Main Area and Open Discussion > Living Room

Trend Micro's Rik Ferguson says ISPs should quarantine infected computers

(1/1)

Edvard:
Umm... yeah. 'Cause, like, this will totally work...

ISPs on an on-going basis should take advantage of the threat intelligence feeds of the security industry to identify compromised systems connected to their networks. Those systems should be moved to quarantine, the account owners should be contacted and directed to resources which will enable them to clean up and rectify the situation. Until such time as the infection is remediated the computer should be able to access only limited Internet resources. Don’t care will be made to care.

--- End quote ---

http://countermeasures.trendmicro.eu/its-time-to-quarantine-infected-computers/




Emphasis mine.

from CodeProject News

app103:
the account owners should be contacted and directed to resources which will enable them to clean up and rectify the situation. Until such time as the infection is remediated the computer should be able to access only limited Internet resources.
--- End quote ---

I hope the resources they direct the account owner to, to clean up their machine, is included in that "limited internet resources". I also hope they are fully prepared to offer phone support to go along with it.

Knowing that their customers are not typically thought of as the brightest crayons in the box, AOL takes an entirely different approach. If they detect certain malware on a user's system, their software will automatically download their removal tool for it, log them out and make them run it, before allowing them to login again. And they DO offer phone support, if you are a paid subscriber.

They have been doing this for about 10 years. They don't detect all malware and it's not a substitute for antivirus software, but it does help for some situations where one may not even know they are infected. Also, in v9 of their software, it does a "security check" when you run it, before you even get the chance to login, and it will cry if it does not detect running firewall and antivirus software. (I know because I tested a special version of that software back in 2004, in a closed beta, running a firewall version that wasn't on their recognized list  :huh:)

Stoic Joker:
I hope the resources they direct the account owner to, to clean up their machine, is included in that "limited internet resources".-app103 (June 05, 2014, 06:06 PM)
--- End quote ---

Of course ... The users will be automatically redirected to whichever vendor is offering the highest kickback for the then hostage traffic being pumped through their gates.


I also hope they are fully prepared to offer phone support to go along with it.-app103 (June 05, 2014, 06:06 PM)
--- End quote ---

Can I put in a request to be a fly on the wall for the first time the switchboard explodes with the first wave of undoubtedly extremely hostile customers? Especially in the SMB space where you're likely to run into 500 users behind one IP that just got "quarantined" because one dipstick in accounting opened an attachment.

If our ISP at the office thinks I was unpleasant about being handed an entire block of blacklisted IP addressed for our mail server back when we first switched to them. I'm sure they'll be quite astonished at how much worse I can actually get if this bit of nonsense hit the fan. Especially if it got triggered by a customers machine that had been brought in for decontamination.

Yeah, I'm with Edward...this is an incredibly stupid idea. Even if it would be fun to watch them get lynched by their own support staff for putting them directly in the line of fire.


Here's a thought, how about they use all those snazzy resources to screen out the hosting server source of the hostile code? ...Oh wait, OpenDNS already does that. And they crowd source much of the blocked hostile content from the same people that this asshat thinks don't care.

wraith808:
I hope they clean up their own software that judges 'infection' to stop ever having false positives.  Because... you know.

My response (moderated?  Or just not shown)

And so the measures of infection will be fixed to make sure there aren't ever any false positives?  Isn't that a pre-requisite to doing any such thing?  And what about downtime?  You're comparison to the auto industry is disengenous at best.  This would be more akin to making your car without warning not able to be driven because someone else that you in no way authorized toyed with your catalytic converter.

And... of course this would have no impact at all on AV subscription rates.

This seems... ill thought out at best.

--- End quote ---

Navigation

[0] Message Index