Slashdot Mirror

← Back to Stories (view on slashdot.org)

Knocking Infected PCs Off the Internet

Posted by samzenpus on from the and-stay-out dept.

nk497 writes "Malware could block your access to the internet – but in some cases by those on the right side of the security fence, who are deploying tactics such as blocked ports, letters in the mail and PCs quarantined from the net to combat the most damaging threats. The DNS Changer clean up saw some PCs prevented from accessing the web. Should such tactics be used more often to prevent malware from spreading — or is that taking security a step too far?"

3 of 206 comments (clear)

  1. Re:Not just infected PCs... by amorsen · · Score: 5, Informative

    The problem is that detecting infected computers invariably requires some level of privacy intrusion, and possibly committing numerous felonies to probe the machine.

    In many cases it doesn't. Sometimes it just requires noticing that one customer is responsible for 30% of all traffic flows in a particular core router. You can call that privacy intrusion, but in most of Europe doing flow monitoring is mandated by law, so you might as well run statistics.

    And yes, the ISP I work for has in a few cases blocked customer traffic from infected machines. It is a medium-sized ISP, so that can be done without angering the infected customers. It can be difficult to get hold of the right people at the customer, and the large ISP's probably only have billing contacts for most customers.

    --
    Finally! A year of moderation! Ready for 2019?
  2. Re:Not just infected PCs... by FaxeTheCat · · Score: 5, Informative

    The problem is that detecting infected computers invariably requires some level of privacy intrusion, and possibly committing numerous felonies to probe the machine. That's why only large organizations do this; because they own all the machines and can dictate that policy. It's entirely another matter when the system isn't owned by you, and that's what's under discussion.

    The company I work for block computers with certain malware off the network, and also block computers running torrents (after which you get a polite visit from the IT department) . It does this ONLY through network traffic analysis. Viruses/malware need to create network traffic to spread. Also many of them contact a "home" server. There is a rootkit out now which is only detectable through network analysis. No intrusion on the PC. Just looking at network packages.

  3. Re:It should be more than obvious by FaxeTheCat · · Score: 5, Informative

    First, how do you know my PC doesn't mean to send out thousands of emails an hour? That may come from an infection; I could works as a (semi-legitimate) spammer; or perhaps it just means I run a large listserv. How do you know that I don't mean to port-scan thousands of IPs per hour? That could come from an infection; I could work as a researcher collecting vulnerability statistics; or I might work as a consultant paid to do penetration testing for dozens of companies on an ongoing basis. Opting for a "solution" that would also block legitimate activity counts as a great big "no-no".

    Actually, my terms of service forbid most of what you describe. Want to do that? Get a business subscription.