Slashdot Mirror
Australian Cybercrime Enquiry Report Released
An anonymous reader writes "The Australian Government Standing Committee on Communications has released the results of a year long enquiry into cybercrime in a report titled Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime. This report includes a recommendation that Internet Service Provider customers should be forced to install anti-virus and firewall software on their computers as part of their contractual obligations. The Australian Communications and Media Authority receive further powers and responsibilities under the recommendations with respect to shutting down websites hosting malicious content and ensuring that infected consumer devices are disconnected from the Internet."
Kind of like a public-health measure.
ISPs would have to: require all subscribers to install anti-virus software and firewalls before the Internet connection is activated
It seems to me like this is a strange requirement. I couldn't tell you the last time I actually went to a brick-and-mortar store and bought an antivirus product. And what about lesser-known or free antivirus solutions? Unless you're going to find someone with an internet connection and download them onto USB/an external drive, it seems like this requirement would negatively impact their marketshare (which, if they're lesser-known, would admittedly be small).
and ensuring that infected consumer devices are disconnected from the Internet.
Sounds like there are some reasonable suggestions in there.
Considering that ad banners can be infected with java viruses, does that mean that any website with ads should be, by this law, taken offline? Pretty soon the computer users will have the legal obligation to stop using the internet entirely...
It's time to reclassify Linux as an antivirus product. Experience to date suggests that it is much more effective than single-purpose antivirus products - and it does so much more, for free!
I'm imagining some poor schmuck on the phone with an ISP trying to explain that the government mandated anti-virus software doesn't support their OS of choice (which the moron on the phone has never heard of) and being told that they can't have internet access because they don't have Windows.
Don't act like it won't happen. Heck, most ISPs if you're trouble-shooting almost demand that you remove the firewall and plug the machine directly into the cable modem, and only have trouble-shooting instructions for Windows and can't comprehend that you might actually be qualified to say that, since nothing has changed on your end, their network must be currently broken.
While I appreciate the intent of this, every time someone tries to legislate solutions to technical problems, they break more stuff.
Lost at C:>. Found at C.
The problem is not the idea of everyone having anti-virus, it's that you want the ISPs to distribute and enforce it.
I don't know about you, but I would never install any software given to me by an ISP. In Canada, Rogers actually have a history of opening more security holes than they close with their Firewall/AV software. To the point that some large corporations IT departments won't let you VPN in from home if you have the software installed.
In my experience ISP software is typically one of the worst forms of insecure bloatware you can put on a computer.
That Conroy et al are not so much interested in controlling what we do as much as they are shills for internet security software.
Actually remembering the last time I was involved with a government technology program and who was involved that wouldn't surprise me in the least.
Firewall software? Maybe because it was because I am a UNIX guy and the kernel of these operating systems had control of the IP stack without needing third party programs. Or because a true firewall is a hardened hardware router that can withstand attacks not just coming from the outside in, but prevents items from coming from the inside out (such as E-mail from any box other than the designated mail servers.) A software firewall that is not built into the OS proper is pointless [1], as the OS should protect against incoming attacks, and if a malicious application is installed, the game is over anyway, so protecting against outbound stuff is pointless.
As for anti-virus, maybe on Windows, but I have yet to see malware on a serious UNIX system unless it is a Trojan (and no A/V system can protect against that.) However, I just find it almost laughable when I have to install McAfee on a pSeries box with some script to show it is running for audit reasons.
Instead, maybe the law should be worded as "proper security measures shall be taken to protect against malicious software and remote attacks." This way, an OS that has a decent IPS built in doesn't need to have third party stuff tacked onto it to make it compliant.
[1]: An exception is the DroidWall app on rooted Android phones. It provides good security because a lot of apps ask for network communication privs which shouldn't have it, and a user otherwise wouldn't have control of what can and what can't communicate out.
I say Australia should have the ISPs refuse service to anybody running a windows box. This would remove at least 70% of the malware and would improve customer satisfaction!
Would you hug a bear?
So we have a "Office of Online Security be established within the Department of Prime Minster and Cabinet" :)
Then we see a cut to "The Online Child Sexual Exploitation Team", a unit of the Australian Federal Police of $2.8 million.
http://www.smh.com.au/opinion/politics/fight-to-filter-out-evil-leaves-bad-guys-to-do-their-worst-20100514-v4cq.html
We also have some fun news via http://www.zdnet.com.au/inside-australia-s-data-retention-proposal-339303862.htm
Beyond the "want the source and the destination IP addresses for internet sessions" they are dreaming of linking
""They want allied personal information with that account, including, [the department] said, passport numbers.""
with "automate the process of requesting and obtaining access to telecommunications data."
One day your ip could be linked to your isp and photo id while you surf on a filtered internet with Windows anti-virus and firewall software running.
Some great projects and funding for someone
Domestic spying is now "Benign Information Gathering"