The ISP Security Compromise: Allow, But Alert

from the interesting-solutions dept

Over the years, we've had many discussions about what role ISPs should play in the computer security of their customers. On the one side, if ISPs are too stringent (blocking things at the network level, for instance), users get upset that their ISPs are disallowing things that should be allowed. Many users just want bandwidth, and get worried when their ISPs take a more active role. On the other side of things, ISPs who are too free with security issues risk allowing themselves to become a huge target for spammers and others. So far, ISPs have pretty much taken an all or nothing approach. If they notice that someone is causing problems, they tend to cut them off completely, leading to an expensive service call. However, there was one presenter at DEMO that had an interesting idea to deal with this. It was a proxy system that would take data from client side security apps and then alert a user through their browser. So, for example, if the ISP noticed the user was acting as a spam-spewing zombie or had some spyware, the next time the user opened his or her browser, the ISP could present a message explaining the problem and how to solve it. It's much more efficient than simply cutting the person off. Of course, if such solutions became popular, it seems like only a matter of time before phisher moved on to spoofing the browser-based error messages.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Dr Creek, 9 Feb 2006 @ 2:54am

    Plus.net

    My ISP already does this with certain viri and spyware. i was browsing and it came up with a page that wouldn't let me browse the web but it would let me visit there home page and various anti-virus sites and microsoft.com

    link to this | view in thread ]

  2. identicon
    giafly, 9 Feb 2006 @ 4:07am

    Message from ISP explaining the problem

    Nice idea, but unfortunately malware has been using fake error messages to trick users for years.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 9 Feb 2006 @ 5:33am

    No Subject Given

    The simple solution is to always tell the customer to contact the ISP support line on the pop up screen. Easy enough for tier one support to then walk them to real cleansing sites. Will not stop all of course, but reminders that "ISP ABC" does not send you to links added to billing statements would also help some. Just my opinion.

    link to this | view in thread ]

  4. identicon
    STJ, 9 Feb 2006 @ 8:14am

    No Subject Given

    The problem with giving them a heads up is that they then can adjust their tatics to avoid detection.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 9 Feb 2006 @ 8:54am

    Re: why not chat

    how about a live chat popup. would decrease call volume for the ISP and give the customer a better experience. And is a it more proactive

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 9 Feb 2006 @ 10:37am

    Monitor and allow limited email from infected user

    Perhaps one the ISP can control SMAP infections is have a weekly limit of email from each user. Then if this is exceeded - advise the user.t this number is exceeded then tell the user so the user can clear up the situation.

    Another step would be to only allow the user a web based Email while infected - with a limit of the
    number of outgoing emails. This would limit the outgoing SPAM while letting the user still communicate - the web based eamil might be text only.

    Comments?

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 9 Feb 2006 @ 11:53am

    Cisco kind of already does this:

    Cisco kind of has technology like this. It is called Cisco Clean Access.
    Link: http://www.cisco.com/en/US/products/ps6128/
    We have it implemented at the University of California, Irvine. While it doesn't tell them what virus they have, it enforces network rules such as mandatory windows updates, they must have an anti virus. Not sure I would want an ISP doing this to me, but i'm sure it could be modified

    link to this | view in thread ]

  8. identicon
    Fishbane, 9 Feb 2006 @ 2:07pm

    No Subject Given

    I don't want my ISP paying attention to my traffic. I want it to transmit my bits.

    If this becomes popular (as in, my ISP starts doing it), that will just lead me to start encrypting/tunnelling more of my traffic (as in, all web traffic; my mail and shell traffic already is).

    I pay for a road, not a traffic cop.

    link to this | view in thread ]

  9. identicon
    Raul Vaughn, 11 Feb 2006 @ 9:50pm

    Security Messaging Clarification

    Mike,
    Nice write up. A couple of clarifications for your readers.
    1. Front Porch uses a non-proxy method to deliver security notifications based on output from IDS/IPS. Proxy's have lots of problems delivering content. We know, we used a proxy approach for a number of years.
    2. Security Messages are branded by service provider, enterprise, university and are served from a secure server. Phishers are not likely to duplicate this approach.

    Best
    Raul

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.