By Richi Jennings. October 5, 2010.
There's no doubt that botnets are a major threat to the safety and stability of the internet -- not to mention the cleanliness of your inbox. After years of failure to act, could we finally be seeing ISPs waking up to their responsibilities? Let's take The Long View...
Botnets are a major source of spam, denial-of-service attacks, and other net nasties. For several years, I and others have advocated a more aggressive approach to fighting botnets.
While ISPs can't prevent users getting infected with bots, they are in a superb position to detect the signs of infection. Once an ISP has detected that a user is infected, they can ensure that the problem gets fixed -- remediated, as we jargonistas love to say.
The idea is that ISPs could detect signs -- say, by intercepting outbound spam, or botnet command-and-control traffic -- and cut the infected customer off from the internet. The user would be placed in a walled garden, where a web browser would only be able to see certain pages, which give instructions on how to fix the problem.
Contractually, the ISP would be reasonably justified in cutting off a user from the internet, as bot infection would be contrary to the terms of the ISP's acceptable-use policy.
However, the main counter-argument is that consumer ISPs operate on razor-thin margins, so the idea of doing extra work is unwelcome, to put it mildly. For some time, I've argued that governments should give incentives to ISPs, persuading them to detect bot infections and help customers clean house.Over the years, we've seen a number of industry efforts to persuade ISPs to do this, but with limited effect. Here are just a few that spring to mind:
Is this an idea who's time has come? Or will most ISPs continue to jam their fingers in their ears and sing, "La-la-la-la, I can't hear you!" at the tops of the voices?
What do you think? Leave a comment below...
|Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: TLV@richij.com.|