Australian ISPs Asked To Cut Off Malware-Infected PCs

bennyboy64 writes "Australia's Internet Industry Association has put forward a new code of conduct that suggests ISPs contact, and in some cases disconnect, customers that have malware-infected computers. 'Once an ISP has detected a compromised computer or malicious activity on its network, it should take action to address the problem. ISPs should therefore attempt to identify the end user whose computer has been compromised, and contact them to educate them about the problem,' the new code states. The code won't be mandatory, but it's expected the ISP industry will take it up if they are to work with the Australian Government in preventing the many botnets operating in Australia."

let's wait and see

if the Australian definition of 'malware' is 'bittorrent'

Re:let's wait and see

[Dorsai65]

True, except for one tiny little detail: all the crap the infected/zombie machines spew out wastes bandwidth on the net and slows things down for the rest of us -- as well as trying to infect other machines. Not to mention the spam, DDoS-ing, and other jackassery going on.

Re:let's wait and see

that would make them a bunch of assholes now wouldn't it?

Nope, it would make us a bunch of arseholes

Re:let's wait and see

[commodore64_love]

>>>freedom of speech means watching child porn.

Nudity is not porn except in the minds of mentally ill persons. And yet oftentimes mere possession of a naked photograph, even it's of your own family or yourself, will land you in jail. Witness the American students who were charged with child porn because they used their phones to shoot themselves without clothes. Why is taking a photo of yourself illegal??? It's stupidity. It's anti-liberty. Worse - fear of nude bodies is a psychological disease, and I suspect Conroy is patient zero.

Don't be a policeman

[kregg]

ISPs should just provide internet access not police and monitor traffic.

Re:Don't be a policeman

[DavidD_CA]

Since infected computers often lead to DDOS and spam botnets, I think this is a good idea.

Up for debate is the method they use to detect a rogue machine, but if they can perfect that then I'm all for this.

Clueless users probably go for months without realizing they're sending out hundreds of emails a day, or helping to bring down some remote server.

It's the next-best thing to requiring a license to use the 'net. ;)

Re:Don't be a policeman

[some_guy_88]

The problem is the Australian government are already trying to censor our internet connections at the ISP level and whilst getting rid of bot nets sounds like a great idea, building any sort of traffic monitoring in now sounds dangeroulsy close to their existing plan to filter the net.

Hell, this could even be their plan, bring in filtering to take down bot nets then slowly but surely start to block porn they don't like and pro-abortion web sites and before you know it any political site not to their liking

Re:Don't be a policeman

[calmofthestorm]

"The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all." - H L Mencken

Of course this is dicey, as the current proposition is, in my opinion a good idea. But we all know that GP's right.

Re:Don't be a policeman

[mikael_j]

I've worked for ISPs here in Sweden and most serious ISPs here see it as standard practice to warn and then disconnect users who are running zombie machines, nothing strange or totalitarian about it, it's about protecting their network and their other customers from harm.

/Mikael

Re:Don't be a policeman

[IPFreely]

You missed the point. It's not punishment.

It's quarantine. If a person gets sick with a contagious disease, it may not be their fault and you probably don't want to punish them. But for public safety, you do need to contain them until they are no longer dangerous to others.

The same applies to sick computers. If it is spewing viruses and malware then stop it, whether the person who owns it was doing it intentionally or not. You can forward all traffic to a local ISP web sight that informs them of the problem and directs them to appropriate ISP approved scanning software or other solutions available within the quarantine zone. If the user does not trust the ISP, fine. They can go clean their machine themselves.

Whether you trust the ISP/Government to have the right motive is a separate issue. But quarantine is an established procedure for humans, and it's not that different here.

Please don't

[rrrhys]

Don't make me choose between the internet and bonzibuddy.

Reminds me

[Shadikka]

A couple of years ago, a major ISP in Finland had a somewhat similar system. They wouldn't allow infected computers to take any other network access than HTTP and they redirected all HTTP traffic to a page saying "you're infected" and providing short instructions on how to fix it. It seems that they're not doing it anymore, but I don't know the reason.

Re:Reminds me

[dnaumov]

A couple of years ago, a major ISP in Finland had a somewhat similar system. They wouldn't allow infected computers to take any other network access than HTTP and they redirected all HTTP traffic to a page saying "you're infected" and providing short instructions on how to fix it. It seems that they're not doing it anymore, but I don't know the reason.

The largest ISP in Finland, Elisa is still doing it and the system is actually working very well. I haven't seen a single false positive yet (yes I work in their helpdesk).

My ISP (EXETEL) already does this..

[the_raptor]

My (Australian) ISP has been doing this at least for spam relays for a few years now. If they detect you are being used to spam they cut all your traffic and redirect port 80 to a page telling you what has happened and giving you links to AV tools and an automated traffic checker that will unblock you once you have dealt with the malware. Two of the guys I live with got infected and so I have personal experience dealing with the system. To me it seems like a perfectly sensible and responsible reaction to a serious problem. IMO any ISP not doing this is an irresponsible netizen.

To me it is like your CC company notifying you of suspicious charges or the phone company asking why your mobile is suddenly making hundreds of calls from Azerbaijan. It not only stops the current problem but if people are actually notified that they have a problem they are far more likely to take steps to protect themselves in the future.

Microsoft's response

[AnalPerfume]

EVERY country needs to be doing this, and not making it voluntary either. Any problem on the internet affects everyone connected to it. Cutting off PCs in one country has limited effect in isolation. Considering botnets are an exclusive Windows problem, Microsoft should be forced to pay for the scheme too. It's their mess after all.

I'm curious about how MS will respond to this if it comes into being. On one hand they'll lose a large number of users, after all, does anyone outside the MS camp really believe that it's not gonna be 100% infected Windows PC's that will be affected? What will MS do?

Will they offer discounted or free vouchers for repairs, upgrades etc? How many of these machines will be unlicensed? Will they pay to fix unlicensed copies of Windows if the owners either have no money to spend on a sticker with a number on it? In the current economic climate you can't blame them. Is a subsidy to clean the PC worth the ISP's time and hassle knowing it'll be infected again by the end of the week at the latest, and they'll have to repeat the same warning and threat of disconnection all over again. Will they provide paid anti-malware software? Who pays for all of this? Will they provide training for Windows users to at least give them a chance of having a few months online without a letter?

This would reflect badly on MS in any free press, even having to be the only ones to offer fixes is embarrassing enough. Given that MS control the mainstream media it'll go unnoticed as far as PR is concerned, but it's yet one more thing eating into their profits at a time where they're struggling.

The alternative is to lose a large number either to Linux, or off the internet altogether. Anyone who's had the internet for a while knows what it's like when it goes down for a few hours, will those people really decide the internet is not worth it?

I'm guessing the great philanthropists and all round nice people at MS are busy lobbying at every level to stop this from happening or at least water it down (notice the ISPs are being "asked" not "told"). They need to keep market share by any means necessary, ideally without spending a cent on it. The rest of the world can suffer as long as MS's interests are not hurt.

Given that Windows has all the security of a paper tank in a thunderstorm this will be hilarious to see the workload the scheme entails, and over time the number of Windows PCs in Australia still connected because they're NOT infected. They will drop like flies. Give it a few years and it'll be a Windows free zone.

Re:Microsoft's response

[jimicus]

Oh come on.

90% of security holes that have been exploited in the last few years are sitting on the chair in front of the computer. Even if Windows were to evaporate overnight and everyone using it were magically switched to a Mac or to Linux, inside a few weeks you'd see malware pop up which has Apple logos and Linux penguins and makes reassuring noises while insisting it really does need your password.