Slashdot Mirror

← Back to Stories (view on slashdot.org)

Knocking Infected PCs Off the Internet

Posted by samzenpus on from the and-stay-out dept.

nk497 writes "Malware could block your access to the internet – but in some cases by those on the right side of the security fence, who are deploying tactics such as blocked ports, letters in the mail and PCs quarantined from the net to combat the most damaging threats. The DNS Changer clean up saw some PCs prevented from accessing the web. Should such tactics be used more often to prevent malware from spreading — or is that taking security a step too far?"

15 of 206 comments (clear)

  1. Not just infected PCs... by Howitzer86 · · Score: 5, Insightful

    My local university does this. It's actually a pretty good idea if it's done right. Of course, the other side of the reality is that in addition to knocking infected computers off of the internet, my university also knocks off computers suspected of internet piracy. If you torrent anything on campus, even a legitimate download, you have to go to the Computing Services office to explain yourself and get it back online.

    Our internet service providers are often our media providers. Comcast, AT&T, Time Warner, etc, are all interested in the idea of controlling your access to things like that, and if they're given free range to scan your computer and knock them off the internet - they will certainly look for evidence of torrenting as well.

    1. Re:Not just infected PCs... by Forty+Two+Tenfold · · Score: 5, Interesting

      I used to do this in my dormitory some 7 years ago. My iptables-triggered scripts added the infected PCs to the squid ACL whose members' every web request was redirected to information page that explained what happened and what to do. Well, some idiots claimed that I infected their machines on purpose to cut them from the internet. You just can't fix the users, no matter how hard you try. The only solution I see is a mandatory license to use the electronics akin to drivers license. Believe it or not, the idiot user is not only a nuisance but a danger to others.

      --
      Upward mobility is a slippery slope - the higher you climb the more you show your ass.
    2. Re:Not just infected PCs... by girlintraining · · Score: 5, Insightful

      My local university does this. It's actually a pretty good idea if it's done right. Of course, the other side of the reality is that in addition to knocking infected computers off of the internet,

      The problem is that detecting infected computers invariably requires some level of privacy intrusion, and possibly committing numerous felonies to probe the machine. That's why only large organizations do this; because they own all the machines and can dictate that policy. It's entirely another matter when the system isn't owned by you, and that's what's under discussion.

      The internet was designed to allow free and unfettered communication between any and all nodes. On the internet, every IP address was a peer to every other. But then corporations came, and they started walling things off, messing up the protocols, and trying to convert the internet to an asymetrical content distribution network to push their wares. And then the government came in and offered protection to that corruption of the network. Then other countries joined with the same pattern of uptake; And now countries are starting wars or engaging in war-like acts with each other, all to answer the question: Who will control the internet?

      Given that, the question of whether you should be able to attack and offline other nodes on the network, for whatever reason, comes down to whether you believe you should have the same rights on the network as groups, organizations, corporations, and governments. The internet itself doesn't care which side you take -- you're just another peer, and all the ideologies now warring over control of it are heaped on top of it.

      If you're an old school hacker, the answer is obvious. If you're a 20-something, you probably accept intellectual property, and the idea that the internet can be owned (as a collective entity, as membership to, not as individual components).

      As an old-schooler, I will only say this: The Native Americans believed land couldn't be owned. It's a fine ideal. But the other guys had guns, and it didn't matter who was right, only who was left.

      --
      #fuckbeta #iamslashdot #dicemustdie
    3. Re:Not just infected PCs... by amorsen · · Score: 5, Informative

      The problem is that detecting infected computers invariably requires some level of privacy intrusion, and possibly committing numerous felonies to probe the machine.

      In many cases it doesn't. Sometimes it just requires noticing that one customer is responsible for 30% of all traffic flows in a particular core router. You can call that privacy intrusion, but in most of Europe doing flow monitoring is mandated by law, so you might as well run statistics.

      And yes, the ISP I work for has in a few cases blocked customer traffic from infected machines. It is a medium-sized ISP, so that can be done without angering the infected customers. It can be difficult to get hold of the right people at the customer, and the large ISP's probably only have billing contacts for most customers.

      --
      Finally! A year of moderation! Ready for 2019?
    4. Re:Not just infected PCs... by FaxeTheCat · · Score: 5, Informative

      The problem is that detecting infected computers invariably requires some level of privacy intrusion, and possibly committing numerous felonies to probe the machine. That's why only large organizations do this; because they own all the machines and can dictate that policy. It's entirely another matter when the system isn't owned by you, and that's what's under discussion.

      The company I work for block computers with certain malware off the network, and also block computers running torrents (after which you get a polite visit from the IT department) . It does this ONLY through network traffic analysis. Viruses/malware need to create network traffic to spread. Also many of them contact a "home" server. There is a rootkit out now which is only detectable through network analysis. No intrusion on the PC. Just looking at network packages.

  2. Microsoft will object to this by Anonymous Coward · · Score: 5, Funny

    because it will drop the IE part in the browser statistics to zero... :-)

  3. It should be more than obvious by fustakrakich · · Score: 4, Insightful

    This will be abused. Life is too short to list how and why. Let's just say that people will be knocked off (up?) for expressing something "offensive". Feel free to define that as you wish. The authorities and fanbois will.

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:It should be more than obvious by pla · · Score: 4, Insightful

      This will be abused.

      No kidding, it stuns me that anyone would even consider allowing this as a precedent.

      Two major problems, as I see it:

      First, how do you know my PC doesn't mean to send out thousands of emails an hour? That may come from an infection; I could works as a (semi-legitimate) spammer; or perhaps it just means I run a large listserv. How do you know that I don't mean to port-scan thousands of IPs per hour? That could come from an infection; I could work as a researcher collecting vulnerability statistics; or I might work as a consultant paid to do penetration testing for dozens of companies on an ongoing basis. Opting for a "solution" that would also block legitimate activity counts as a great big "no-no".

      Second, who gets to define "malware"? The major ISPs in the US would love to have even the thinnest possible excuse to outright ban P2P traffic; for an example, look at what happened to NNTP - Once considered a "must-have" ISP service, as soon as Cuomo gave them an out (on the basis of a mere 88 out of 80k groups), they all ditched their USENET servers ASAP. And aside from the opportunity to ban legitimate but undesirable traffic, try explaining to Grandma that the "coupon program" she keeps reinstalling can and will use her machine like a Columbian prostitute. Some people will choose to use spyware, even knowing that fact, for whatever service it provides them; should the ISPs have the right to tell a adult what they can and can't do online?


      All that said, I would still like to see it made legal to hunt down and painfully kill malware authors and spammers. Fix the problem at the source, not the destination.

    2. Re:It should be more than obvious by FaxeTheCat · · Score: 5, Informative

      First, how do you know my PC doesn't mean to send out thousands of emails an hour? That may come from an infection; I could works as a (semi-legitimate) spammer; or perhaps it just means I run a large listserv. How do you know that I don't mean to port-scan thousands of IPs per hour? That could come from an infection; I could work as a researcher collecting vulnerability statistics; or I might work as a consultant paid to do penetration testing for dozens of companies on an ongoing basis. Opting for a "solution" that would also block legitimate activity counts as a great big "no-no".

      Actually, my terms of service forbid most of what you describe. Want to do that? Get a business subscription.

  4. I think it's taking it a step too far... by Revotron · · Score: 4, Insightful

    ...In other unrelated news, when I had tuberculosis all the restaurants in my area kicked me out when they found me coughing on their salad bars. How dare they stifle my freedoms! Police state!

  5. The proper way by Teun · · Score: 4, Interesting
    I think it is only proper for ISP's to limit spreading of viruses or engagement in things like phishing.

    My ISP xs4all.nl, one of the most reputable when it comes to internet freedom, will shut a subscriber's net access down when there is good indication of infection.
    The way they do it is smart, you get a mail on your administrative account and you are diverted to a message explaining why you can only access the net via the ISP's own proxy.
    The last is to give you a chance to get on-line help or updates.
    Once you can convince the helpdesk you have cleaned up your computer(s) they'll switch you back on.
    The helpdesk is also very helpful to the clueless on how to clean up their computer.

    --
    "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
  6. That depends upon the infection. by khasim · · Score: 4, Informative

    The problem is that detecting infected computers invariably requires some level of privacy intrusion, and possibly committing numerous felonies to probe the machine.

    That depends upon what the infection is.

    In many cases, the infection is a worm that attempts to connect to other machines on known ports with known connection strings. This is how network-based Intrusion Detection Systems (IDS) work.

  7. the question will become. by Truekaiser · · Score: 4, Insightful

    Who defines what is malware if this happens.
    I have no doubt that if the isp in question is also a media company, programs that access the internet and are of their competitor's 'might' occasionally be flagged as malware.
    I can also see that alternative o.s.'s could theoretically be flagged as such.

    But above 'all' how could they determine if malware is installed simply from the isp side and without requiring special programs on their customer's pc's to access their services.

  8. Re:Herd Immunity and blocking ports by davecb · · Score: 4, Informative
    [I commented on part of this below, but wan't logged in...] Blocking infected PCs is a new problem for computer science to debate, but it's very similar to long-solved "public health" problems in the world where viruses are composed of atoms, so we can borrow some of the cures from there. This is also a good way to keep from looking stupid in front of the courts!

    People who are being spammed by your PC can legitimately use the minimum force necessary to stop the harm, not including shooting it or you. This is the starting point in law: a harmed individual, who has some limited rights to respond in self-defense.

    If your PC is trying to infect theirs, they can tell the local board of health, and have have you asked to quarantine yourself until the disease is cured. In this case, the board of health is the ISP, and they're asking you every time you try to send spam/viruses. They're allowed to wear a surgical mask while asking, as well, in this case over their port 25. They're not allowed to put you in an impervious plastic bag to stop you from breathing: that's not minimum force.

    If you or your PC resists being quarantined, they can apply to the courts for an order to have the PC locked up and treated against it's will. That'a a real court, with real judges and court orders, not an ISP. In that case you can argue against it, but you'd better have a legally valid reason, not "you can't do that to me". And if necessary you can object, and argue it out before a judge.

    --dave

    --
    davecb@spamcop.net
  9. Public infrastructure by LourensV · · Score: 4, Insightful

    We don't let people drive unsafe cars on the roads, or connect non-FCC certified equipment to the telephone network, or fly uninspected airplanes over other people's rooftops, so why should we let infected computers onto the Internet?

    If it's clearly infected, you quarantine it and make sure all that can be accessed from that machine is instructions on how to remove the infection, updates for virus scanners, etc. Basic common sense.