The ISP Security Compromise: Allow, But Alert
from the interesting-solutions dept
Over the years, we've had many discussions about what role ISPs should play in the computer security of their customers. On the one side, if ISPs are too stringent (blocking things at the network level, for instance), users get upset that their ISPs are disallowing things that should be allowed. Many users just want bandwidth, and get worried when their ISPs take a more active role. On the other side of things, ISPs who are too free with security issues risk allowing themselves to become a huge target for spammers and others. So far, ISPs have pretty much taken an all or nothing approach. If they notice that someone is causing problems, they tend to cut them off completely, leading to an expensive service call. However, there was one presenter at DEMO that had an interesting idea to deal with this. It was a proxy system that would take data from client side security apps and then alert a user through their browser. So, for example, if the ISP noticed the user was acting as a spam-spewing zombie or had some spyware, the next time the user opened his or her browser, the ISP could present a message explaining the problem and how to solve it. It's much more efficient than simply cutting the person off. Of course, if such solutions became popular, it seems like only a matter of time before phisher moved on to spoofing the browser-based error messages.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Plus.net
[ link to this | view in chronology ]
Message from ISP explaining the problem
[ link to this | view in chronology ]
No Subject Given
[ link to this | view in chronology ]
Re: why not chat
[ link to this | view in chronology ]
No Subject Given
[ link to this | view in chronology ]
Monitor and allow limited email from infected user
Another step would be to only allow the user a web based Email while infected - with a limit of the
number of outgoing emails. This would limit the outgoing SPAM while letting the user still communicate - the web based eamil might be text only.
Comments?
[ link to this | view in chronology ]
Cisco kind of already does this:
Link: http://www.cisco.com/en/US/products/ps6128/
We have it implemented at the University of California, Irvine. While it doesn't tell them what virus they have, it enforces network rules such as mandatory windows updates, they must have an anti virus. Not sure I would want an ISP doing this to me, but i'm sure it could be modified
[ link to this | view in chronology ]
No Subject Given
If this becomes popular (as in, my ISP starts doing it), that will just lead me to start encrypting/tunnelling more of my traffic (as in, all web traffic; my mail and shell traffic already is).
I pay for a road, not a traffic cop.
[ link to this | view in chronology ]
Re: No Subject Given
[ link to this | view in chronology ]
Security Messaging Clarification
Nice write up. A couple of clarifications for your readers.
1. Front Porch uses a non-proxy method to deliver security notifications based on output from IDS/IPS. Proxy's have lots of problems delivering content. We know, we used a proxy approach for a number of years.
2. Security Messages are branded by service provider, enterprise, university and are served from a secure server. Phishers are not likely to duplicate this approach.
Best
Raul
[ link to this | view in chronology ]