Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aussie Gov't Decides ISPs Aren't Responsible For Infected Computers

Posted by Soulskill on from the how-magnanimous-of-you dept.

c0lo writes "In a sudden outburst of common sense, the Australian senate decided that it is not the government's responsibility to force ISPs to disconnect infected computers from the Internet. Peter Coroneos, chief of the Internet Industry Association, used a car analogy that actually makes sense: 'It would be like forcing car manufacturers to take responsibility for bad drivers.'"

98 of 129 comments (clear)

  1. Not that great of a car analogy... by grimdawg · · Score: 4, Informative

    It would be more like the government requiring car manufacturers to do something about car theft, since an 'infected computer' is essentially out of the user's control. And yes, the Australian government DOES require all cars to have an immobiliser.

    --
    There are 10 kinds of people in this world: those who understand binary, and nine other kinds of people.
    1. Re:Not that great of a car analogy... by Gaygirlie · · Score: 3, Insightful

      It would be more like the government requiring car manufacturers to do something about car theft, since an 'infected computer' is essentially out of the user's control.

      No, it's not. It's out of control only when the user doesn't know about the virus, but once they know about it they have multiple ways of fixing the situation and then they are indeed fully in control. In a car theft being aware of your car being stolen doesn't change the situation, you're still not in control of it.

      IMHO the original car analogy is close enough. Of course there's holes in it, but that's why it's an analogy. Its only purpose is to lay out the situation to laymen in a really basic way so that they mostly understand it. There is no such thing as a perfect analogy.

    2. Re:Not that great of a car analogy... by oliverthered · · Score: 1

      it's more like failing a driving test and the government allowing people to use roads if they are bad drivers.

      you can use a car off road if you like.

      cars are more like computers in the case, and the internet the road.
      The government is responsible for licensing people to drive cars on the road.

      --
      thank God the internet isn't a human right.
    3. Re:Not that great of a car analogy... by Merls+the+Sneaky · · Score: 3, Informative

      And yes, the Australian government DOES require all cars to have an immobiliser.

      My 1982 VH Holden commodore would beg to differ. Maybe you meant all new cars?

    4. Re:Not that great of a car analogy... by grimdawg · · Score: 1

      My bad, it might be the WA govt. Requires it to be fitted if you sell the car too IIRC.

      --
      There are 10 kinds of people in this world: those who understand binary, and nine other kinds of people.
    5. Re:Not that great of a car analogy... by ediron2 · · Score: 1

      While we're at it, can we ban all mouthbreathers from consuming oxygen until they've gone through a rigorous training exercise for how to properly consume air?

      ("hmm, about 90 minutes should be sufficient ... .wait, no, no! I've got a headcold!")

      Snark aside, "walking is a right" and yet where I live there are *months* where sidewalks on major streets are piled with icy road-plowing debris until nobody can reasonably walk them. This drops my enthusiasm for treating driving licenses and hypotheticals like yours as privileges.

    6. Re:Not that great of a car analogy... by HungryHobo · · Score: 2, Insightful

      The government however is *not* responsible for licensing people to communicate with each other over the internet.
      And it should not be.

      the day you need a liscence to have the privaliage of talking to other people is the day that free speach is well and truely dead and burried.

    7. Re:Not that great of a car analogy... by AbRASiON · · Score: 1

      I could mod you down but then you wouldn't know why!
      Immobiliser for all cars? What on /earth/ are you talking about? No, just no.

    8. Re:Not that great of a car analogy... by rwa2 · · Score: 1

      Um, it would probably be more like how everyone wants everyone else to use public transit.

      How many people actually produce vs. consume on the internet anyway? Most people are just passengers.

    9. Re:Not that great of a car analogy... by HungryHobo · · Score: 1

      What are you talking about?

      Pretty much everyone produces emails, facebook updates and innane comments.
      And anyone using the net produces packets as a matter of course.

    10. Re:Not that great of a car analogy... by sinrakin · · Score: 1

      'It would be like forcing car manufacturers to take responsibility for bad drivers.'" The government used to require car makers to include dashboard lights to tell drivers when to shift their manual transmission in order to get better mileage.Indirectly, in that other methods could have been used to, but they required car makers to help drivers get better mileage with some technique.

    11. Re:Not that great of a car analogy... by anomaly256 · · Score: 1

      And yes, the Australian government DOES require all cars to have an immobiliser.

      It does? Since when? Can you cite a reference? Being an AU resident who owns a new car and has been head-to-toe over every inch including playing with it's various CANBus devices on both networks and tweaked a few firmwares here and there, I have to say I haven't seen hide nor hair of an immobilizer yet. There was a jack for an OnStar unit, but it was never installed from the factory as this service isn't really used here...

    12. Re:Not that great of a car analogy... by mjwx · · Score: 1

      It would be more like the government requiring car manufacturers to do something about car theft, since an 'infected computer' is essentially out of the user's control.

      Ultimately the government made this decision not only because it was the only real right decision as you've pointed out but it's the only real practical decision. How can an ISP tell the difference between a botnet and home email server without doing some kind of snooping that they are currently very reluctant to do.

      Better off the block port 25 until the user requests it to be opened (this can easily be done via the web control site that all ISP's have to give each customer to monitor download limits, I believe iinet already does it).

      And yes, the Australian government DOES require all cars to have an immobiliser.

      That would be more like the AU govt mandating that Anti-virus be pre-installed on every Computer sold in Australia. Not only would the Mac Fanboys have a kitten but it's nowhere near as useful as it sounds (nor particularly enforceable). Unlike immobilisers it wont deter the bad guys one iota as it doesn't cut off their attack vector.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    13. Re:Not that great of a car analogy... by rwa2 · · Score: 1

      Hey, most passengers have destinations too. And law enforcement can give the drivers citations for any passengers not wearing their safety belts.

      All I'm really trying to do is help take this not-that-great-of-a-car-analogy as far as it can go before it sputters out in a cloud of hydrocarbons :P

    14. Re:Not that great of a car analogy... by Haeleth · · Score: 1

      IMHO the original car analogy is close enough.

      No, it's total rubbish. The car manufacturer does not have any way of knowing whether the person who owns the car is a good driver or not; there is no way they could take responsibility for it even if they wanted to. ISPs, on the other hand, do have complete visibility of all traffic to and from their customers' computers, and could easily identify certain types of infection if they had the necessary permission to inspect that traffic.

    15. Re:Not that great of a car analogy... by Anonymous Coward · · Score: 1, Insightful

      Bartkid sez,
      I have always taken the view that the manufacturers of computers, because they do not sell pre-installed firewall and anti-virus software are just like a car manufacturer selling vehicles without brakes.
      So, when my dad who knows nothing about this stuff, bought his computer, it was immediately infected.
      So, when the computer became very useless, he took it back to the shop. Only then did he get sold the software to protect him. Thanks; sheesh.

      A commenter further down draws an analogy to medical quarantine. I agree with this.
      If a member of the population is infected with a nasty communicable illness, they need to be removed from the general population until healthy again.

      I would think more ISPs would be more proactive in removing infectous zombified machines, if for nothing else but self-interest. Analogy #3 here: It is just like a baseball stadium security staff removing a beligerent drunk from other paying customers' seating so they may enjoy the game in peace.

    16. Re:Not that great of a car analogy... by Rasperin · · Score: 1

      HAHAHHAHAHHA you think that immobilizer is for theft? Come now are you really that dense?

      --
      WTF Slashdot, why do I have to login 50 times to post?
    17. Re:Not that great of a car analogy... by SleazyRidr · · Score: 1

      It only needs an immobilizer if it's less than 30 years old. I know this because I recently bought an HZ with no immobilizer.

      --
      Is 1563649 a prime number?
    18. Re:Not that great of a car analogy... by Coren22 · · Score: 1

      It is to make the keys expensive? I know when my father went to replace his keys, they wanted $50 for the key and $50 for the remote.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    19. Re:Not that great of a car analogy... by diverman · · Score: 1

      I think the original analogy is very poor, personally. It implies that the responsibility shouldn't lay with the ISPs by comparing them with manufacturers of vehicles. ISPs are much more like the people who manage and regulate the roads and toll booths. Unlike card manufacturers with bad drivers, ISPs actually in an ideal position to effectively address the problems of infected computers. In addition, they provide the resources (which belong to the ISPs) that an infected computer requires in order to be a threat to the Internet at large (and thus other computers). It is the ISPs networks that they sell. And most ISPs actually have in their contracts with their customers (at least in the US) that their networks may not be used for crime, abuse, etc. So, the ISPs likely have legal standing already to enforce the issue.

      Although, turning those users "off" without warning and giving alternatives is a bit extreme. It would be nicer (as I've seen with some ISPs in the US) if the user were notified that suspicious malware-related communication is coming from their Internet connection. And if not resolved after a notification or two, disable access until the problem is resolved. Again... it's the ISPs' networks that are also responsible for the problem... not just some end user's computer.

    20. Re:Not that great of a car analogy... by oliverthered · · Score: 1

      but they could require people to have their computers checked for viruses if they are causing a problem.

      like an MOT test on a car.

      alternatively you could sit a test and DIY.

      or the OS could be certified.

      --
      thank God the internet isn't a human right.
    21. Re:Not that great of a car analogy... by oliverthered · · Score: 1

      phone equipment (at least in the UK) has to be licensed.

      so the government already does it.

      --
      thank God the internet isn't a human right.
  2. Backing off inappropriately by mysidia · · Score: 5, Insightful

    'It would be like forcing car manufacturers to take responsibility for bad drivers.'"

    No. it would be like making the DMV take responsibility for bad drivers on the highway, because the DMV issues the papers required for drivers to use the road.

    The thing comparable "forcing car manufacturers to take responsibility", would be trying to force Dell, HP to take responsibility.

    It should probably be noted that car manufacturers can be responsible for drivers going around in defective cars that have a high tendency to malfunction causing an accident unless the driver is an expert professional driver.

    So it could make sense to hold Microsoft responsible for an OS with a horrible security record

    1. Re:Backing off inappropriately by Sir_Sri · · Score: 1, Interesting

      then you would have to let them bundle in an AV product and let all of the 3rd party security vendor's go out of business. One could even argue windows is not so much inherently defective, after all, they have a security alert telling you to have an AV, firewall and account control, and if you don't patch, well, the car company doesn't drive to your house to do repairs, you have to take the vehicle in for service when you get a note, MS sends you a note about a free patch, it's up to you to install it. Your car (to continue to analogy) might not come with winter tyres (or even tyres at all), but they sure expect you to have them when you operate the vehicle, and operating the vehicle without tyres well, sorta works, but it's not really a defect that the car doesn't work properly without them.

      I think the broader issue is what to do about security and the generally bad behaviour of computers on a network. Like it or not the ISP's have become the connection between users and anything they can do harm to, so it may be that it falls to them, to in some way compel users to fix their stuff, and provide services to do so. It's that or we need licence repair shops where you can get your computer a 'repair' (security check, something along those lines) with a certificate saying it was safe as of this time. Which seems like a monumentally unnecessary challenge when your ISP probably knows if you have a virus, and can usually walk you through fixing it.

    2. Re:Backing off inappropriately by sjames · · Score: 1

      More correctly, it would be more like forcing toll road operators to take responsibility for preventing the use of a car in a crime.

    3. Re:Backing off inappropriately by Gaygirlie · · Score: 2, Funny

      So it could make sense to hold Microsoft responsible for an OS with a horrible security record

      I don't know whether to agree or disagree with you o_O Yeah, this is off-topic, but one day I decided to install Live Messenger. Installation went fine, then I logged in.. and POOF, almost instantly I got "Security Tool" ( http://www.2-spyware.com/remove-security-tool.html ) on my PC. Needless to say Messenger didn't live long on my PC.

      The thing is, if it was a Microsoft-made car even a small thing like adding a speaker could render the car a danger both to its operator and anyone else on the road. Sure, you could tune it up and pimp it like crazy, but sooner or later it'd go on a rampage while you're sleeping..

    4. Re:Backing off inappropriately by wisty · · Score: 4, Insightful

      More correctly, it would be more like forcing toll road operators to take responsibility for preventing the use of a car in a crime.

      No, it's like forcing hookers to refuse service to customers with visible signs of infection.

      Sorry, but the car analogies were getting on my nerves.

    5. Re:Backing off inappropriately by jimicus · · Score: 2, Informative

      I would compare it to forcing garages to take unroadworthy cars off the road - regardless of who is at fault, the car is a hazard to other road users.

      Many parts of the world already have something like this - the UK has the MOT test, for instance. Annual test for vehicles over 3 years old, if your car fails you can't drive it. (Fairly meaningless test because it just proves your car was OK when it was in the garage. If something then falls off 100 yards down the road, that's the driver's problem.)

    6. Re:Backing off inappropriately by lilo_booter · · Score: 2, Funny

      Yeah, people who spout out car analogies are like bad drivers with broken wing mirrors.

    7. Re:Backing off inappropriately by dakameleon · · Score: 2, Informative

      That's just it - the MOT test is enforced by the Ministry of Transport. If the analogy applied, it would be like requiring you to take your 3 year old computer into a Ministry of Communications approved Geek Squad office for approval to connect to the internet. Fortunately we don't have to pay for an internet licence/registration yet, but now that the idea has come into my head it's only a matter of time...

      --
      Man who leaps off cliff jumps to conclusion.
    8. Re:Backing off inappropriately by AlecC · · Score: 1

      I agree in part. The problem is not casting blame ("How did we get into this mess?") but finding a cure ("How do we get out of this mess?"). We want the most efficient way to eliminate viruses, both for end-users good and for the good of the net as a whole. Getting ISPs to cut off users is likely to produce a large amount of argument and start the process of disinfecting the users machine with a seriously negative attitude, which will be very counterproductive when dealing with someone who is, by definition, technically unskilled and probably somewhat frightened.

      We need to convey to end users that antivirus protection is (a) their problem and (b) easy. And if they get infected, we need them to approach fixing the problem in a co-operative state of mind and treat the ISP (if that is who is helping the disinfection) as a knowledgeable friend not a an enemy who has just attacked you (via the cutoff).

      I don't think anything sent over the Net will work, because whatever you do will be copied and subverted by the bad guys. People will recoil because it is expensive and old-fashioned, but I think that the only way to get through to people will be a notification via snail-mail that they are infected and they need to take action. Perhaps, rather than cutting them off, you could increase their rate and use the money to defray the cost of snail mail and to discount antivirus products (just a spur of the moment idea).

      --
      Consciousness is an illusion caused by an excess of self consciousness.
    9. Re:Backing off inappropriately by david_thornley · · Score: 1

      One difference is that my car is portable. I could take my laptop into an office, theoretically, but the desktops would be a pain, and would interrupt connectivity. Further, cars tend to work the same, but computers can have seriously different operating systems. Would they be competent to examine my dual-boot Ubuntu/W7 laptop?

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    10. Re:Backing off inappropriately by dakameleon · · Score: 1

      Oh, I don't argue that it would be a good idea to implement something along those lines. For one, a faulty/infected computer doesn't kill people, whereas a faulty car certainly could. Analogies break down when you go into details.

      If it were to happen though, I can't imagine the inspection shops would be staffed by anyone other than computer techs who can demonstrate their competence and be able to understand quirky setups such as yours. I don't know about elsewhere, but in Australia, the mechanic doing the equivalent of the MoT must be certified and registered with the local motor registry.

      --
      Man who leaps off cliff jumps to conclusion.
    11. Re:Backing off inappropriately by garwain · · Score: 1

      hrm, Dell and HP are the manufactureres, wouldn't that make the ISPs the gas stations? They provide the go-juice for the computer to travel the information superhighway... Why would a gas station be responsable for bad drivers? Hell my 10 year old often goes to the gas station to get a can of fuel for the lawn mower! Should he not be allowed to buy gas, because he's too young to drive, doesn't have any training yet, and doesn't have the paperwork to drive on public roads?

    12. Re:Backing off inappropriately by Coren22 · · Score: 1

      So it could make sense to hold Microsoft responsible for an OS with a horrible security record

      And Linux, and Mac. They are all just as insecure with a bad user behind the keyboard. Windows has these problems because it is popular, when it is Mac, or Linux that is popular, it will shift.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    13. Re:Backing off inappropriately by mysidia · · Score: 1

      Linux and Mac are different, their authors could claim them more secure due to administrative controls being more tightly locked down by default, and fewer privileged system services running by default, that can be accessed by untrusted applications, smaller attack surface.

      Microsoft could claim Windows is 'more secure' because there are more users, therefore more vulnerabilities discovered.

      Linux distro makers could claim Linux is more secure, because it is open source, and more people are looking at the source code, to report unpatched vulnerabilities to provide patches long before they can be exploited

      User interfaces that make it easier for admins to recognize the risk when a program requests privilege elevation.

      And Linux, and Mac. They are all just as insecure with a bad user behind the keyboard.

      That is an outlandish claim you have given with no evidence. You can fairly say a bad user behind a keyboard is a risk, but not that architecturally completely different OSes are exactly equal in measure of security with a bad user behind the keyboard.

      What you are suggesting is equivalent to saying "OS Security doesn't matter"; and "No matter what architecture and security features an OS has, it is equally as insecure as Windows."

      That is not the simplest explanation of the situation, and there is a snowball's chance in hell of that being true, so I don't buy your baseless argument of security equivalence.

      Instead, for some reason it seems you are sympathetic or otherwise cognitively biased towards Windows.

      Where I have shown evidence of Windows inferior security, you have shown none to back up your proposed view of the situation.

      Windows has these problems because it is popular, when it is Mac, or Linux that is popular, it will shift.

      I am waiting for the evidence from you that the sole reason Windows has these problems is popularity.

      You have at least admitted as much that a large number of Windows installations have system compromises, unpatched remote exploitable vulnerabilities, and other security issues.

      What you have not shown is any indication that these are caused solely by popularity, other than your mere speculation.

    14. Re:Backing off inappropriately by Coren22 · · Score: 1

      Evidence? In order to install a program in Linux, Mac, and with Windows Vista and above, you need privilege escalation. In all of these OSes, the privilege escalation window is generally the same.

      In Mac, it says this program requires privilege escalation to do "something" please enter your password

      In Windows Vista and above, it says this "program" is trying to do something, please click yes or no

      In Linux (Ubuntu in this case, as it is the only one I have seen which actually offers a prompt) it says, please authorize this program that is trying to do something. In other Linux, you sudo a command and run it.

      In none of these cases do you actually get a comprehensive list of actions that are happening after the prompt, or before the prompt. So a bad user behind the keyboard is no safer with any of these OSes, as they will just ok the option and move on. There have been a few cases of viruses passed in software for Macs within the last year. People have compromised patches to software that made it into Linux repos for different distros, so saying that they are inhearently more secure for the various reasons you mention, is just hot air on the part of these people. I understand what they are saying, but it makes it no more secure as there have been cases in them all where it all broke down.

      If you want to find out more about these cases, here are some google links:

      http://www.google.com/search?aq=f&sourceid=chrome&ie=UTF-8&q=Mac+trojan

      http://www.google.com/search?aq=f&sourceid=chrome&ie=UTF-8&q=Mac+trojan#sclient=psy&hl=en&q=Linus+repository+compromised&aq=f&aqi=&aql=&oq=&gs_rfai=&pbx=1&fp=8ac6b4cea9b27ecb

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    15. Re:Backing off inappropriately by Coren22 · · Score: 1

      To address the rest of your post which I didn't actually read till just now. It is common industry knowledge that Windows is the largest attack vector merely because it is the most common OS out there. You can feel free to Google it and come up with the studies. As far as the compromised machines, that is mostly due to people refusing to upgrade from XP and earlier OSes, as the problems that caused the exploits are no longer present on newer OS releases, much as if you still had a Linux install from 2002 that you never updated the Kernel or Distro version number on, and just ran the patches, the system would be completely compromised by now. This mostly happened due to the smear campaign against Vista, and the boondoggle of the Vista system requirements. Many people decided not to upgrade to Vista, even though it had proven security improvements over XP, but it was just so much better to stick with a 6 year old computer/OS combo.

      As far as Linux/Mac being the predominant OS comment, if this ever comes to happen, you will have the same clueless people who can never seem to cleanup their PCs on those OSes, how would anything genuinely change?

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  3. To extend the metaphor... by brit74 · · Score: 1

    "It would be like forcing car manufacturers to take responsibility for bad drivers," IIA chief Peter Coroneos said. Some 91 ISPs have signed on to the iCode [a kind industry self-regulation] to help users resolve computer infections and quarantine some if needed.

    To extend the metaphor to include iCode, then I guess car manufacturers will be working to help bad drivers and quarantine some of them if needed.

  4. Bad analogy by xnpu · · Score: 1

    Better would be to say road operators had to remove reckless drivers. Which is arguable more sensible.

    1. Re:Bad analogy by Dr.+Hok · · Score: 1

      Better would be to say road operators had to remove reckless drivers. Which is arguable more sensible.

      Yup, like in Austria, where they bury blades in the Autobahn exits that slice tires of cars which enter the wrong way. (These drivers are confused rather than reckless, which fits the virus analogy even better.)

      --
      Say out loud: I'm an Aspie and I'm somewhat proud, I guess. Uh. Can I write an email in all caps instead? Hm...
  5. Nice! by lennier1 · · Score: 1

    Now THAT's what I call service. They're even doing the car analogies for us!

    1. Re:Nice! by ChunderDownunder · · Score: 1

      a pity one has to wade through 150 odd posts about the merits of the analogy before reading a single post relevant to the goverment's decision.

      I'd moderate the whole thing off-topic but instead perhaps SeñorTaco will create a 'motor cars for nerds' site.

    2. Re:Nice! by lennier1 · · Score: 1

      You didn't really expect anyone on /. to stay on topic, did you?

  6. another better analogy by phayes · · Score: 4, Funny
    'It would be like forcing car manufacturers to take responsibility for bad drivers.'"

    No. It would be like forcing toll road operators to refuse access to cars that are actively spraying oil all over the road surface that have been causing accidents.

    --
    Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
    1. Re:another better analogy by stms · · Score: 2, Funny

      I don't understand can someone use a computer analogy to explain this instead of a car analogy.

    2. Re:another better analogy by Anne+Honime · · Score: 1

      You should have been modded insightful instead of funny. I had exactly the same reaction.

      Like a toll road operator, ISPs would have a security duty, based on visible facts (without actively searching computers, just analysing statistical output traffic patterns). It wouldn't be akin to a penalty, but act like a quarantine for the benefit of the majority.

    3. Re:another better analogy by vivian · · Score: 1

      If I was driving a car that is spraying oil all over the road, then I would certainly want to be stopped before I ended up having a crash caused by the oil, or before I caused some other driver to crash.

      Likewise, if you have a computer that is virus ridden and actively infecting others enough so that an ISP can spot it, it should be locked off from the internet - it saves other computers from getting infected, and also lets the user know he better hurry up and recover what data he can off the thing before it's completely hosed, or he suffers (more) identity theft.

      ISP's should not be held legally accountable if they fail to block access to an infected computer, but they should certainly be required to have some system in place to at least tries to notify owners that have infected computers. The ISP is in the best position to see if a user's machine is spewing out traffic on ports that are known to be used by certain security threats, and here in Australia they are already counting the bytes that go past and in most cases shaping your traffic once you hit a limit - perhaps your connection could just be slowed down to a really really slow crawl once you start spewing out traffic that looks like you no longer own your PC.

    4. Re:another better analogy by c · · Score: 1

      >> It would be like forcing car manufacturers to
      >> take responsibility for bad drivers.

      > No. It would be like forcing toll road operators to
      > refuse access to cars that are actively spraying oil
      > all over the road surface that have been causing accidents.

      No, it would be like forcing Slashdot editors to make sure all Slashdot car analogies, even user posted, make sense.

      --
      Log in or piss off.
    5. Re:another better analogy by Monkeedude1212 · · Score: 1

      'It would be like forcing car manufacturers to take responsibility for bad drivers.'"

      No. It would be like forcing toll road operators to refuse access to cars that are actively spraying oil all over the road surface that have been causing accidents.

      Are you saying that if someone is actively spraying oil all over the road surface, and they are coming up on a toll bridge...

      The standard policy is for the toll booth operator to do... nothing? Not even like... Call the police or fire department... nor passively detain or interfere?

    6. Re:another better analogy by phayes · · Score: 1

      I'm saying that you need reading lessons as you misunderstood my analogy to mean the opposite of what everyone else does. ISPs should cut off clients that are actively spamming/distributing malware, & not claim to be uninvolved.

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
  7. Re:What.... by beav007 · · Score: 2, Funny

    The response from the general Australian public: "who are you, and what have you done with our politicians?"

  8. Not reasonable at all. by theNAM666 · · Score: 1

    More like-- I operate a toll road, now I can ignore the robbers who shoot out tires on that road.

  9. Metaphor by LordCrank · · Score: 3, Insightful

    It would be like forcing an ISP to take responsibility for a copyright infringer.

    1. Re:Metaphor by shentino · · Score: 1

      Also, if we give ISPs the authority to quarantine infected computers, what's to stop that power from being subverted by the MAFIAA?

    2. Re:Metaphor by jack2000 · · Score: 1

      I'd rather have isps quarantine infected computers. The Mafiaa doesn't enter into this in any way.

  10. Not required, just recommended by Todd+Knarr · · Score: 2, Insightful

    The government shouldn't be requiring ISPs to disconnect infected computers, no. But ISPs still should be disconnecting infected computers. Not computers that don't run the ISP's anti-virus package, not computers that aren't up-to-date on Windows, but computers that're actively showing the tell-tale signatures of known infections (including spewing spam e-mail). If a computer shows up infected, the user should be warned. If the infection isn't removed fairly soon after, the computer should be disconnected until the user contacts the ISP about solutions.

    Think of it like a medical quarantine. We don't quarantine you just because you haven't had your shots. But once you're diagnosed with the actual infectious diseases, you're quarantined until either you get medical treatment and are cured, you get over the infectious stage on your own or you die.

    1. Re:Not required, just recommended by thegarbz · · Score: 1

      I agree but within reason. If a computer is found to be infected how long do you allow the zombie on the internet before you cut it off? Remember that once the internet is cut-off so is updates to anti-virus software, the ability to easily download new anti-virus software, and the ability to research your infection. It also brings into question the payment. Can an ISP simply refuse access to a paying customer? Sure, but what if the customer is locked into a 24 month contract?

      Our ISPs actually already take a very proactive approach by informing users if they are showing signs of infection based on the network traffic they send out. That caught Confickr traffic in our house. I would never have known that my sister picked it up from her university if it weren't for those emails.

    2. Re:Not required, just recommended by Teun · · Score: 1

      That's what a responsible ISP like xs4all.nl does.

      They send you a mail explaining the problem and block most but not all traffic.
      You can call their help desk and access a special page with help topics to resolve the problem and in case you need to download patches that's possible through the proxy server.
      This approach is helpful to the owner of the infected computer and the internet in general.

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    3. Re:Not required, just recommended by dangitman · · Score: 1

      Not computers that don't run the ISP's anti-virus package, not computers that aren't up-to-date on Windows, but computers that're actively showing the tell-tale signatures of known infections

      For example, computers that run non-approved Operating Systems such as Linux?

      --
      ... and then they built the supercollider.
    4. Re:Not required, just recommended by Rhywden · · Score: 1

      You can exclude the routes to update servers and redirect all http-traffic to a page stating just that. Thus the customer can download antivirus software and get the latest patches, but still isn't allowed to wreak havoc unto the greater internet.

    5. Re:Not required, just recommended by dargaud · · Score: 1

      Not computers that don't run the ISP's anti-virus package, not computers that aren't up-to-date on Windows, but computers that're actively showing the tell-tale signatures of known infections

      For example, computers that run non-approved Operating Systems such as Linux?

      Computers that run "non-approved" Operating Systems such as Linux won't be actively showing the tell-tale signatures of known infections, because almost all malware is for Windows.

      And _if_ they have a rootkit running, they should be disconnected, Linux or not.

      --
      Non-Linux Penguins ?
    6. Re:Not required, just recommended by Todd+Knarr · · Score: 1

      That's why the warning first: so the user knows there's a problem and can go download updates, get anti-virus software and generally clean things up before getting disconnected. If they don't react, I say disconnect them completely (their modem goes dark, they get no IP connectivity whatsoever, not even to the ISP's Web servers) until they call customer service. Once they've called, had the situation explained and promised to clean things up, CS can reconnect them so they can clean things up. If the problem still persists after a reasonable interval, they get disconnected again until they call CS. Second time around they have to show evidence they've had a professional clean their computer before they get reconnected (if the professional comes out to the home, they can call CS and get the computer reconnected during the clean-up). Third time, a professional of the ISP's choosing comes out (at the customer's expense) to clean up the mess. If you can stay clean for 1 year, the clock resets and your record's cleared.

    7. Re:Not required, just recommended by Todd+Knarr · · Score: 1

      Well, for e-mail almost all ISPs block outbound port 25 except to their mail servers and scan outgoing e-mail for spam the same way they scan incoming, so for e-mail it ought to be fairly trivial to spot the problem. For other stuff, do what my ISP does and routinely scan their network for the open ports and tell-tale traffic signatures of known malware. I've actually gotten calls from the security people at my ISP when they went to scan my IP address and "my router" suddenly stop responding completely (their scan triggered an alert and my firewall started dropping all packets from the IP address they were scanning from). It's not that hard to catch most of the malware through relatively simple methods, without resorting to nastiness like deep packet inspection. It's just that most ISP's don't bother doing even that.

      And frankly you don't have a right to have your computer be a platform for attacking mine. If you want to go that route, my response'd probably be to get a court order barring you from ever having Internet connectivity again, same way we revoke the driving privileges of people who keep driving recklessly and injuring other people on the roads, or same way we forcibly commit (either to psychiatric care or to prison) people who can't control themselves and keep physically attacking and injuring/killing other people. To quote, "Your right to swing your fist ends at the tip of my nose.". Similarly your right to unfettered Internet access ends at the WAN port on my router.

    8. Re:Not required, just recommended by dangitman · · Score: 1

      Computers that run "non-approved" Operating Systems such as Linux won't be actively showing the tell-tale signatures of known infections,

      That doesn't matter to the government inspectors who come to your house to see what OSes you are running.

      --
      ... and then they built the supercollider.
    9. Re:Not required, just recommended by deek · · Score: 1

      In Australia, we have this lovely organisation called ACMA (Australian Communication and Media Authority). They have a program called AISI (Australian Internet Security Initiative) which sends reports to many Australian ISPs, notifying them of any detected infections. I assume they get their data from honeypots and such, although according to the linked ZDNet article, they're set to receive data from Symantec, McAfee, and other security companies.

      So that's how ISPs can determine infected hosts without inspecting traffic.

    10. Re:Not required, just recommended by thegarbz · · Score: 1

      Not a bad solution, but who to maintain it? Latest zero day virus comes out and wreaks havoc on networks, a complex manual solution to get rid of said virus is easily found on google, but no patch or virus defs have come out yet, do you still cut them off?

      Common sense would say no, but the problem is that common sense isn't very common. Likely there'll be no one making judgement calls and a simple computer will be there to decide who gets internet and who doesn't. I'd be much more accepting of the proposal if there was at all even the slightest chance that an actual person would be in control over my ban, and this actual person would be contactable, and god fucking help them if they ask what version of Windows Ubuntu runs on (actual question I received from an ISP goon)

    11. Re:Not required, just recommended by garwain · · Score: 1

      Hey, better idea. Don't just pull the plug on the connection, but throw them onto a seperate network segment, which uses a proxy for web traffic, and blocks all other ports, have the proxy display an virus alert for every page request (including VERY CLEAR AND SIMPLY WRITTEN INSTRUCTIONS), execpt a list of approved antivirus and anti-malware sites. Perhaps list some phone numbers for computer shops in the region as well.

  11. A telepone analogy would be better by PolygamousRanchKid+ · · Score: 2

    Is a telephone provider responsible for drug dealers, pimps and other assorted crooks, who run their business over the providers' telephone lines?

    The telephone provider runs a line to your house. What takes place on the other side of the line, inside your house, they have no control over. The same is true for an ISP. They provide an Internet connection to your home. What you hook up to it, is your responsibility . . . and liability.

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    1. Re:A telepone analogy would be better by Errol+backfiring · · Score: 1

      Yes, but up to a point. That point is that you want to cooperate. If you really are a crook, you would not. In your analogy, a telephone provider can cut off people who use their phone for sexual harassment, for example. Not that this is not something automatic, but (thank goodness) requires a serious procedure and complaint from the victim before such a thing is done. Also, this is done in cooperation with the police and the culprit has to face the law instead of just an automatic switch off.

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    2. Re:A telepone analogy would be better by Haeleth · · Score: 1

      If a drug dealer, pimp, or other assorted crook was breaking into my house and using my telephone to run their business, I would be very pleased if the telephone company told me about it.

  12. It's more like... by 91degrees · · Score: 2, Insightful

    ...ISPs being required to disconnnect infected computers.

    The analogies are pointless. It comes down to factors such as feasability, harm done, harm prevented and responsibility. An ISP is capable of disconnecting the computers from the internet. Forcing them to do so would prevent harm. So it comes to whether the cure is worse than the disease.

    The ISPs make the perfectly reasonable point that the goals can be achieved by self regulation, and this will be much more flexible. On the whole the ISPs are should be in favour of removing infected computers. They're an expensive annoyance.

  13. Re:I think the opposite is true by Therilith · · Score: 1

    Yeah, better make sure you have the latest version of Windows and Norton AntiVirus for your next government mandated checkup or you'll be kicked off the internet.

  14. a bit shocked by the reaction of the slashdot crow by Anonymous Coward · · Score: 1, Insightful

    How does the governement decide whether a computer is infected or not?
    Does running a P2P program counts as "infected"?
    I understand that to decide whether a computer is infected or not, one would have to store and analyze the network traffic with DPI.
    Do you also want the government to close their eyes when they see which websites you browse, and the content of your emails? (which is usually not encrypted)
    Finally, does "infected computers" include computers from political oponents, like in China?

    I actually had a few jokes to say about this story but I have to admit now that sometimes people on /. make me sick, not because they are bad inside, more because they don't really see anything wrong with totalitarism.

  15. Re:What.... by Gadget_Guy · · Score: 2, Insightful

    That is what you get these days with the balance of power being held by the Greens and independents. It used to be that the independents and small parties would come up with the looney ideas, but more and more we are seeing the big parties filling that role. EG. The Internet Filter aka The Great Firewall of Australia.

  16. Fair Enough by masterwit · · Score: 1

    Sometimes good news is good.
    (I know, profound)

    At least I can start drinking Foster's again to pretend to be "outback"!

    Also I found a US winning a robot battle against Australia on the side panel, and robots merit an instant mouse click!

    ...

    On a more enlightened note, I found TFA really shallow and not providing the news in the most ideal way I wanted:

    The government accepted response to recommendations that federal, state and territory police forces establish an "e-crime managers group" to improve information-sharing and cross-jurisdiction cooperation, which would fall under the auspices of the Australia and New Zealand Policing Advisory Agency's e-Crime Committee.

    So really our collective "uphill battle of common sense" is really just a temporary mitigation to the common sense necessity. (Don't confuse my comment in not being pleased by the article, just I was hoping for a bit more...sometimes the sensationalist Slashdot headlines get to me!?!!)

    --
    We should start a new Slashdot and return control to the geeks. It actually wouldn't be that hard to get some users to
  17. Gentlemen, start your analogies! by noidentity · · Score: 4, Funny

    It would be more like a robot enter your vehicle through its wide-open windows, jacking into the electric system, manufacturing more robots out of the car material, then sending more robots out to enter other cars with open windows.

  18. Good! by polyp2000 · · Score: 1

    Now all someone needs to do is write a virus containing a distributed bit-torrent server that "infects" users machine and there is jack shit they can do the ISP's wont have to be responsible for dealing with it.

    --
    Electronic Music Made Using Linux http://soundcloud.com/polyp
  19. Looking at it logically... by ADRA · · Score: 1

    1. The Customer's PC is not the property or under control of the ISP
    2. The ISP can trivially detect the presence of 'questionable activity' like egress email in the 1000's for a consumer broadband account
    3. ISP's can through deep packet inspection (if employed) easily detect the presence of well known computer viruses / exploits both ingress and egress
    4. If decided to do so, an ISP can cut off a customer's line or block an IP both automated (based on some pre-defined traffic analysis) or manually due to human inspection

    So we've established that assuming that an ISP has a packet inspection system handing customers (not guaranteed) that they can handle dealing with offending PC's if in fact they chose to. The government has said that this is not the responsibility of ISP's to do this, and I fully agree. The responsibility for such an action should not be on a common carrier. The one difference of opinion I have with some is that if I was the government and I wanted to make a better internet for our citizenry, I'd want to knock virus/exploit based customers out of the internet until they've taken the steps necessary to remove the infection and make the PC suitable for healthy internet activity.

    In order to accomplish said law, you could:
    1. Add government honeypots and detect incoming exploit requests -- If the exploit is detected, then a letter is sent to the ISP requiring take-down until the problem has been cleaned up. Multiple offenses by the same subscriber results in fees? This would put a real financial onus on end users to make sure they're operating their PC's correctly
    2. The same as the first idea, but instead of just honeypots, the ISP's can use deep inspection to detect exploits ahead of time. The ISP's aren't required by law to do this, so make a law that they are required to do this, but make the ISP's compensated for doing so so that it isn't directly levied from the customers. The fees charged to the offenders would then help to offset the ongoing costs of the system. Yes, it can be exploited as an copyright enforcement tool or the like, but I'm talking best measures here and assuming that it will only encompass the exploits, etc..

    *I'm going to get flamed for this....*

    --
    Bye!
    1. Re:Looking at it logically... by shentino · · Score: 1

      Anything that allows *anyone* to inspect my encrypted traffic without a warrant automatically gets my stamp of disapproval.

    2. Re:Looking at it logically... by ADRA · · Score: 1

      Inspection is an interesting question. Assuming nothing is stored, and no encryption is infiltrated, is your data being compromised in any way that a half intelligent switch/router isn't already doing today?

      --
      Bye!
  20. Should be done anyway! by the_raptor · · Score: 2, Insightful

    Any responsible ISP should be doing this voluntarily anyway. My ISP (Exetel) redirects you to a page telling you that you are infected and telling you how to fix it (and giving links to AV software hosted on their servers). Cars have mandatory yearly inspections or they aren't allowed on the road so Peter Coroneos was just trying to dodge legal liability not talking any kind of sense.

    Botnets are a huge organised crime business and any ISP that isn't fighting them is either incompetent or is profiting from botnets (either being paid by the mob or making money selling DDOS protection and the like).

    --

    ========
    CINC, 4th Penguin Legion
    1. Re:Should be done anyway! by Anomalyx · · Score: 1

      And how much do they bill you for the AV software? Sounds to me like this would be way too easily abused... or like those popups that some people still get that say "Your computer is infected! Pay $40 for this tool to remove!"

      How would they know you're botnetted? Perhaps you just happen to have a traffic pattern similar to a particular botnet because of a server you're hosting... I'd be annoyed if I was getting redirected on every http request. Either that, or they already have your PC compromised with their own software. Any ISP that does either of those is one that I'll avoid.

      --
      No, there is no "-1 I'LL NEVER ADMIT BEING WRONG!!!" mod.
  21. Two faces of OZ! by Anonymous Coward · · Score: 1, Insightful

    The government doesn,t force ISPs to disconect infected computers, but it will MONITOR all the computers, FILTER available content to users, LOG users access, and RESTRICT access, at its own discretion of course! Good to see its not doing anything to stop viruses, and malware and spam. . . . . .

  22. Safety and Emissions Check by akedia43 · · Score: 5, Insightful

    Actually, if you're going to stick with cars, it's like a safety and emissions check in realtime. If your car is spewing excessive pollution or presents a hazard to other drivers (critical safety features like turn signals, head lights, tire treads, etc., missing or malfunctioning) they don't let you go around being a hazard on public roads. It makes sense for ISPs, in a uniquely capable position to detect it, to disconnect systems that are spewing malware and presenting a hazard to other computers on the network.

    1. Re:Safety and Emissions Check by vettemph · · Score: 1

      I couldn't agree more. I was going to post a similar response.

      --
      The government which is strong enough to protect you from everything is strong enough to take everything from you.
  23. Re:What.... by dangitman · · Score: 1

    Obviously, there's nothing that can't be blamed on the Greens and Independents. Major party comes up with a stupid idea? It must be the fault of the smaller parties for holding the balance of power!

    --
    ... and then they built the supercollider.
  24. Re:What.... by Gadget_Guy · · Score: 1

    Obviously, there's nothing that can't be blamed on the Greens and Independents. Major party comes up with a stupid idea? It must be the fault of the smaller parties for holding the balance of power!

    Huh? I can't tell if you are being funny or are sarcastically saying that I am blaming the Greens and independents for the faults of the major parties. My contention was that it is the small group of non-mainstream politicians who are keeping the bastards honest.

  25. Better Analogy... by crow_t_robot · · Score: 1

    ...still using cars, though.

    The state provides us with roads to travel on but also polices those roads and removes people that are hazards to others. The ISP provides roads for our internet traffic and should remove users that are hazards to others (spam, viruses, etc).

    Sorry, but if you can't manage your PC then you don't get to play Farmville till you get your shit fixed.

  26. Perhaps once, soon not... by Mathinker · · Score: 2, Interesting

    > but once they know about it they have multiple ways of fixing the situation and then they are indeed fully in control.

    Unfortunately, the fact is that as time goes on, there are more and more components in computers which themselves are programmable (with microcode, for example) yet not easily "format-able" like the magnetic media of a hard disk. Hiding malware in these devices is a hot topic of current research (BIOS-level rootkits, WiFi adapters hosting malware), and could easily become reality for a capable, targeted attack (look at Stuxnet, for example, but imagine what might have been if the industrial controller had been sophisticated enough to have hosted a multihost malware which could spread itself back to "cleaned-up" computers).

    I have the feeling that there will be a large gap (because of fear of loss of IP or control, or DMCA-like laws trying to protect copyright) in the tools hardware manufacturers give consumers to "sanitize" possibly infected hardware, and the ability of black hats to use infected hardware to gain more permanent control over infected computers.

  27. Another view. by LoyalOpposition · · Score: 1

    It would be like forcing car manufacturers to take responsibility for bad drivers.

    No. It would be like forcing gun manufacturers to take responsibility for murderers.

    ~Loyal

    --
    I aim to misbehave.
  28. Keep Dreaming by quatin · · Score: 1

    Only geeks support this, because we've been playing with a computer since birth so it wouldn't be a hassle to keep a computer clean. The rest of the world won't be receptive of a blacklist law.

    Punishing the victim has never been popular. See how popular TSA is? Whatever the problem is, you start with the criminal. We are far from exhausting all options against spammers. This is purely a zero-cost (to the law makers) law made to fill a resume for re-election. Off the top of my head I can think of all sorts of punishments more effective at stopping spammers and botters.

    Let's start lightly.

    1) Removal of constitutional rights.
    2) Banned use of government facilities. (roads, post office)
    3) RIAA style fines automatically garnished from their bank accounts. (Want to access a computer or get food?)
    4) Public Beating
    5) Private Beating
    6) Private Execution
    7) Public Execution
    8) Predator strikes on their house

  29. Bad analogy by Bilbo · · Score: 1

    I actually think the car analogy is a poor one. That would imply that car manufacturers, or even the dealers, KNEW about bad drivers, and had a way of disabling their automobiles.

    ISP's can tell with a fair degree of certainty that a computer they have connected to the network is spewing either spam, or participating in a known 'botnet. They also have a way to contact the user to tell them that something is happening. Also, having an infected computer isn't usually something the user chooses, and they often have no idea of what is going on. That's not to say that we should be making laws that force ISP's to act regardless of the circumstances. That's more like telling someone they can only use a baseball bat to fix a pair of eyeglasses.

    On the other hand, this is COMPLETELY different from "bad people" who are doing things like file sharing or downloading stuff, or even using more than their share of Internet bandwidth. Writing laws to force ISPs to become the puppets of the big media monopolies is BAD, BAD, BAD.

    --
    Your Servant, B. Baggins
  30. Re:a bit shocked by the reaction of the slashdot c by Haeleth · · Score: 1

    How does the governement decide whether a computer is infected or not?

    I'm guessing all those nice capitalist non-government-affiliated antivirus companies might just have an idea or two about that.

    Does running a P2P program counts as "infected"?

    What? Why on earth would it? We're talking about detecting malware, not enforcing copyright law.

    I understand that to decide whether a computer is infected or not, one would have to store and analyze the network traffic with DPI.

    DPI would not necessarily be required. And even if it was, it does not involve storing traffic, just looking inside it as it goes past.

    Do you also want the government to close their eyes when they see which websites you browse, and the content of your emails? (which is usually not encrypted)

    Who said anything about the government seeing this? This is about ISPs doing filtering, not the government. And it would be machines doing the inspection, not humans. Most people are happy with machines seeing the contents of their email, given as how it's impossible to send an email without machines seeing its contents.

    Finally, does "infected computers" include computers from political oponents, like in China?

    Um, what? How the hell did we get from "ISPs monitoring for signs of malware infection" to "Big Brother grinding the faces of political opponents in the dust"?

    The "slippery slope" argument is a logical fallacy, Mr Coward.

    I have to admit now that sometimes people on /. make me sick, not because they are bad inside, more because they don't really see anything wrong with totalitarism.

    Ditto, except replace "don't really see anything wrong with" with "appear to be completely incapable of distinguishing between reasonable government activity and".

  31. Bullcrap by gurps_npc · · Score: 2
    ISPs are like tollbooths, not car manufactures. An infected computer is like a drunk driver.

    This ruling basically says that tollbooth attendants are not required to stop drunk drivers from driving drunk.

    While I would say that this is true, barring any specific law, I also see that such a law would be a good idea. Governments could easily pass a law that required tollbooth operators to refuse to let drunk drivers get on their highway. Such a law would not be a bad law. I see few reasonable objections to it.

    As such, I would state that while without a law, ISP's should not be legally required to stop infected computers from using them, it should be quite easy for a government to pass such a law, and that law would be:

    a. Reasonable and proper

    b. A good idea

    --
    excitingthingstodo.blogspot.com
  32. To put all the analogies together... by Anomalyx · · Score: 1

    I've picked pieces from all the analogies given and here's what I believe to be the closest one:
    It would be like toll booths taking responsibility for crashes that occur on the toll road.

    --
    No, there is no "-1 I'LL NEVER ADMIT BEING WRONG!!!" mod.
  33. Re:What.... by drsmithy · · Score: 1

    That is what you get these days with the balance of power being held by the Greens and independents. It used to be that the independents and small parties would come up with the looney ideas, but more and more we are seeing the big parties filling that role. EG. The Internet Filter aka The Great Firewall of Australia.

    IIRC internet filtering came from an Independent, and without a doubt the only reason either major party continues to give it lip service is to buy the votes of independents on other issues.

  34. Re:What.... by Gadget_Guy · · Score: 1

    IIRC internet filtering came from an Independent, and without a doubt the only reason either major party continues to give it lip service is to buy the votes of independents on other issues.

    You mean Senator Brian Harradine? Yes, he was definitely in favour of it. However, he left the senate in 2005, a year before Labor committed itself to the ISP level filtering. That 2006 version did have an opt-out clause, so it wasn't mandatory.

    The Family First party have had a policy of mandatory filtering for a long time. But they didn't introduce the currently proposed system. Their representative, Senator Fielding, has been voted out now anyway.

    It wasn't until 2008 that Labor remove the opt-out ability of their proposal. The status now is that it is on hold until 2011, which means it is off the table until at least 2015, because it would never get through the current lower house or senate.