Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australian ISPs Asked To Cut Off Malware-Infected PCs

Posted by timothy on from the good-of-the-tribe dept.

bennyboy64 writes "Australia's Internet Industry Association has put forward a new code of conduct that suggests ISPs contact, and in some cases disconnect, customers that have malware-infected computers. 'Once an ISP has detected a compromised computer or malicious activity on its network, it should take action to address the problem. ISPs should therefore attempt to identify the end user whose computer has been compromised, and contact them to educate them about the problem,' the new code states. The code won't be mandatory, but it's expected the ISP industry will take it up if they are to work with the Australian Government in preventing the many botnets operating in Australia."

19 of 286 comments (clear)

  1. let's wait and see by Anonymous Coward · · Score: 5, Insightful

    if the Australian definition of 'malware' is 'bittorrent'

    1. Re:let's wait and see by the_raptor · · Score: 4, Insightful

      Telemarketers pay for access to the phone system. Spammers and botnet controllers hijack other peoples access.

      And what third world country do you live in to get "network busy" at any time except during a disaster? I am 26 and have never experienced it myself although I know it happens.

      --

      ========
      CINC, 4th Penguin Legion
    2. Re:let's wait and see by commodore64_love · · Score: 5, Insightful

      >>>freedom of speech means watching child porn.

      Nudity is not porn except in the minds of mentally ill persons. And yet oftentimes mere possession of a naked photograph, even it's of your own family or yourself, will land you in jail. Witness the American students who were charged with child porn because they used their phones to shoot themselves without clothes. Why is taking a photo of yourself illegal??? It's stupidity. It's anti-liberty. Worse - fear of nude bodies is a psychological disease, and I suspect Conroy is patient zero.

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
  2. Don't be a policeman by kregg · · Score: 5, Insightful

    ISPs should just provide internet access not police and monitor traffic.

    1. Re:Don't be a policeman by some_guy_88 · · Score: 5, Insightful

      The problem is the Australian government are already trying to censor our internet connections at the ISP level and whilst getting rid of bot nets sounds like a great idea, building any sort of traffic monitoring in now sounds dangeroulsy close to their existing plan to filter the net.

      Hell, this could even be their plan, bring in filtering to take down bot nets then slowly but surely start to block porn they don't like and pro-abortion web sites and before you know it any political site not to their liking

    2. Re:Don't be a policeman by calmofthestorm · · Score: 5, Insightful

      "The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all." - H L Mencken

      Of course this is dicey, as the current proposition is, in my opinion a good idea. But we all know that GP's right.

      --
      93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
    3. Re:Don't be a policeman by Runaway1956 · · Score: 3, Insightful

      I pretty much agree - but the ISP's already monitor traffic for a variety of reasons. Mostly bad reasons, but the monitoring is in place. It really isn't hard to determine that a machine's excessive traffic is due to viral infections. Shutting them down seems like a good idea. When the customer calls to complain, tech support has a kindergarten teacher on hand to explain how simple it is to upgrade to a safe unix-like operating system to avoid future infestations.

      Problem solved.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    4. Re:Don't be a policeman by mikael_j · · Score: 5, Insightful

      I've worked for ISPs here in Sweden and most serious ISPs here see it as standard practice to warn and then disconnect users who are running zombie machines, nothing strange or totalitarian about it, it's about protecting their network and their other customers from harm.

      /Mikael

      --
      Greylisting is to SMTP as NAT is to IPv4
    5. Re:Don't be a policeman by PeterBrett · · Score: 4, Insightful

      The idea is good because it would it that much harder to propagate botnets and even feasible, but the real problem is that almost all end users have no idea what malware is or how to stop it. Unless the enduser is supported in removing the malware, and in the case of rootkits this usually means reinstalling the OS, then it will only result in a huge number of complaints that the ISPs will not be able to cope with.

      Most end users have no idea how to replace the spin motor on their washing machine, either.

      I don't understand why people who are perfectly happy with getting knowledgeable technicians to work on almost all of their household equipment think that their PC is some sort of magical exception.

      --
      Pirate Party UK
    6. Re:Don't be a policeman by Peet42 · · Score: 3, Insightful

      "It's the next-best thing to requiring a license to use the 'net. "

      Instead, you'll need a license to run a peer-to-peer protocol.* Any traffic from an "unlicensed application" will be assumed to be malware and thus blocked. That way, only "authorised" applications from vendors who have paid for a license will work. How many of those will be things like "iTunes" and how many things like "BitTorrent"...?

      (*Just because I'm paranoid doesn't mean they aren't out to get us...)

    7. Re:Don't be a policeman by SlashWombat · · Score: 4, Insightful

      The Aussie Government has both good and bad ideas WRT the internet. On the good side, is genuine broadband via a new fibreoptic backbone at an estimated cost of 43e9 dollars. On the bad side is the excretable idea of mandatory filtering. (Which can easily be circumvented ... thus making those who do wish to view kiddie porn even more anonymous!)

      Having said all that, it is NOT the Aussie government advocating this action! Perhaps the errant public would be well served by their ISP informing them that their machine is infected. As it stands, I see machines that are "typhoid Mary's", So infected with trojan's, virus's and other malware that it is amazing they still work at all. The average user doesn't have a clue there is a problem beyond complaining that their machine is slow. (Which is often why they "upgrade" to a "faster" machine! Seems very fast until the new machine gets infected ... takes about a week!)

    8. Re:Don't be a policeman by Anonymous Coward · · Score: 3, Insightful

      RTFA - They said if the ISP Knows a customer is using a malware infected PC; Working for an Australian (Adelaide) ISP at one point, I can tell you - this is the easy part, We don't have to monitor ports or anything - just wait for somebody to send an email to postmaster/abuse/etc on our domain complaining about spam from specified IP in our range.

      Find the customers session - call them, tell them its malware, etc

      Protip: Adelaide ISPs pretty much do this already; having your subnet blocked from sending email to somewhere important (like hotmail or gmail - which are important becuase customers send lots of email there) means customers get pissy, pissy customers is a loss of business - killing 1 customers session and suspending their service is better from a business point of view than having 10,000 customers complain and possibly move ISPs...

    9. Re:Don't be a policeman by supernova_hq · · Score: 3, Insightful

      There is a HUGE difference between detecting copyright violations (for which no filter is in place) and detecting outgoing mass-mailing and DOS attacks.

      Any network admin worth the lunch they bring in every day can find a seriously malware infected machine in about 10 minutes.

    10. Re:Don't be a policeman by jimicus · · Score: 3, Insightful

      Well, quite. It doesn't help that Microsoft have conditioned people to ignore these warnings as being totally unimportant, and at the same time have worded them so badly that most people never even try to understand them, they just hammer away trying to find a way to do what they want without the warning coming up.

      I've actually met IT professionals who seem to think that doing this is the correct way to troubleshoot a problem. Shoot me now...

    11. Re:Don't be a policeman by IPFreely · · Score: 5, Insightful
      You missed the point. It's not punishment.

      It's quarantine. If a person gets sick with a contagious disease, it may not be their fault and you probably don't want to punish them. But for public safety, you do need to contain them until they are no longer dangerous to others.

      The same applies to sick computers. If it is spewing viruses and malware then stop it, whether the person who owns it was doing it intentionally or not. You can forward all traffic to a local ISP web sight that informs them of the problem and directs them to appropriate ISP approved scanning software or other solutions available within the quarantine zone. If the user does not trust the ISP, fine. They can go clean their machine themselves.

      Whether you trust the ISP/Government to have the right motive is a separate issue. But quarantine is an established procedure for humans, and it's not that different here.

      --
      There is nothing so silly as other peoples traditions, and nothing so sacred as our own.
  3. About time by Falconpro10k · · Score: 3, Insightful

    Want to put a stop to malware/botnets? This is it. If a simple email/phone call asking "are you using irc/running your own mail server?" gets a response of "I don't know what irc is!", shut them down until they can clean out their machines, hell, even give them help, such as redirecting them to an isp sponsored AV or something (and no, i'm not talking enforcing it like some schools do with clean access or other network admission control.) Doing this sensibly could very seriously take a bite of out a lot of the problems on the 'net today.

    1. Re:About time by supernova_hq · · Score: 4, Insightful

      tech support: Are you using irc/running your own mail server?
      alice: I don't know what irc is!

      3 hours later...

      bob: alice, what happened to our internet? I couldn't connect to our server from work today.
      alice: server?

  4. Verify and notify before you disconnect by erice · · Score: 4, Insightful

    My otherwise stellar ISP has a "shoot first, ask no questions security policy"

    It is frustrating to lose access to my home server while at work and not be able to do any troubleshooting because I need physical access to the machine.

    It is quite maddening to finally get home, verify that there is nothing wrong on my end, call up support and (eventually) find out that I've been deliberately disconnected because of a security problem that doesn't exist.

  5. Re:Microsoft's response by jimicus · · Score: 5, Insightful

    Oh come on.

    90% of security holes that have been exploited in the last few years are sitting on the chair in front of the computer. Even if Windows were to evaporate overnight and everyone using it were magically switched to a Mac or to Linux, inside a few weeks you'd see malware pop up which has Apple logos and Linux penguins and makes reassuring noises while insisting it really does need your password.