Do We Really Want Our ISPs To Protect Us All The Time?
from the what-if-they-protect-us-too-well dept
There’s been an ongoing debate about whether or not protection against things like spam and malware belong at the network level or on the desktop. There are strong arguments for both. At the network level, obviously, it takes the responsibility off of the end-user (who is often the weakest link in all of this) and also makes sure that everything is up-to-date. In fact, many end-users are trying to get out from under the responsibility of safe computing by saying they’d prefer it if their ISPs protected them from spyware. However, in just relying on your ISP, it leads to all sorts of other problems. First off, in an age of laptops and wireless connections, your regular ISP isn’t always how you connect to the internet. So totally relying on your ISP can create other problems when going off network. A second problem is that the user can’t get around blocks if they’re incorrect. For example, I’m currently on a different ISP than usual, and I just tried to send an email to a colleague, but it was rejected because this ISP says it had characteristics of a spam message. In other words, I’m mostly stuck (there are some ways around it, but it’s somewhat involved). The ISP’s attempt to “protect” means that I can’t actually do my work any more.
Comments on “Do We Really Want Our ISPs To Protect Us All The Time?”
No Subject Given
Leave spam and spyware protection for AOL users. They’re usually the ones who need it most.
No Subject Given
I do not want my ISP to protect me from anything. I can handle it on my own. It’s really about time that they offer service for people who know what they are doing. Something that isn’t so restricted.
Re: No Subject Given
You do want them to block some things… like all the port scanners from russia~. It’s just annoying as hell to be pinged constantly.
Re: Re: ISP Protection and port scanning.
I don’t really want the ISP Protecting me at all. I would like the ability to enter filters at the other end of my dsl link though. That would save me the bandwidth issues over my link, which is probably the most limited part of the internet I’m connected to.
I want any issues related to port blocking be issues that I caused, and not something I have no control over.
Re: Re: No Subject Given
i could care less about the port scanners in russia, or any other coutry for that matter. What if i want to collect that data and graph port scanning trends or maybe i want to study computer worms in the wild.
No Subject Given
Then get a hardware based firewall and block that set of IP’s. It’s really quite easy…
Protection, my rights and knowledge
ISPs protect me, this way they can block my 80, 23, 22, 8080, 25, and so on ports at their router, so they can sell me a service I could run myself.
On the other hand, I have the right to know what’s happening to my connection, and spam is easily filtered, shouldn’t bother anyone anymore. So what if I get 50+ spam messages a day? They all get caught by gmail or any other junk filter nowadays.
The fact is that some people really NEED protection, some people only surf knowing how to open the browser and click links, while me and others care about routers, switches, filters, virus, spyware, protection and security, most people still are “lambs” at the net. So, maybe a profile for users? Initiate, Intermediate, Advanced?! Yeah, yeah, too much work, no ISP will provide that.
Re: Protection, my rights and knowledge
the easy solution would be to have a tier based ISP system for n00bs intermediate and expert ranked in stars for technicallity 1=low 5=high
n00bs would get a company that protect and block anything and everything that is potentially harmful.
Intermediate is the hard one of the group to maintain these i supose would block only spyware malware and bloatware.
Expert (which i am hoping alot of you are) wouldnt block anything thus leaving it down to the user
ISP Protection
It is too complicated and time consuming for an isp to block spyware and spam. An isp should provide the fastest possible connection to the internet and an email account. nothing more.
The problem with leaving security to end users...
…is that most of them either don’t know about the dangers of phishers/spyware, or don’t care. ISPs have to take some sort of action just to keep from DoSed by their own users or sued because their customers are unwitting spam/virus zombies.
Look at the otherside of the coin
I’ve just picked this thread up and read a lot of the comments with interest.
My company actually run and maintain a relatively small ISP on the Isle of Wight, UK (12,000 customers) and we come up against this question a hell of a lot.
I can see the arguments for both sides to be honest – you’ve got the ‘tech-savvy’ user who simply wants un-adulterated un-protected Internet access and you’ve got the ‘n00b’ who doesn’t know one end of a keyboard from the other and needs hand-holding through every step of the way.
We actually implement a zero tolerance on our network. We have a number of systems in place, such as RBL’s, Bayesian Spam Filters (which simply tag spam with a ***SPAM*** header) and virus filters which pick up between 1,000 and 1,500 viri per day.
To be honest, the above systems have given us some very good publicity with only 2 complaints in the last 4 years from two ‘noobs’ who wanted to know ‘who was reading their email and deciding it was spam’…. once explained, they went on their merry way.
However, when we get a complaint about a virus infected machine on our network or a trojan on the network, we simply disconnect their service and notify them (requesting they install an AV and disinfect their system)… we operate a three strikes and out rule. Basically, you get reported three different times for spamming/virus/trojan/port scanning etc – and we permanently discontinue service. With only 1 occurance of that ever, we’re pretty pleased with it.
The benefit of doing it this way is that we significantly reduce the amount of email spam that hits our systems (with a negligable amount of false positives / negatives getting through) and tech-savvy users who know what they’re doing (hopefully!) simply get the added benefit of a cleaner network without the worry of being port-scanned etc…
It’s an interesting debate, thats for sure – but I think it’s safe to say that if all ISP’s took responsibility for this stuff, then the problem wouldn’t be half as bad as it currently is.
Don't block anything!
I run a small computer company, in a rural environment. I use port scanners to check clients security. I run a lab where I download and test viruses, including spyware and malware. This helps me and my staff know the truth about these things, and helps us develop our own in house solutions so that we aren’t telling customers that they have to wait unitl X security and antivirus company comes up with a solution. We use various VPNs and remote desktop services, and servers with different port communications to facilitate remote services and servicing. An ISP who blocks anything would really cause some problems. Even if they had packages establised for businesses like mine, there could still be down time if the ISP sets the account up wrong, or takes its time to set up our permissions after the new security policies are put into place.
Advice
Mike, I’m sure you’ve already got around the problem but (1) send the text of the email in a zipped attachment, and (2) change ISPs.
Carl, Yours is a good policy so long as you (1) tell people to exactly what you’re doing and (2) deal with reported problems very quickly. It can be hard enough to set up e.g. conferencing software without an ISP blocking random things and e.g virus scanners do produce false positives.
My team has twice threatened legal action because files were being blocked (nothing to do with any company mentioned above). In the first case we were working on a very short deadline and a supplier kept claiming they’d sent an upgrade with bug fixes but nothing arrived. We were sure they were lying (hence the threat), but we found out much later that emails containing the install set were being repeatedly filtered and binned without either the sender or reciever being notified. The second case is too recent to discuss in a public forum.
Re: Advice
Pete,
As mentioned, I’m not using my own ISP right now, because I’m travelling — so it’s not a question of changing ISPs. But, yes, I did figure out a way around the problem.
parental isp psycosis
It’s actually amazing that there is wide-spread agreement regarding “STATIC” ISP “no choice” protectionism.
I am forever telling my Adelphia.com that I dont use MicroSoft products on my computer; do not block ports to my computer; I dont need your help protecting my computer – it’s my property and I’ll do what I want tto and with it.
Do they listen? They didnt even tell me what they did, nor did they mention a drop in service fees over a year ago! I’ve been over-paying $16/month since they lowered the prices in 2004! And now it’s the day before 2006
The bill is due and I’m awaiting a copy of the ledger of account activity before paying them for the month.
When we last spoke, I told them that the bill payment would be delayed until I get the ledger
As for “protectionism”, I want, and they should offer both opt-in and opt-out choices. why?
Because users (respectfully) dont know what’s going but, for those I refer to as gurus, do.
I’ve told them to stop blocking my ports, they did for a few days.
well, keep telling them what you want.
Be well, folks.