGJarrod]

How would you suggest filtering the traffic? By IP? By port?

Personally I think that users need to be able to secure their own computers. You may not be able to change your own tire, but you can at least see when its flat. They dont just give you a car and say "here you go, you can drive now." No, you have to show some sort of competence in driving.

[ss2chef]

Few thoughts to ponder...

Having worked for many years as a network engineer for ISP's , I can say without a doubt, if a configuration change has the potential to cost more money, an ISP will balk at the change.

1st you have to remember that these days dialup services are mostly shared pools managed not by the ISP but by a larger bandwith provider. An example of this is here in Denver, all major ISPs including MSN, AOL, Earthlink, Qwest, and may others lease/rent dialup port facilities from Level 3 Communications. The ISP simply manages an Authentication service which talks to their allocated dialup ports and allows or denies access to what turns out to be leased bandwidth on Level 3's network.

In short, many ISPs have no real control over their service. To the extent that they could apply
filters even if they wanted to.

ISPs in general offer no altruism to the Internet. It's all about money. When you calculate access, abuse processing, and tech support costs, a dialup account is very close to a money loser. Broadband is getting cheaper in most areas and cheaper will almost always mean less features not more.

Don't forget, there are many small and home based businesses that rely on cheap Internet access and the line between home/business is getting very thin.

Filtering is a dangerous business decision. With current technology, the chance for false
positives is still huge. In our litigious society, people sue for missing important business emails as well as missing the weekend greeting from Grandma.

[hypronix]

As far as my ISP is concerned there is the option of spam filtering, either simply by marking [but still receiving] spam or altogether deleting it. When it comes to content filtering wouldn't that require an increase in the required server power on the ISP side? I do think, however, that they should be having some basic antivirus/worm protection system since propagation of these 'organisms' does cause bandwidth hogging and unhappy users.

[morganlefay]

I dont think you can compare owning a computer to owning a car...

They dont just give you a car and say "here you go, you can drive now." No, you have to show some sort of competence in driving.

My kids have been around computers and cars since they were born.....I let them use a computer...and they are very competent (actually are already better typers then me )

But there is no way I would let them use\play with or in (too many dead kid in the trunk stories)\or drive my car....

They are capable of installing\uninstalling software, browsing the internet, emailing their friends and using msn...but are not anywhere near able to operate my car...and this is because cause the home PC is easy to use....and was made to be.

Their grandmother on the other hand...has no clue on computers...but is a very capable driver

And it not just computers...my kids know how to operate their dads very complicated (and hi-tech) audio\video system....and other then blowing some tweaters (and or eardrums)...they are really not compromising their safety...or privacy....or mine for that matter.

IMHO...they are 2 different things


[

Don't forget, there are many small and home based businesses that rely on cheap Internet access and the line between home/business is getting very thin.

I think small business would benifit as they have the budget constraints

I do think, however, that they should be having some basic antivirus/worm protection system since propagation of these 'organisms' does cause bandwidth hogging and unhappy users.

This is my point...

In some ways, I do think the ISPs should filter out some of the spam/viruses. There is a user on my subnet with my ISP who -- to this day! -- is still infected with Code Red. Now it could be a honeypot but I've complained a few times about the attempted propogation that this thing sends out. Heck, I even offered to provide -- for free -- help to this guy to solve the issue

I cant understand why they cannot shut down this type of traffic....

I also cannot understand why they couldnt offer a seperate service to business..with tweaked filtering.

Again...only thoughts

MLF

[Computernerd22]

Most users dont know the difference between a desktop firewall and an AV program...and are unaware that they are infected with malware

This is sad but very true. I work for a major ISP in the United States of America and most users are novice also dont know the difference between a "left click" and a "right click" on the mouse.

I was wondering what the AO members thoughts are on the ISPs\providers responsiblity on filtering malicious traffic??

When you connect to your ISPs most of them are behind proxy servers or connecting you to a VPN network. If your on your ISPs network then you should be pretty secure if your on their network. Also, customers are responseable for the their own security of their PCs not the ISPs. ISPs will not be liable for any actions on consumers PCs.

If the ISPs were able to shut off this type of traffic...from the home user...

Wouldn't it make for more secure internet????

They can shut off that traffic they will just disconnect the user. If ISPs shut off certain types of traffic from home users PC stopping them from running certain applications on their on systems, customers would be very mad and would be calling cancelling service.

Wouldn't the ISPs benefit from this...in the reduction of traffic and bandwidth??

ISPs care about customer service is number #1. Reduction of certain network traffic and bandwidth are a second