On Sep 12 2004, Bill Cole wrote:
It should not take many cases of an ISP being unacceptable to people
with jobs at Company X before they are effectively unacceptable to
people with jobs. That's a bad business position for the ISP.
Perhaps. We can only wait and see whether it pans out.
Interesting idea. You want to set up an automated forced update system
for customers.
Minor correction: I *want* those people with a proven record of
infection to be cut off from the net completely and not allowed back
on by any provider allowing anything more dangerous than WebTV.
However, I am *aware of* providers choosing to continue their pattern
of taking the risk of retaining dangerously negligent customers by
devising cheap ways to provide support in isolating and fixing their
systems. This is suboptimal, but it is better than the excuse I've
With the past examples of massive virus infections (going back to code
red etc), I'm just not convinced that the class of people with a
proven record of infections is implicilty small/manageable, and it does
certainly cover both residential and corporate users.
Your idea of an automatic jail upon spamming detection is good, but
the potential scale of inconvenience to users (whether corporate or
otherwise) means this is a policy decision to be taken high up, I
believe. Or rather, it's a decision which might be vetoed for other business
reasons :-(
Presumably, the ISP will pay a yearly fee to the
anti-virus companies to be able to distribute their cleaning software
free of charge to the customers.
Knoppix is free :)
Debian testing is, too ;-)
On a more serious note, that presumption speaks to the past, not the
future. SBC is already giving out McAfee virus software and I would
be surprised if they are not paying for it or if their competitors
are not doing the same. Besides that, there are free options for
cleaning an infected system.
If ISPs and IT departments widely implement an automatic
spam->jail->clean system, their main concern will be how long it takes
from detection to cleaning, ie user downtime. (same is true now, but
a spamming system is still useable, mostly, whereas a jailed isn't)
Since viruses and malware evolve precisely to evade anti-virus
services, I think this downtime will relatively often include waiting
for an expert analysis + cleaning fix, ie the particular version of
the installed anti-virus software won't handle the discovered virus
out of the box, but first need an update from the vendor.
Perhaps you think that's too pessimistic? We've had enough examples of
viruses being changed by a couple of characters in their code to evade
detection, and spyware installing hidden portions of code whose sole
purpose is to detect when the main executable is deleted by an
anti-virus, and to recreate this executable afterwards with a slightly
different signature.
But large consumer ISPs exist because it makes financial sense to offer
cheap access to hordes of people.
That's a statement of blind faith in the perfect efficiency of the
market which is not supported by facts or reason. The ISP industry is
not now and never has been mature, stable, or anywhere close to any
sort of equilibrium point.
Ok, let's not get into investor motivations etc. You have a point, but
I just wanted to emphasise that consumer ISPs are here to stay,
whatever the reason or mechanics of it. And due to their size, they
are major players, whether we like it or not. And therefore, they
are potential spam attack vectors.
You misunderstood me. I'm, not talking about ISP's changing what they
offer their customers, but about non-ISP's shunning all or nearly all
traffic from the vast wasteland of consumer broadband. It is
perfectly feasible and is being done now. In the long run as that is
done more, it does damage to the value a shunned ISP can offer
customers. The market will approach equilibrium over time, and it may
do so by the rest of the net removing value from cheaply-offered
access.
Yes, that's possible, but as you pointed out, certain monopolists
can also afford to ignore this projected tide against them if their
ISP related products/business isn't the cash cow.
Secondly, the approached equilibrium itself could be problematic.
What if this equilibrium implies 80% spam in people's inboxes, in
other words spam forever? Wouldn't that be a failure of the
shunning/bullying approach to spam? Conversely, if the equilibrium
settled on 10% spam in people's inboxes say, it would be a relative
success. We just don't know.
--
Laird Breyer.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg