Yes! ISPs should cut off infected users. Or perhaps no...

Scissors (Ivy Dawned @ Flickr)

Well. My post on Tuesday certainly generated some discussion. (The one about ISPs disconnecting users whose PCs are infected with bot malware, if you recall.) Let's take a look at the debate, in The Long View... My basic premise was that botnets are a major threat to the safety and stability of the internet and that ISPs are in a superb position to detect signs of infection and persuade users to fix the problem. I've been saying this for years, as have others, but it seems like few ISPs took the idea seriously. Recent news from Comcast and Microsoft hint at a growing impetus to get ISPs to take this issue seriously, however. So what do people think? Some people were confused by the shorthand "cut off" in the title. They took it too literally, not noticing that I was in fact suggesting a walled garden approach. Anyway, this anonymous commentator offered a good idea how to automatically manage a walled garden:

Unless a special token is provided, redirect every HTTP request to the ISP's special portal, where the user is informed of the issue, and given a timed token (like 1 hour), so that subsequent access to the web will be unhindered. ... To really encourage the user to act on the problem ... the timed token expires earlier and earlier.

 And MysteriousPreacher suggested a progressive approach:

Start of by gently blocking certain ports and services, but ending by showing nothing but a help page hosted by the ISP. ... With fair warnings a system like this could work, not least of all by letting users know that their personal data is at risk if they don't fix their machine.

In case anyone needed motivation to do something about the problem, Myopic had this anecdote:

I logged into [the] apartment wireless, and it was really slow. ... It sure looked like some connected computer was ... spewing out spam. ... In walks the clueless roommate. We ask him if his Windows computer has been acting funny. ... Yes, he said, indeed it has. We told him he ... needed to fix it. His response ... was that no he didn't care ... and he would just keep using it.

Concerns were raised about ISPs abusing the power to disconnect users. For example, watermark worried this was a slippery slope:

Be careful what powers you give to anyone with power already, they're hard to take away once they're given, especially in the monopoly like environment. ... It's easy to see how this could lead to cutting your service for other reasons that are "bad" for their network.

To which, this anonymous commentator suggested a financial disincentive:

Let them suspend service, but force them to waive fees while the service is suspended. That prevents the customer from getting charged for unavailable services, and give the ISP an incentive to only cut off customers for good reason.

Speaking of financial incentives, here's an anonymous flip-side suggestion:

Anyone with a bot-infected PC ... should have a fee added to their monthly bill. This will get the attention of users. ... Perhaps these users will finally take an interest in preventive measures?

Of course, in any discussion involving malware, the Windows-hating, tinfoil-hat-wearing fanbois always come out of the woodwork, with their impractical suggestions:

The solution is not censoring the internet. It is for PC users to ditch Windows [for] a safe, modern operating system like Ubuntu.

So what do you think? Comment below...

Richi Jennings, blogger at large
  Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: TLV@richij.com.

You can also read Richi's full profile and disclosure of his industry affiliations.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies