Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australian Cybercrime Enquiry Report Released

Posted by CmdrTaco on from the i-bet-they-hate-crocodile-dundee dept.

An anonymous reader writes "The Australian Government Standing Committee on Communications has released the results of a year long enquiry into cybercrime in a report titled Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime. This report includes a recommendation that Internet Service Provider customers should be forced to install anti-virus and firewall software on their computers as part of their contractual obligations. The Australian Communications and Media Authority receive further powers and responsibilities under the recommendations with respect to shutting down websites hosting malicious content and ensuring that infected consumer devices are disconnected from the Internet."

5 of 81 comments (clear)

  1. Just wait for insitutional stupidity ... by gstoddart · · Score: 3, Insightful

    I'm imagining some poor schmuck on the phone with an ISP trying to explain that the government mandated anti-virus software doesn't support their OS of choice (which the moron on the phone has never heard of) and being told that they can't have internet access because they don't have Windows.

    Don't act like it won't happen. Heck, most ISPs if you're trouble-shooting almost demand that you remove the firewall and plug the machine directly into the cable modem, and only have trouble-shooting instructions for Windows and can't comprehend that you might actually be qualified to say that, since nothing has changed on your end, their network must be currently broken.

    While I appreciate the intent of this, every time someone tries to legislate solutions to technical problems, they break more stuff.

    --
    Lost at C:>. Found at C.
  2. Anti-Virus and Firewall software.. UGH by mlts · · Score: 3, Interesting

    Firewall software? Maybe because it was because I am a UNIX guy and the kernel of these operating systems had control of the IP stack without needing third party programs. Or because a true firewall is a hardened hardware router that can withstand attacks not just coming from the outside in, but prevents items from coming from the inside out (such as E-mail from any box other than the designated mail servers.) A software firewall that is not built into the OS proper is pointless [1], as the OS should protect against incoming attacks, and if a malicious application is installed, the game is over anyway, so protecting against outbound stuff is pointless.

    As for anti-virus, maybe on Windows, but I have yet to see malware on a serious UNIX system unless it is a Trojan (and no A/V system can protect against that.) However, I just find it almost laughable when I have to install McAfee on a pSeries box with some script to show it is running for audit reasons.

    Instead, maybe the law should be worded as "proper security measures shall be taken to protect against malicious software and remote attacks." This way, an OS that has a decent IPS built in doesn't need to have third party stuff tacked onto it to make it compliant.

    [1]: An exception is the DroidWall app on rooted Android phones. It provides good security because a lot of apps ask for network communication privs which shouldn't have it, and a user otherwise wouldn't have control of what can and what can't communicate out.

    1. Re:Anti-Virus and Firewall software.. UGH by Mouldy · · Score: 3, Informative

      "proper security measures shall be taken to protect against malicious software and remote attacks."

      Define 'proper' in this context. Windows has come with built in firewall software for years, since XP SP2 IIRC. Is that 'proper' enough? What about the most up-to-date patched Windows 7 system? Where do you draw the line?

      UNIX firewalls might be the best in the world today, but tomorrow someone might discover a critical flaw that opens up every Linux box to all kinds of nasties. Similarly, saying "Install Norton/Mcaffee/whatever" is susceptible to a similar flaw. It might be the recommended A/V product, but tomorrow some hax0rs might find a vulnerability with it and every computer in Australia is vulnerable to it.

  3. Re:Advantage: Boxed software. by LambdaWolf · · Score: 3, Insightful

    ISPs would have to: require all subscribers to install anti-virus software and firewalls before the Internet connection is activated

    It seems to me like this is a strange requirement. I couldn't tell you the last time I actually went to a brick-and-mortar store and bought an antivirus product. And what about lesser-known or free antivirus solutions?

    Indeed. And how do they define the threshold of effectiveness and necessity of "anti-virus software"? Will the nine-year-old copy of Norton that originally came with the dusty old PC that I just plugged in suffice? And what do I need to put on this highly secure Linux distribution I just installed? If I write my own operating system from scratch, do I need to wait until someone releases an anti-virus product for it before I can legally connect it to the Internet? Can I write my own anti-virus software from scratch, and if so, how much does it actually have to, you know, do in order to be considered such? And who determines whether it even does it correctly? Is there going to be some kind of review board for this?

    Sometimes I think politicians aren't aware of how many questions they create.

    --
    "This algorithm runs in constant time. Come on, 2,147,483,648 is a constant..."
  4. Re:Advantage: Boxed software. by Reziac · · Score: 3, Insightful

    I'm wondering which antivirus vendors' lobbyists are pushing for this.

    Follow the money...

    --
    ~REZ~ #43301. Who'd fake being me anyway?