Slashdot Mirror

← Back to Stories (view on slashdot.org)

ISP Restrictions Based on Hardware/Software?

Posted by ScuttleMonkey on from the government-always-knows-what-is-best-for-me dept.

An anonymous reader writes "IT Architect magazine is reporting that ISPs are working towards a greater restriction of a customer's right to run what may be 'insecure' software. From the article: 'A greater threat is that ISPs may try to restrict the customer's side by denying access to machines based on their hardware or software configuration. [...] former head of cybersecurity, White House terrorism advisor Richard Clarke even said it should be made mandatory to quarantine malware.' Something that may also come as a surprise to some is that Microsoft is completely against this censorship of internet access. 'According to Chief Privacy Officer Peter Cullen, Microsoft is against ISPs doing anything that would restrict customers' choice of software. And he says this isn't just about the impracticability of demanding that data centers patch everything on the second Tuesday of the month. Laptop and home users also have the right to run an insecure PC.'"

11 of 387 comments (clear)

  1. Microsoft's involvement by Raul654 · · Score: 5, Interesting

    At the risk of pointing out the obvious, but - does it surprise anyone that the maker of the #1 target for malware writers is actively campagining against ISPs downthrottling infected users' PCs? I mean, if customers found out that Microsoft Windows = your ISP cuts down your rate, are people more or less likely to buy Windows? Their actions seems like obvious good buisness practice to me.

    --


    To make laws that man cannot, and will not obey, serves to bring all law into contempt.
    --E.C. Stanton
  2. Sign me up. by grub · · Score: 5, Funny


    I want on the OpenBSD-only ISP.

    --
    Trolling is a art,
    1. Re:Sign me up. by JoshWurzel · · Score: 5, Funny

      All five of you are going to have a damn secure internet experience!

  3. Re:Of course Microsoft is against it... by grub · · Score: 5, Insightful


    Depending on your definitions, banning malware could mean banning Windows!

    Or if the RIAA/MPAA have their way: P2P traffic. Be careful what you wish for.

    --
    Trolling is a art,
  4. Re:Of course Microsoft is against it... by N3Roaster · · Score: 5, Insightful

    While true, I really doubt ISPs are going to start blocking Windows users from accessing the Internet. Not only because they'd be blocking somewhere between most and all of their customers (Why yes, we'll sell you Internet access, we just won't let you use it.), but I've also encountered a lot of ISPs that would get really freaked out (for no good reason) if they heard you planned on connecting with anything but a Windows PC.

    --
    Remember RFC 873!
  5. Re:Of course Microsoft is against it... by Todd+Knarr · · Score: 5, Interesting

    That'll actually not work for most ISPs. If you call my ISP (Cox Cable) for a new installation these days, the installer will show up with a home router/firewall along with the modem. You have to ask to get a direct computer-modem hookup, or do the installation yourself. Windows-only access agents don't play well with that setup. Cox went with it, BTW, because it's cheaper and easier for them to manage the firewall and router than it is to keep dealing with malware/virus-related support calls from clueless Windows users.

  6. The two sides of this issue: by crazyphilman · · Score: 5, Insightful

    Side #1: Microsoft is terrified of this because it will set a precedent whereby an ISP will be able to cut people off based on the ISP's view of their software configuration. So, ISPs will be able to threaten to kick Microsoft in the balls unless they get favorable treatment (RE: cheaper prices), and home users will be able to demand that tainted machines get knocked off the web until they're fixed (which will mostly affect MICROSOFT). Microsoft, God bless 'em, is naturally against the whole thing.

    Side #2: The TRUE result of this will be that lazy ISPs (read: most ISPs) will just lock out anything that doesn't match some piece of shit filter they put in place. So, a fully patched Microsoft or Apple box will probably be able to connect, but my Slackware box will NOT. And when I call tech support, the retard who takes my call will say "SlackWHAT? You can't run that on our network, for, uh... SECURITY reasons. Why don'cha run Winders like everyone else?" And I will be forced to resort to cruel, mocking language, upsetting his supervisor and getting me absolutely NOWHERE.

    So, naturally, I'm against this bullshit too. ;)

    --
    Farewell! It's been a fine buncha years!
  7. isp's blocking p2p traffic by spongebill · · Score: 5, Informative

    verizon wireless is already doing this over their unlimited broadband 500kbps wireless data plan for 60 bucks a month restricts the user from ANY large upload or downloads. here, this quoted from verizon's website.
    PROPER USES:
    "Unlimited NationalAccess/BroadbandAccess:
    Subject to VZAccess Acceptable Use Policy, available on www.verizonwireless.com. NationalAccess and BroadbandAccess data sessions may be used with wireless devices for the following purposes: (i) Internet browsing; (ii) email; and (iii) intranet access (including access to corporate intranets, email and individual productivity applications like customer relationship management, sales force and field service automation).

    SUCH USE DESCRIBED BELOW WOULD BE SUBJECT TO TERMINATION OF SERVICE CONTRACT
    Unlimited NationalAccess/BroadbandAccess services cannot be used (1) for uploading, downloading or streaming of movies, music or games, (2) with server devices or with host computer applications, including, but not limited to, Web camera posts or broadcasts, automatic data feeds, Voice over IP (VoIP), automated machine-to-machine connections, or peer-to-peer (P2P) file sharing, or (3) as a substitute or backup for private lines or dedicated data connections."

  8. Re:Of course Microsoft is against it... by mikiN · · Score: 5, Interesting

    I remember one ISP which required every ADSL connection to be installed by a technician. The tech also would only sign the activation form if he had personally done and verified the configuration of a Windows PC. (This was well before the current malware flood.)
    One of my friends had to dig up a spare PC running Windows just for this purpose.

    --
    The Hacker's Guide To The Kernel: Don't panic()!
  9. Re: Err.... by Alsee · · Score: 5, Interesting

    I wonder how many minutes it would take for someone to write an emulator to send back the "A-OK" signal.

    You CAN'T.

    Not just working with software anyway. This is the Trusted Computing Group's Trusted Network Connect system. I'm been posting on Slashdot about it for over a year now. Thesystem is based on everyone having a Trust chip in their computer (which will come standard in all PCs as a hardware requirement for Windows Vista). The Trust chip spys on and locks down your computer - locks it down against you. Each chip has a unique master key locked inside the silicon... a key that the owner is forbidden to know. In fact the chip is boobytrapped to self destruct if you attempt to open the chip to get at your key. This key is cryptographically signed by the manufacturer, and the manufacturer's key is cryptographically signed by the Trusted Computing Group.

    What happens is that the chip can lock files on your computer. If you attempt to make any "unauthorized" modification to your hardware or software, the chip denies you any ability to read or modify your files (you can always delete/destry files, but you can't alter them).

    When you try to log on to your ISP, the ISP asks the chip for a "Remote Attestation". The chip then sends a spy report listing exactly what hardware you have and exactly what software you are running. This list gets cryptographically signed and authenticated by the chip. You are forbidden any control over this spy report. The ISP then checks whether they like the hardware and software on the list. If they don't, they refuse you any internet access. They then check the signature authenticating the list, if that fails, you are again denied internet access. Then they check the manufacturer's signature authenticating it as a genine Trust chip. Again, failure means no internet for you. They then check that there is a valid Trusted Computing Group signature on the manufactuer's key, proving that the manufacturer and all chips made by them are properly compliant to deny you control over the master key in the chip and to securely lock down your computer against you and to enforce DRM systems.

    Without a genuine key and all of the proper signatures on that key, it is cryptographically impossible to fake the "A-OK signal".

    The only way to "fake" the system is to buy a genuine compliant PC and to physically rip a genuine key out of the genuine chip - the boobytrapped self destructing chip.

    Oh, and if you do buy one compliant PC and you actually HAVE a sophisticated laboratory and you manage to bypass/disable the boobytraps and selfdestruct mechanism rip one key... that is only good for liberating ONE machine. If you attempt to give that ONE key out to your friends to use in software to fake the system, it will immediately be spotted that that key is in multiple use and has been replicated. As I said, each chip has a unique key. If any key is seen in multiple use then it no longer a legitimate and properly secured key and it immediately goes on a revokation list. All machines attempting to use that key then drop dead.

    So for each machine you want to "liberate", you must PURCHASE one GENUINE compliant computer and physically rip the chips one by one. And even then you need to be insanely careful never to leak the fact that your machine is liberated and capable of doing things that you are not permitted to be able to do, or again that key is revoked and drops dead and your REAL MONEY PURACHASE gets flushed down the toilet and you need to pay for another compliant PC to rip another key.

    And if the do roll this out, does anyone really dobt that is will be highly criminal to forge the signature and to lie to your ISP every time you log on? Not only is it a contract violation, but it will be computer crime. It is illegally hacking to obtain unauthorized access to a computer network. In fact the way the law is written the already draconian prison terms for that almost inherently carry two or three "special aggravating circumstances" to multiply

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  10. The Horses Mouth by Crudely_Indecent · · Score: 5, Funny

    As an admin for an ISP, I can safely say that Microsoft Windows users are safe from descrimination by us. As the parent mentioned, 99.9% of our users are running Windows. The problem arises when customers want to run some super-wiz-bang email client and expect the ISP to support it.

    Spend an hour on the phone with someone trying to explain that you're not blocking their access to email but that you just don't know how to configure their software. This goes for almost any software that accesses the internet. I've been asked to troubleshoot problems with p2p apps, instant messaging clients, firewalls, spyware scanners, obscure Linux distros, outdated software (windows 3.1), and microwaves (yes, I've talked a customer through setting the time on their microwave...I was bored)

    I actually had a conversation with my brother tonight about this very topic. Technology is so easy to obtain, everyone thinks they're qualified to use it. My broadband customers frequently plug their gateway into the lan side of their router (at least two users per day.) Of course, it's my fault that they didn't (can't) follow the picture-book instructions. Personally, I'd like to see the good-old-days return, when computer users knew how to use their computers. The days when calling tech-support was a last resort are long gone....people now call tech support in order to turn their computer on.

    --


    "Lame" - Galaxar