Australia Wants ISPs To Protect Customers From Viruses

An anonymous reader quotes Sopho's Naked Security blog: In a column in The West Australian, Dan Tehan, Australia's cybersecurity minister, wrote: "Just as we trust banks to hold our money, just as we trust doctors with our health, in a digital age we need to be able to trust telecommunications companies to protect our information from threats." A companion news article in the same newspaper cited Tehan as arguing that "the onus is on telecommunications companies to develop products to stop their customers being infected with viruses"...

Tehan's government roles include assisting the prime minister on cybersecurity, so folks throughout Australia perked up when he said all this. However, it's not clear if there's an actual plan behind Tehan's observations -- or if there is, whether it will be backed by legal mandates... Back home in Australia, some early reactions to the possibility of any new government interference weren't kind. In iTWire, Sam Varghese said, "Dan Tehan has just provided the country with adequate reasons as to why he should not be allowed anywhere near any post that has anything to do with online security."
The West Australian also reports Australia's prime minister met telecommunications companies this week, "where he delivered the message the Government expected them to do more to shut dodgy sites and scams," saying the government will review current legislation to "remove any roadblocks that may be preventing the private sector and government from delivering such services."

Ha!

[jawtheshark]

Ha! Good luck with that!

Re: Ha!

[dougdonovan]

it sounds like ausi needs a better class of customer...how hard is it really...to keep windows and av updated.

Double Ha

[thundercattt]

Actually a friend of mine got their internet shut off this week because of an apparent infection. According to their ISP, they have a botnet active. They inquired what's a botnet and how to get rid of it. ISP said it was their problem to fix. My friend then replied they have unlimited data so who cares. After that call, I got a call to fix. Thanx ISP!

Re:Double Ha

[HornWumpus]

What do you want them to do?

Even paving it over isn't guaranteed to work, shit infects your bios and comes back. Free tech support with a consumer ISP contract?

This is exactly what an ISP should do. They can't protect you from yourself, but they can protect the larger net from zombies. Of course the bot herders will just adapt, might stop some kiddies.

Re:Double Ha

[rtb61]

You simply bad all simply modem style network devices and replace with full fire wall routers. With the ability to monitor out of normal design bounds traffic and block it off and report it back to the ISP and in turn the end user. The question is whether or not network policing activities should occur. If the individual is attacked for any other crime, the police respond and assist them, the question is then whether that same response is required for a network attack. Right now it is just free for all and stuffed in the too hard basket but should government be required to provide network security services who will assist the public when they are targeted by criminal activity. Starting off the number of responses would be huge but over time it would shrink.

In a world...

[freeze128]

In a world where ISPs filter viruses for you, every user EXPECTS the ISP to do the protecting, and takes no precautions themselves. This leads to lazy netizens who cry foul at ever little thing. Instead, I say protect yourself. Run a firewall. Don't open ports unless you KNOW WHAT THE HELL YOU'RE DOING!

Re:In a world...

[blackest_k]

Hows an isp going to detect a virus without inspecting the content of your incoming data?
Should we want an isp to snoop on everything we do online?

Virus protection now thats just an excuse.

Re:In a world...

[HornWumpus]

Installers helpfully open ports for you and even setup port forwarding (insert alphabet soup acronym).

Apparently, on consumer routers, no credentials are required, it is logged. Completely idiot proof...

Re:In a world...

[CaptainDork]

Yeah, and let's study how cars work and fix them ourselves. Include TV, smart watches and phones, washers and dryers.

How stupid of consumers to expect the goddam vendor to do shit.

Re:In a world...

[MrL0G1C]

And if ISPs all started doing this then viruses would simply use bog-standard encryption.

Re:In a world...

[thegarbz]

Hows an isp going to detect a virus without inspecting the content of your incoming data?

You can analyse the data stream without ever analysing data. Unusual traffic does not mean they are reading the details of every bit. Sure virus writers can hide and obfuscate that traffic, but right now they have no reason to, so they don't. It's a rare botnet that ends up doing something like hiding a command and control server in Tor, and even then they don't encrypt or hide the final payload. They just pretend to be the worlds fastest finger hitting F5 repeatedly on a site in a way no medical condition can describe.

Another analogy

[Artem+S.+Tashkinov]

It's akin to asking doctors to protect you from STDs. Technically they can. Practically you wouldn't want that. A doctor in your bedroom. Overseeing every intercourse you have.

Re:Another analogy

[sunderland56]

It's akin to asking the telephone company to protect you from scams. Nice in theory, but impossible to do in practice.

Re:Another analogy

[thegarbz]

Practically you wouldn't want that. A doctor in your bedroom. Overseeing every intercourse you have.

That would depend if the doctor in question is: 1) female (for me), 2) good looking (IMO), and 3) involved in the activity.

Re:Another analogy

[AmiMoJo]

It's more like vaccination.

ISPs usually block port 25, because it gets abused too much. You can't run a web server from it what, residential/dynamic IP ranges are mostly blocked by other servers.

Doesn't seem unreasonable to block things like IoT malware if it can be done without disrupting other stuff. People with a clue won't be affected because they use VPNs anyway.

Re:Another analogy

[Gravis+Zero]

Practically you wouldn't want that. A doctor in your bedroom. Overseeing every intercourse you have.

Are you kidding? This is the internet, some people would pay for such a service. ;)

Re:Another analogy

[sabbede]

Maybe I like an audience.

'Trust', indeed

I don't 'trust' my bank to hold my money. I audit my accounts with them every month to be sure they don't make a 'mistake'.
I don't 'trust' doctors; I do my own research, especially when they tell me something that I don't think is in my best interests, or that just plain doesn't make sense.
I don't 'trust' my government, I question what it's doing all the time, and will speak up if I see something unjust, or just plain dumb, being dumb -- because *I* am not dumb.
I sure as hell don't trust my ISP, or any ISP for that matter, to 'keep me and my computer safe'. ISPs invade our privacy constantly in the name of higher profits for themselves, and because the government wants to collect data on it's citizenry and generally snoop into people's lives.
It is not, and should not, be the business of ISPs to do this thing. Their role should be to provide connectivity to the Internet for it's customers, and that is ALL they should be in business to do, not to 'censor' anything, 'filter' anything, or anything like that. Just give us a reliable connection and leave it at that!

Re:'Trust', indeed

[thegarbz]

Do you trust the company that produces aluminium foil?

I'm especially interested in this not trusting a doctor when their advice isn't in your best interest. If it isn't in your interest why did you go to the doctor in the first place? Who else's interest do they have in mind? Don't worry though, David Wolfe has your best interests at heart. He genuinely cares about you, and he needs to as well if you're behind on your vaccinations.

that would be the end of broadbad speed

[FudRucker]

if every file had to be scanned for viruses prior to being downloaded/uploaded, that sort of system would make a 56k dialup look fast

Deep packet inspection is good for you!

Nobody wants (tech) savvy citizens: They might question the course of events.

why dont Australia demand Apple & Microsoft

[FudRucker]

to build better and more secure operating systems? thats where the problem really is, if the operating systems and their applications used to access the internet were secure then the problem would be solved, asking the ISPs to do this would slow the internet speeds down to a really slow crawl

Re:why dont Australia demand Apple & Microsoft

[FudRucker]

i am waiting for it to be the year of the linux desktop, then i will fearmonger using linux

Australia? Hardly...

[BozoForPresident]

Whether this is supposed to refer to the landmass (unlikely) or the political entity, one particular subset of the idiot-fucks that presume it's their business to force their opinions and values onto millions of other people does not constitute 'Australia'. And why would anyone care about what these notoriously technologically inept parasites opine about this subject?

In transport vs on the computer!?

[Midnight+Thunder]

Some ISPs already provide anti-viruses to the customer for an extra fee, like mine does. The only catch it is only windows compatible. I got the feature removed since they were charging me for something I couldn't use.

As for detecting viruses in an encrypted transport layer, at the ISP, then good luck with that.

And once again...

[Chris+Mattern]

...Australia's government shows that they don't really get this whole "technology" thing...

Re:And once again...

[quenda]

...Australia's government shows that they don't really get this whole "technology" thing...

Once again, a Slashdot user shows they cannot read past the inaccurate summary.
While Dan Tehan is a pol-sci major, our current prime minister made his millions in the ISP business and sold out just before the dot-com bubble burst.
This is not about web or email filtering.

Re:And once again...

[thegarbz]

The irony of this is the current prime minister used to be the CEO of one of the largest ISPs in the country. Irony so thick you can cut it.

Re:And once again...

[mjwx]

...Australia's government shows that they don't really get this whole "technology" thing...

Australia's current government is what happens when you elect a Conservative based on a fear campaign of the other guy. This is the kind of bollocks the US now has to look forward to.

Any government not utilizing scare tactics?

[TheOuterLinux]

Not only is this an impossible guarantee or a means to charge customers more money for (Godfather voice) "protection," but it just provides a red herring to monitor more than just metadata.

The Gov can do more than ISP to combat malware.

[dweller_below]

It is odd that the Australian government is calling on ISPs to take action against computer malware, when most of the effective actions are in the government's hands. Computer malware is a complex issue. There is no single fix. Instead, we need to systematically value and build up security. Probably, the most important changes that we could implement with our ISPs is to require them to properly handle abuse reports.

• * ISPs need to properly assess, then quickly forward valid abuse reports to the owners of internet connected equipment.
• * Then ISP's need to disconnect misbehaving internet equipment if an abuse report doesn't result in timely mitigation.

This is probably the single biggest change that an ISP could make to help people increase their commitment to effective security.

On the other hand, there is an enormous amount of effective action that could be taken by the Australian government. It includes:

• * NEVER HORDE SECURITY VULNERABILITIES! Enable the timely, accurate disclosure of security vulnerabilities and issues. Even by government intelligence agencies.
• * Protect whistle-blowers and security researchers from reprisal and harassment.
• * Work to crash the global market in vulnerabilities and exploit, by countering it with free, quick, and accurate disclosure.
• * Create an independent, well-funded organization similar to the CDC that creates and publicizes accurate tracking of ALL malware activity. Including government malware. We will never get anywhere until we have meaningful epidemiology with details on effective counters.
• * Change government purchasing standards to favor resistance to malware over convenience and features.

Big differnce

[fullback]

My first internet connection started in Japan in 1994. 100 Mbs fiber since 2000 and never had a virus, never had a data cap, never paid more than about US$ 60/month (now US$ 35/mo.), never had a browser hijack, never had malware, never had to reset a modem, never had less than 3 companies to choose from and only had service go out once and that was because of a massive earthquake 6 years ago.

Came back to the US and I'm loaded up with hijacks and malware every time I turn on my PC. Have to reset the modem every week or so, service is spotty. Slow and expensive.

It doesn't have to be that way.

Re:Censorship

[AHuxley]

Every file, image, video clip gets a checksum to help find virus like activity and block it at the ISP level.
If a file shows up many months later in some investigation, most ISP accounts that downloaded the same file can be listed.
Time to get a good VPN.

Re:Is there anything other that power grab here ?

[troublemaker_23]

Dan Tehan is one of many Australian government ministers who has no clue about technology. http://bit.ly/2pMtFlG

I suggest people actually read the original piece

[rakslice]

Look, I'm all for sticking it to clueless politicians, and the original column doesn't commit to any policy of substance, but nevertheless I think the "companion news article" is interpreting it... very creatively.

The original column:
https://www.pressreader.com/au... (pressreader is paywalled but allows a certain number of free uses per time period)

I'm annoyed with the current climate of politicians just ignoring the facts and choosing to believe whatever they want, and I'm annoyed by the proliferation of clickbaity sponsored link sidebars in the genre of the fake-espn-fake-death-announcement stuff, but I'm also annoyed by how the news business doesn't seem to be able to hire writers who understand technology and can help the audience understand, rather than just making hay by subtly misleading people about it (often just due to not understanding it themselves).

Headline and summary are bullshit as usual

[quenda]

In a world where ISPs filter viruses for you,

NO! The article makes it clear: He said the plan did not amount to web filtering . and he claimed previous efforts to do so had been “ill-advised”.

While ISPs cannot filter your downloads, there is plenty that can and should be done at the network level, such as detecting outgoing spam and DOS attacks from infected users.

No news?

[manu0601]

it's not clear if there's an actual plan behind Tehan's observations

In other words, there is no news?

Huh? They already do!

[s.petry]

While surely not all, a good number of ISPs already provide anti-virus and anti-malware detection. If you use an ISP for email, chances are pretty high that the back end is running anti-spam rules which looks for attachments and strips where a "bad" MD5 sum is found. "bad" meaning it matches malware/virused attachments. They don't need to read the contents, just look for the checksum.

As a privacy advocate I'm not too uncomfortable with ISPs scanning like this, as anything I would be worried about would be through a channel other than email which they could not scan.

It certainly works well in the enterprise. Privacy

[raymorris]

Certainly there are privacy issues to be discussed, and there are many questions that can be asked about what exactly should be done and how it should be done. The concept does work quite well. Especially related to botnets.

This is standard procedure in the enterprise. Its 2017, not 1997, and we're far beyond "update your AV and pretend your safe". In enterprises that care at all about security, professionals, preferably security professionals in the SOC, but at least network professionals, use professional tools such as Cisco ASAs with Firepower to monitor incoming and outgoing traffic in a much more sophisticated and effective way than even a technical user would monitor their own workstation, much less some random clerk or manager. Where I work, the SOC is staffed 24/7 by career security professionals using $100,000+ toolsets. "Every user can update their AV", and "remind people not to open Office documents with macros" doesn't quite compete.

Certainly an ISP could monitor and null route or otherwise filter current verified malware sources and that sort of thing. They could easily prevent the spread of many botnet malware strains by not allowing the attacks to come out of their network, or through it.

So yeah it' much more than a "power grab". It's a solid idea that needs to be balanced against privacy concerns in how it is implemented.

Good luck gettin' your money back

[Impy+the+Impiuos+Imp]

"where he delivered the message the Government expected them to do more to shut dodgy sites and scams,"

(A month goes by)

"I didn't mean shut off access to government sites! >:-( "

Re:It certainly works well in the enterprise. Priv

[dbIII]

needs to be balanced against privacy concerns in how it is implemented.

It's Australia - google "Australia" and "metadata" and you'll see that privacy of citizens is not something that the current Government cares about. One department even decided to "doxx" a critic in the newspapers with confidential information that could have resulted in a jail term for a leaker if it had been released by anyone that doesn't own a police force.
I'm not suggesting you have a bad point, merely that priorities are different and the best sort of outcome is unlikely.
Isn't it funny when the "right" of politics decides to go all nanny state. They want to violate privacy for "our own good" despite calling themselves "conservative".

Re:It certainly works well in the enterprise. Priv

[ArmoredDragon]

It sounds like a terrible idea. In work environments, there's a legitimate reason to limit people's access to the internet, i.e. customer data can be at risk (or in the case of where I work, patient data.) But in a home setting, it's just straight up annoying to have your ISP start blocking shit that you may not want to be blocked.

My ISP blocks incoming email and web ports because it's presumed that everyday customers running any servers on those ports are participating in a spam botnet. So that means I can't host my own small webserver for example.

And if we did what you suggest, it would be a whole lot worse. For example, most security vendors consider bitcoin software to be risky and will block it. Hell, some even consider really benign software like tftpd32 to be too risky to allow end users to run (I just got an email a few days ago from our infosec guy asking why I was running it on my PC, and I had to explain to him that I use it to upload IOS images to our switches.)

But if I need to use this stuff at home, and my ISP blocks it, what then? I have to buy a business class account?

"Block everything" is stupidly simplistic

[raymorris]

> And if we did what you suggest, it would be a whole lot worse.

I'm not sure what you think I'm suggesting. What I said is in some ways the opposite of what you seem to think I said.

I said the ISP is in a position in monitor the network as a whole and respond to emerging threats, such as botnets currently active on the network or scanning the network. I said the ISP can reasonably have people in the SOC actually responding in real-time as exploits are released and threats become real. That's pretty much the opposite of "block port 80 for everybody". In fact, port-based blocking is what you get with consumer routers, with each customer doing there own. That's quite 1990s. Modern security is more about analyzing trends in flows.

To address your example, sure some vendors will point out a open tftp as a potential exposure- open tftp is also how the bad guys can get the config off those switches and routers. Which is why you "just got an email a few days ago from our infosec guys." There was something that looked like it might be a risk, so he checked it out. Good job InfoSec guy. Findings can generally be categorized into four groups:

1) Appears normal / safe
2) Potential vulnerability (open telnet, tftp)
3) Probably an attack (nigerian prince w/ Word document)
4) Known attack

The other axis is the damage scale, but let's stick with this axis for now. It would be reasonable, I think, to notify you of vulnerabilities (hey, you have telnet open), block known attacks (somebody trying hundreds of passwords against the telnet) and apply some more sophisticated analysis to group 3, probable attacks. Are they coming from known-bad IP addresses? What's the scale? What level of damage is likely?

Re:It certainly works well in the enterprise. Priv

[sabbede]

One of the reasons it works well in the enterprise is that it's easy to get something whitelisted - I get an email that says , "I need this, but it's blocked" and I unblock it (after checks). Is an ISP going to be as responsive? Would Aussies be able to download SysInternals, or find that PSexec is blacklisted?

Re:This has always been a good idea.

[sabbede]

What about false positives? Or tools like Metasploit?