Home / Blogs

Government and Botnets

  • Oct 06, 2011 5:51 PM PDT
  • Comments: 2
  • Views: 2,633
Print Comment
By Laura Atkins
Laura Atkins

The US government is looking at telling ISPs how to deal with compromised customers and botnets.

They're a bit late to the party, though. Most of the major commercial ISPs have been implementing significant botnet controls for many years now. Control involves a number of different techniques, but notification has been designed into the system from day 1.

"There is no need for mandated action in this area since the market is already moving forward. Many ISPs are already doing a great deal to combat the menace of bots and malware. All over the U.S., ISPs currently have notification systems in place to tell their users they are infected and — whether they deliver these warnings via email, phone, walled gardens, or inline warnings — the warnings are being delivered," says Michael O'Reirdan, chairman of the MAAWG. "Other ISPs currently have pilot programs or technology development efforts in place, and there will be more deployments in the near future."

O'Reirdan says ISPs handled the spam battle on their own, and can also do so for battling bots. It has become a business issue for them, he says. "No one had to mandate anti-spam platforms: ISPs put them in place to deal with the menace of spam because, if they had not, they would have lost customers if customers' mailboxes were overrun with spam. The same is happening with anti-bot platforms. It is becoming a 'table stakes' issue for ISPs, and legislating in this arena will merely lock the response of ISPs in stone to conform with the legislation rather than allow innovation and development to meet the rapidly varying nature of the bot challenge posed by the bad guys," he says.Kelly Jackson Higgins

The ISPs have taken a leadership position in the area of protecting consumers from botnets. This has been a major discussion point at MAAWG for years. Many ISPs have worked closely with vendors to create detection and notification systems to mitigate and clean botnet infections.

By Laura Atkins, Founding partner of anti-spam consultancy & software firm Word to the Wise. Visit the blog maintained by Laura Atkins here.

Related topics: Access Providers, Cyberattack, Cybercrime, Internet Governance, Malware, Policy & Regulation, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:
Print Comment

Comments

It is a remarkably well written document I'd say Suresh Ramasubramanian  –  Oct 06, 2011 11:03 PM PDT

What it suggests are best practice - and how many ISPs outside the big ones that attend MAAWG do you think implement the sort of mitigation that you mention?  How many MAAWG members for that matter, other than say comcast and one or two others?

# 1 Reply  |  Link  |  Report Problems
If not this, what then? Wout de Natris  –  Oct 07, 2011 4:37 AM PDT

If this is not the way forward for the US government, what can be steps for governments to proceed? From my point of view disinfecting end users is, albeit very necessary, curing effects and not the cause. They could be infected again on the same day.

The taking down of botnets however are still exceptions and wide apart. So what are the challenges for governments, including law enforcement, and industry to step up these efforts? What are the alternatives? I would also like to hear that, instead of just saying: "we don't need this". Self regulation of the Internet may become something governments do not accept as sufficient any time soon. If they haven't already. Industry faces the choice of coming up with plausible alternatives or face regulation. And perhaps regulation that it does not want, need or may even be harmful to the way the Internet runs.

Industry does have options left. E.g. Learning to share data and cooperation, yes, also with law enforcement, could be a way forward. And yes, again I come back to my hobby horse, transparent and analyzed data. This will aid all parties to act differently.

The U.S. government is seriously thinking about how to act in a complicated, but threatening, situation. This could also be seen as something positive. If industry reached out, pro-actively, just maybe it could enter into dialogue and discuss solutions that actually all can benefit from and keep regulation at bay, or come up with regulation it can agree to. Simply because it's beneficial.

Sorry if this sounds far out, but governments will move and it's your choice, now, how to deal with that.

Happy to discuss further.

# 2 Reply  |  Link  |  Report Problems

To post comments, please login or create an account.

Related Blogs

Hello World

  • May 25, 2012
  • Comments: 1

The Antivirus Uncertainty Principle

  • May 24, 2012
  • Comments: 0

Comcast Xfinity App Argument: Risking Divestiture of Cable or Broadband

  • May 21, 2012
  • Comments: 0

Rethinking Protection Technologies: A Change Has Occurred

  • May 16, 2012
  • Comments: 0

2011 UDRP Filings Up at WIPO, Down at NAF - And Still Infinitesimal

  • May 16, 2012
  • Comments: 1
View More

Related News

Google Notifying Half a Million Users Affected By DNSChanger

  • May 23, 2012
  • Comments: 0

Eugene Kaspersky: World Needs International Agreements On Cyber-Weapons

  • May 23, 2012
  • Comments: 1

Vint Cerf: Internet Freedom Under Threat from Governments Around the World

  • May 21, 2012
  • Comments: 0

Geneva Discussion to Include India's Proposal for Government Control of Internet

  • May 17, 2012
  • Comments: 0

DNSChanger Disruption Inevitable, ISPs Urged to Bolster User Support

  • May 17, 2012
  • Comments: 0
View More

Topics

Access ProvidersLaw
BroadbandMalware
CensorshipMobile
Cloud ComputingMultilinguism
CyberattackNet Neutrality
CybercrimeP2P
CybersquattingPolicy & Regulation
Data CenterPrivacy
DNSRegional Registries
DNS SecurityRegistry Services
Domain NamesSecurity
EmailSpam
EnumTelecom
ICANNTop-Level Domains
Internet GovernanceVoIP
Internet ProtocolWeb
IP AddressingWhite Space
IPTVWhois
IPv6Wireless
View More

Industry Updates – Sponsored Posts

Nominum Launches 1st Comprehensive Mobile Security Solution That Protects Both Network and End User

Neustar Names Becky Burr as its Chief Privacy Officer

Frontline and Nominum Deliver Integrated DNS-Based Platform to Enhance Enterprise Security

Nominum Launches Comprehensive Suite of DNS-Based Security Solutions for Russian Service Providers

Nominum Sets New Record for Network Speed and Efficiency

Implementing a Cyber-Security Code of Conduct: Real-Life Lessons From Australia (Webinar)

DDoS Attacks: Top 10 Trends and Truths (Video)

Internet Governance Update: Battle Royale Is Here

DotConnectAfrica Participates at ICANN 43 In Costa Rica, the "Rich Coast"

DDoS Attacks: Top Trends and Truths (Webinar)

Sedari Seeking Certainty in the ICANN TLD Process

"Governments have a role in gTLDs but…" Warns Sophia Bekele

Internet Grows to More Than 225 Million Domain Names in the Fourth Quarter of 2011

Australian ISP iiNet selects ARI Registry Services to Help It Apply for and Operate .iinet TLD

Neustar UltraDNS Basic Launches Add-On Services for Website Monitoring and DNS Server Failover

Neustar And Arbor Networks Cloud Signaling Coalition to Stop Evolving DDoS Threat to Data Centers

Nominum Launches World's First Purpose-Built Suite of DNSā€Based Solutions for Mobile Operators

MarkMonitor Fraud Intelligence Report, Q4 2011

MarkMonitor to Exhibit at Internet Tech Policy Exhibition and Reception to be Held on Capitol Hill

Verisign to Award New Infrastructure Research Grants

View More

Hot Topics

Afilias

DNS Security

Sponsored by
Afilias
Neustar UltraDNS

DNS

Sponsored by
Neustar UltraDNS
Nominum

IPv6

Sponsored by
Nominum
Verisign

Security

Sponsored by
Verisign
dotMobi

Mobile

Sponsored by
dotMobi
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
View More