Should ISPs Cut Off Bot-infected Users?

richi writes "There's no doubt that botnets are a major threat to the safety and stability of the internet — not to mention the cleanliness of your inbox. After years of failure to act, could we finally be seeing ISPs waking up to their responsibilities? While ISPs can't prevent users getting infected with bots, they are in a superb position to detect the signs of infection. Contractually, the ISP would be reasonably justified in cutting off a user from the internet, as bot infection would be contrary to the terms of the ISP's acceptable-use policy."

Re:Lets ask in different context

[Yalius]

Because you've apparently never been blacklisted because one of your members sent comcast.net 250,000 spam emails in a 24-hour period. Because you've never had your SMTP server so overloaded with botnetted messages that delays of up to an hour were occurring for legit traffic. Because you've never had to block port 25 for out-of-area SMTP traffic because of complaints from other local partner ISPs. Yes, we disable access for identified botnet members and spammers. The infections of a handful of our members' PCs aren't going to ruin the experience for our other 6500 members.

They could do it nicely

[formfeed]

They could just redirect them to a portal, where they get informed that their computer is sending out viruses.

The portal would offer a free virus scanner and the option to have several ports closed by the ISP (checked by default)
- ports that could later be reopened by going to the "experts"-page ;)

If the user insists, they of course can go on and use the internet anyway. But only after clicking "ok" to a sentence declaring that they are now informed and
"solely liable to any damage they might do to the internet"

NAP/NAC

[Keruo]

ISPs should hand out routers which utilize Network Access Protection by default.
The router should verify if the endpoint is clear for internet access, and if it's not, it should limit user access to antivirus vendors, known OS upgrade services etc and requesting user to follow this link to repair their computer(or have it cleaned by someone skilled enough).
There are (or should be!) multi-platform NAP/NAC solutions to do this.

Of course, users should have opt-out option, which allows them to disable the NAP, and take responsibility of maintaining their systems themselves without "middle-maintenance".
Opted out systems would receive direct disconnect until user verifies by phone to the operator that their misbehaving system has been fixed. (for example, spam zombie)

No way

[quatin]

This has happened to me once. I got a virus and a couple hours later, my internet was off. I called the service desk and I was told that my computer was infected and get this, I need to download a patch to fix it. "How do I download a patch when my internet is off, I asked." "Bring your computer to the service center when we open on Monday." I instantly canceled my service. I was a college student at that time. Some tasks required the internet. In fact the only way to turn in my physics homework was to upload it to the server by 2am on Tuesdays and Thursdays. I don't need to be worrying about my internet shutting off at random times and having to make a midnight dash to campus to use the library computer.

I try to keep my computer clean. I run firewalls and I have virus scanners, but if you haven't been infected with a virus before then you haven't been on the internet long enough. Sooner or later you'll get infected and god forbid if you rely on the internet. IE VoIP or server hosting. Why do I get punished for what other people do? Should car manufacturers be able to remotely turn off your car when your car starts to leak oil or freon?

Re:No way

[rickb928]

"How do I download a patch when my internet is off, I asked." "Bring your computer to the service center when we open on Monday."

I did a stint at a college help desk. We would have patched your system fully, re-scanned it for anything else, and offered to defrag it if you had the time. And of course offered to install the college-provided office suite if you had time, or just drop the URL on your desktop for you to at your pleasure.

And we would have done it for FREE. Well, your parents did pay an obscene tuition, but with that comes the assumption that they don't want you wasting time with mundane tasks such as cleaning up your machine, and of course the interruption of being infested by your roomie's machine either. Boy, the first couple of weeks starting the Fall term were days and nights of cleaning up incoming machines that had spent the summer on facebook and pr0n.

Quit yer whinin. They probably put in the 80-hour weeks I did getting the incoming crew settled down, and can use a weekend off. Were they gonna charge you? I bet not.

Kids.

Oh, BTW, this was at a very prestigious Northeastern lberal arts and science college. Obscene barely describes the tuition, but the kids coming in were impressive; polite, patient, quick to understand what was going on. It renewed my faith in America, compared to your average state college rabble. Unfortunately, they will be indoctrinated in the most unfortunate theories and balderdash, but many of them overcome that and go on to be productive and valuable members of society. The rest become politicians.

Re:Yes

[c0lo]

But how long until they are taking cars off the road simply because they are driven by the wrong kind of person, or at the wrong speed! This can't be allowed!

It's already happening.

Re:Yes would be the answer

[omglolbah]

Telenor in Norway does this already in a limited way.

If they detect large amounts of email originating from your network they will block the sending of email. (by blocking outgoing connections to the standard mailserver ports).

From what I've read of their limited releases of information on the programme it works quite well. They of course contact you letting you know that you have this problem. Usually through email but if you do not reply they call you ;)

My brother got infected by a worm a while back and my father was not pleased :p Suddenly he couldnt send email... whops? :p
(Oh, and they allow you to email to 'internal' addresses though to allow you to contact them to resolve the issue..)