Slashdot Mirror
Australia Wants ISPs To Protect Customers From Viruses (sophos.com)
An anonymous reader quotes Sopho's Naked Security blog:
In a column in The West Australian, Dan Tehan, Australia's cybersecurity minister, wrote: "Just as we trust banks to hold our money, just as we trust doctors with our health, in a digital age we need to be able to trust telecommunications companies to protect our information from threats." A companion news article in the same newspaper cited Tehan as arguing that "the onus is on telecommunications companies to develop products to stop their customers being infected with viruses"...
Tehan's government roles include assisting the prime minister on cybersecurity, so folks throughout Australia perked up when he said all this. However, it's not clear if there's an actual plan behind Tehan's observations -- or if there is, whether it will be backed by legal mandates... Back home in Australia, some early reactions to the possibility of any new government interference weren't kind. In iTWire, Sam Varghese said, "Dan Tehan has just provided the country with adequate reasons as to why he should not be allowed anywhere near any post that has anything to do with online security."
The West Australian also reports Australia's prime minister met telecommunications companies this week, "where he delivered the message the Government expected them to do more to shut dodgy sites and scams," saying the government will review current legislation to "remove any roadblocks that may be preventing the private sector and government from delivering such services."
Tehan's government roles include assisting the prime minister on cybersecurity, so folks throughout Australia perked up when he said all this. However, it's not clear if there's an actual plan behind Tehan's observations -- or if there is, whether it will be backed by legal mandates... Back home in Australia, some early reactions to the possibility of any new government interference weren't kind. In iTWire, Sam Varghese said, "Dan Tehan has just provided the country with adequate reasons as to why he should not be allowed anywhere near any post that has anything to do with online security."
The West Australian also reports Australia's prime minister met telecommunications companies this week, "where he delivered the message the Government expected them to do more to shut dodgy sites and scams," saying the government will review current legislation to "remove any roadblocks that may be preventing the private sector and government from delivering such services."
Ha! Good luck with that!
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
They should throgh in "think of children" theme for good measure
Actually a friend of mine got their internet shut off this week because of an apparent infection. According to their ISP, they have a botnet active. They inquired what's a botnet and how to get rid of it. ISP said it was their problem to fix. My friend then replied they have unlimited data so who cares. After that call, I got a call to fix. Thanx ISP!
In a world where ISPs filter viruses for you, every user EXPECTS the ISP to do the protecting, and takes no precautions themselves. This leads to lazy netizens who cry foul at ever little thing. Instead, I say protect yourself. Run a firewall. Don't open ports unless you KNOW WHAT THE HELL YOU'RE DOING!
It's akin to asking doctors to protect you from STDs. Technically they can. Practically you wouldn't want that. A doctor in your bedroom. Overseeing every intercourse you have.
and logging of all traffic. It is all for the good of the citizens.
See subject: Endpoints (good defense in depth layered security) via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script & malware rob speed/security/privacy
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!
* Via what u NATIVELY have in the IP stack in FASTER kernelmode!
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
I don't 'trust' my bank to hold my money. I audit my accounts with them every month to be sure they don't make a 'mistake'.
I don't 'trust' doctors; I do my own research, especially when they tell me something that I don't think is in my best interests, or that just plain doesn't make sense.
I don't 'trust' my government, I question what it's doing all the time, and will speak up if I see something unjust, or just plain dumb, being dumb -- because *I* am not dumb.
I sure as hell don't trust my ISP, or any ISP for that matter, to 'keep me and my computer safe'. ISPs invade our privacy constantly in the name of higher profits for themselves, and because the government wants to collect data on it's citizenry and generally snoop into people's lives.
It is not, and should not, be the business of ISPs to do this thing. Their role should be to provide connectivity to the Internet for it's customers, and that is ALL they should be in business to do, not to 'censor' anything, 'filter' anything, or anything like that. Just give us a reliable connection and leave it at that!
LOL you used a '$' instead of an 'S' XD
They're sitting on the network so they might as well do some filtering for your BENEFIT, rather than only to sell your information away to the highest bidder right? Absolutely long overdue.
And they can take botnets right off the web with ease!
if every file had to be scanned for viruses prior to being downloaded/uploaded, that sort of system would make a 56k dialup look fast
Politics is Treachery, Religion is Brainwashing
Nobody wants (tech) savvy citizens: They might question the course of events.
to build better and more secure operating systems? thats where the problem really is, if the operating systems and their applications used to access the internet were secure then the problem would be solved, asking the ISPs to do this would slow the internet speeds down to a really slow crawl
Politics is Treachery, Religion is Brainwashing
Whether this is supposed to refer to the landmass (unlikely) or the political entity, one particular subset of the idiot-fucks that presume it's their business to force their opinions and values onto millions of other people does not constitute 'Australia'. And why would anyone care about what these notoriously technologically inept parasites opine about this subject?
Haven't got a 'virus' since maybe the late 90's. Sometimes, we intentionally ran viruses on old DOS systems they were such a joke. Today everything is polymorphic weaponized encryption that knows if it's running in a VM sandbox and are 'I will fuck you completely over and all your data ware unless you gimmeh all your bitcoinz.' And all the 'anti' software snake oil is so bad, it in itself increases the attack surface and ironically becomes the attack vector being exploited. (Aside from those 99.99% of people that will always click on anything.)
Can't be infected by what u can't touch & conversely IF infected it can't "talk back to mama" for orders via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://tech.slashdot.org/comments.pl?sid=10552871&cid=54329427/ & not a SINGLE bug found in it to date + Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
See subject: BEST PART IS? YOU CONTROL HOSTS - not depending on more than potentially corruptible or fallible others. Want to do a job RIGHT? Take the time to do it, yourself. Nobody is more motivated to protect "you & yours" than YOU are.
APK
P.S.=> It's GOOD layered security/defense in depth above & beyond "traditional means" @ endpoints (full of bugs + excess resource overheads & complexity for exploitation) OR perimeter eggshell 'defenses' (FULL of security issues) all outlined here in decent detail https://tech.slashdot.org/comments.pl?sid=10552871&cid=54329535/ ... apk
As bandwidths increase and the number of low sophistication "things" presented on ISP networks increases exponentially, the risk to the ability of ISP's to provide service increases too.
If you've got multiple vendors sharing the same cheapest possible network stack in their IOT products, and that stuck becomes vulnerable to attack, you'll have 10's of millions of vulnerable devices exposing the same flaw.
If malicious code is written to infect those devices, spreading device to device, looking for new targets, it could very rapidly kill the broadband service provider. The problem is bad on fixed line an catastrophic on mobile. At least on fixed line you can shutdown the ports - in mobile, disable the customer and they'll still generate signalling. There's no way to disable that.
ISP's must protect the customers to protect themselves.
Some ISPs already provide anti-viruses to the customer for an extra fee, like mine does. The only catch it is only windows compatible. I got the feature removed since they were charging me for something I couldn't use.
As for detecting viruses in an encrypted transport layer, at the ISP, then good luck with that.
Jumpstart the tartan drive.
Imposter!
The real APK died of AIDS years ago after taking it up the ass from Arse Technica.
And that seems to bother you for some reason. LOL.
You guys are completely missing the point: they know perfectly well that it's not possible to protect users from virus, they are just going to use that excuse to impose censorship. It's far more effective at the telecom level.
Arstechnica at large is AIDS infected genetic aberrations that defy nature's intent? Yes obviously. You project it with the fact you have the bug up your behinds where you like things put in that he took you strange lads out easily hahaha.
See subject: It's possible & via my "corruptible + fallible" (w/ 'plausible deniability' too) here though we agree https://tech.slashdot.org/comments.pl?sid=10552871&cid=54329571/ but I do show IT IS POSSIBLE TO PROTECT USERS (those that protect themselves as fully as possible via layered security/defense in depth).
* Want to do a job RIGHT? Do it yourself, for yourself, as easily as is possible w/ many layers of security as outlined... I didn't miss your point @ all & said it prior to you in fact (albeit in not so many words but "great minds think alike" too).
APK
P.S.=> Again & after all - NOBODY's as motivated to protect "you & YOURS" as you are - depending solely on others (especially "Big Brother" others) is a FOOL's game (since, like you, they are out to protect & ENRICH THEMSELVES @ your expense (above all else))... apk
It isn't surprising that telcos turned ISPs, who used to run massive networks with considerable logic inside but dumb terminals at the edges still have problems with the concept of running networks where everything beyond getting the message accross sits in the connected hosts, and the rest is supposed to be a "dumb pipe". It's them that are the first to start meddling in your traffic, "transparently" caching, stripping and injecting tags and adverts, recoding videos for mobile, and whatnot.
Likewise, many users are the same kind of dumb, expecting the internet to keep them free from content they don't want to see, to the point of pressuring possibly even more spineless politicians into making a "good and clean internet". That's an actual quote from a British politician, by the by, instituting what's now the third blocking mechanism they have there. The Germans likewise have a "think of the children"-filter mandated for home routers. Which is to say, it really isn't just China and North Korea doing this sort of thing.
So yeah, historically and from a technical point of view, you're entirely right. Not everyone sees it that way, though. Go and explain it to this potted plant^W^Wminister of cyber affairs, why don't you.
...Australia's government shows that they don't really get this whole "technology" thing...
See subject: ... & neither am I Chinese Academy of Sciences gives DNS a backup via hosts http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/ - however you "arstechnica" underachieving "ne'er-do-wells" always ARE vs. me (& you KNOW it, losers).
* Still "butthurt" boys? I don't see WHY - you just projected that you LIKE taking it up the ass (especially from me & you always do, lol).
APK
P.S.=> Morons like "arseholetechnica" have always made me laugh (as I made others laugh @ your lame asses MANY times)... apk
Not only is this an impossible guarantee or a means to charge customers more money for (Godfather voice) "protection," but it just provides a red herring to monitor more than just metadata.
This is probably the single biggest change that an ISP could make to help people increase their commitment to effective security.
On the other hand, there is an enormous amount of effective action that could be taken by the Australian government. It includes:
That's Senator Sarah Hanson-Young's job.
My first internet connection started in Japan in 1994. 100 Mbs fiber since 2000 and never had a virus, never had a data cap, never paid more than about US$ 60/month (now US$ 35/mo.), never had a browser hijack, never had malware, never had to reset a modem, never had less than 3 companies to choose from and only had service go out once and that was because of a massive earthquake 6 years ago.
Came back to the US and I'm loaded up with hijacks and malware every time I turn on my PC. Have to reset the modem every week or so, service is spotty. Slow and expensive.
It doesn't have to be that way.
Dan Tehan is one of many Australian government ministers who has no clue about technology. http://bit.ly/2pMtFlG
Look, I'm all for sticking it to clueless politicians, and the original column doesn't commit to any policy of substance, but nevertheless I think the "companion news article" is interpreting it... very creatively.
The original column:
https://www.pressreader.com/au... (pressreader is paywalled but allows a certain number of free uses per time period)
I'm annoyed with the current climate of politicians just ignoring the facts and choosing to believe whatever they want, and I'm annoyed by the proliferation of clickbaity sponsored link sidebars in the genre of the fake-espn-fake-death-announcement stuff, but I'm also annoyed by how the news business doesn't seem to be able to hire writers who understand technology and can help the audience understand, rather than just making hay by subtly misleading people about it (often just due to not understanding it themselves).
In a world where ISPs filter viruses for you,
NO! The article makes it clear: He said the plan did not amount to web filtering . and he claimed previous efforts to do so had been “ill-advised”.
While ISPs cannot filter your downloads, there is plenty that can and should be done at the network level, such as detecting outgoing spam and DOS attacks from infected users.
it's not clear if there's an actual plan behind Tehan's observations
In other words, there is no news?
While surely not all, a good number of ISPs already provide anti-virus and anti-malware detection. If you use an ISP for email, chances are pretty high that the back end is running anti-spam rules which looks for attachments and strips where a "bad" MD5 sum is found. "bad" meaning it matches malware/virused attachments. They don't need to read the contents, just look for the checksum.
As a privacy advocate I'm not too uncomfortable with ISPs scanning like this, as anything I would be worried about would be through a channel other than email which they could not scan.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
You're fooling us with your UNIDENTIFIABLE truly cowardly weasel posts pussy? LMAO @ U! You show what you are (weasel).
APK
P.S.=> See subject - it's YOU, unquestionably... apk
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon
take a look at the APK hosts file engine by SuperKendall
APK is kinda right. I've tried his hosts file generating software. It works by bmo
I like your host file system by Karmashock
I find your hosts file admirable by vel-ex-tech
* My code's liked + recommended & hosted by Malwarebytes' hpHosts!
APK
P.S.=> See subject - "drink that in & digest it" as you EAT YOUR WORDS, lol... apk
Just clog the tubes that send the virusses and bad stuff. Get a stopper and when some of the bad stuff is floating by, clog that tube and shunt it to a bin in the back. This politician clearly comes from the Ted Stevens "Internet is tubes" school of technology 'n stuff.
Traditional firewalls problems: Most = IP address based & most threats use hostnames & layered filtering driver overhead.
Use IP stack via hosts (no filtered driver overhead): Stops host-domain name based threats (by FAR a majority) via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://tech.slashdot.org/comments.pl?sid=10552871&cid=54329427/
(Agreed on ports & SERVICES too - I outlined it a decade++ ago https://www.google.com/?gws_rd=ssl#q=%22HOW+TO+SECURE+Windows+2000/XP%22&spf=73/ )
APK
P.S.=> NOTHING stops all but combined w/ perimeter defenses (security issues galore https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785/ ) or DNS (riddled w/ security issues https://news.slashdot.org/comments.pl?sid=9007355&threshold=-1&commentsort=0&mode=thread&pid=51969075/ or antivirus (Tavis Ormandy of GOOGLE tearing those up) = why I layer hosts down to endpoints (devices off buggy routers are vulnerable w/out endpoint protection)
Hosts block infection sources & what you can't touch can't hurt you via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script & malware rob speed/security/privacy
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!
* Via what u NATIVELY have in the IP stack in FASTER kernelmode!
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
See subject: Vs. the most prevalent threats (they use hostnames) via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script & malware rob speed/security/privacy
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!
* Via what u NATIVELY have in the IP stack in FASTER kernelmode!
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
See subject: Most modern malicious threats use hostnames. Block them via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script & malware rob speed/security/privacy
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!
* Via what u NATIVELY have in the IP stack in FASTER kernelmode!
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
I think this is just a first step to justify the government mandating all ISPs to introduce SSL/TLS Interception at a national level.. Exact same excuse/reasoning many companies here use to roll it out, "We need it to inspect all data packets for viruses"..
Certainly there are privacy issues to be discussed, and there are many questions that can be asked about what exactly should be done and how it should be done. The concept does work quite well. Especially related to botnets.
This is standard procedure in the enterprise. Its 2017, not 1997, and we're far beyond "update your AV and pretend your safe". In enterprises that care at all about security, professionals, preferably security professionals in the SOC, but at least network professionals, use professional tools such as Cisco ASAs with Firepower to monitor incoming and outgoing traffic in a much more sophisticated and effective way than even a technical user would monitor their own workstation, much less some random clerk or manager. Where I work, the SOC is staffed 24/7 by career security professionals using $100,000+ toolsets. "Every user can update their AV", and "remind people not to open Office documents with macros" doesn't quite compete.
Certainly an ISP could monitor and null route or otherwise filter current verified malware sources and that sort of thing. They could easily prevent the spread of many botnet malware strains by not allowing the attacks to come out of their network, or through it.
So yeah it' much more than a "power grab". It's a solid idea that needs to be balanced against privacy concerns in how it is implemented.
So don't keyloggers and spyware deserve to have their packet transit fairly over the intertubes?
If they are being blocked by the ISP unfairly why aren't people up in arms? After all software running on the subscriber's computer requested those packets, right?
is there any kind of argument that would go something like "my isp knowingly passed data that contained a virus to me" ?
If, for arguments sake, a shop passed stolen goods, it doesnt even need to know it was stolen they 'can' still be charged. (would be pretty harsh if they did get charged.. but)
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon
take a look at the APK hosts file engine by SuperKendall
APK is kinda right. I've tried his hosts file generating software. It works by bmo
I like your host file system by Karmashock
I find your hosts file admirable by vel-ex-tech
* My code's liked + recommended & hosted by Malwarebytes' hpHosts!
APK
P.S.=> See subject LIBELOUS UNIDENTIFIABLE "ne'er-do-well" - EAT YOUR WORDS: You WISH you were me ... apk
"where he delivered the message the Government expected them to do more to shut dodgy sites and scams,"
(A month goes by)
"I didn't mean shut off access to government sites! >:-( "
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
It's Australia - google "Australia" and "metadata" and you'll see that privacy of citizens is not something that the current Government cares about. One department even decided to "doxx" a critic in the newspapers with confidential information that could have resulted in a jail term for a leaker if it had been released by anyone that doesn't own a police force.
I'm not suggesting you have a bad point, merely that priorities are different and the best sort of outcome is unlikely.
Isn't it funny when the "right" of politics decides to go all nanny state. They want to violate privacy for "our own good" despite calling themselves "conservative".
It sounds like a terrible idea. In work environments, there's a legitimate reason to limit people's access to the internet, i.e. customer data can be at risk (or in the case of where I work, patient data.) But in a home setting, it's just straight up annoying to have your ISP start blocking shit that you may not want to be blocked.
My ISP blocks incoming email and web ports because it's presumed that everyday customers running any servers on those ports are participating in a spam botnet. So that means I can't host my own small webserver for example.
And if we did what you suggest, it would be a whole lot worse. For example, most security vendors consider bitcoin software to be risky and will block it. Hell, some even consider really benign software like tftpd32 to be too risky to allow end users to run (I just got an email a few days ago from our infosec guy asking why I was running it on my PC, and I had to explain to him that I use it to upload IOS images to our switches.)
But if I need to use this stuff at home, and my ISP blocks it, what then? I have to buy a business class account?
> And if we did what you suggest, it would be a whole lot worse.
I'm not sure what you think I'm suggesting. What I said is in some ways the opposite of what you seem to think I said.
I said the ISP is in a position in monitor the network as a whole and respond to emerging threats, such as botnets currently active on the network or scanning the network. I said the ISP can reasonably have people in the SOC actually responding in real-time as exploits are released and threats become real. That's pretty much the opposite of "block port 80 for everybody". In fact, port-based blocking is what you get with consumer routers, with each customer doing there own. That's quite 1990s. Modern security is more about analyzing trends in flows.
To address your example, sure some vendors will point out a open tftp as a potential exposure- open tftp is also how the bad guys can get the config off those switches and routers. Which is why you "just got an email a few days ago from our infosec guys." There was something that looked like it might be a risk, so he checked it out. Good job InfoSec guy. Findings can generally be categorized into four groups:
1) Appears normal / safe
2) Potential vulnerability (open telnet, tftp)
3) Probably an attack (nigerian prince w/ Word document)
4) Known attack
The other axis is the damage scale, but let's stick with this axis for now. It would be reasonable, I think, to notify you of vulnerabilities (hey, you have telnet open), block known attacks (somebody trying hundreds of passwords against the telnet) and apply some more sophisticated analysis to group 3, probable attacks. Are they coming from known-bad IP addresses? What's the scale? What level of damage is likely?
Because some of us humans live there and this could affect us. Or had that thought not occurred?
One of the reasons it works well in the enterprise is that it's easy to get something whitelisted - I get an email that says , "I need this, but it's blocked" and I unblock it (after checks). Is an ISP going to be as responsive? Would Aussies be able to download SysInternals, or find that PSexec is blacklisted?