CircleID

The Australian has a good article describing the efforts some of their ISPs are making in an attempt to clean up their act: the government is encouraging ISPs to detect computers on their network that are infected and part of botnets, and to communicate to the customer that their system is compromised.

Here's an excerpt:

COMPUTERS infected with viruses could be "expelled" from the internet under a new industry code to control Australia's plague of contaminated PCs.

The federal government has given the internet industry an operate-or-legislate ultimatum to identify "zombie" computers involved in cyber-crime.

The Internet Industry Association—whose members include major internet service providers Optus, Telstra, Vodafone, AAPT, Virgin and Hutchison 3G, as well as industry giants Facebook, Google and Microsoft—is preparing a voluntary industry code to come into force this year.

The move follows industry intelligence that Australia now hosts the world's third-highest number of "zombie" computers infected with malicious software that can attack other PCs, send spam, store child pornography or steal the user's identity.

A draft copy of the voluntary code says the ISPs should identify affected computers and try to contact the users, by phone or email.

It proposes ISPs apply an "abuse" plan to slow down the speed of the customer's infected computer, or to change the customer's password so they are forced to call the ISP help desk.

"(Another action could be to) provide the customer with a timeframe in which to take remedial access and, if this is not adhered to, terminate service."

The code states ISPs should cut off internet access only in the "most extreme of cases", when a customer had refused to install anti-virus software, or where the amount of spam being sent from the customer's account was clogging up the network.

I like the part above that I bolded. It basically says that ISPs take action to coerce the end user into fixing their system. Unless the customer feels a little bit of pain they will not change their ways. Having your password reset or slowing down a computer's speed (I assume it is the speed of their Internet connection, this is known as "throttling") will certainly get a customer's attention.

This line of thinking has been part of my own line of thinking recently as I have attempted to revamp our own outbound spam process (Note: I work for Microsoft Forefront Online, a hosted spam filtering solution where companies can receive inbound mail but also send outbound mail). As I have been collecting requirements, one of my selling points has been that unless a customer feels some pain, they won't address the root cause of their spam problem. We fork our spam out a different pool of IPs, and I find that there is an internal perception that this solves the problem of outbound spam for us. It doesn't; I want to go beyond the spam problem on our network and try to address the root cause—that the customer is part of an infected botnet, is running malware, and needs to clean it up. Unless they have an incentive to clean it up (such as us shutting off their outbound mail relay privileges) there is insufficient motivation to actually do it. Antispam folks like me care about stuff like that, but average Joes aren't into it so much.

Thus, the Australian code of conduct resonates with me. Home users are probably going to be annoyed at being cut off, and many likely won't know what to do in order to clean up their systems. Still, it's a good start and may cause some degradation of the user experience in particular, it should raise the user experience (of the rest of the world) in general.

By Terry Zink, Program Manager. Visit the blog maintained by Terry Zink here.

Related topics: Access Providers, Malware, Policy & Regulation, Security, Spam