(Mis)Uses of Technology

by Mike Masnick

The ISP Security Compromise: Allow, But Alert

from the interesting-solutions dept

Over the years, we've had many discussions about what role ISPs should play in the computer security of their customers. On the one side, if ISPs are too stringent (blocking things at the network level, for instance), users get upset that their ISPs are disallowing things that should be allowed. Many users just want bandwidth, and get worried when their ISPs take a more active role. On the other side of things, ISPs who are too free with security issues risk allowing themselves to become a huge target for spammers and others. So far, ISPs have pretty much taken an all or nothing approach. If they notice that someone is causing problems, they tend to cut them off completely, leading to an expensive service call. However, there was one presenter at DEMO that had an interesting idea to deal with this. It was a proxy system that would take data from client side security apps and then alert a user through their browser. So, for example, if the ISP noticed the user was acting as a spam-spewing zombie or had some spyware, the next time the user opened his or her browser, the ISP could present a message explaining the problem and how to solve it. It's much more efficient than simply cutting the person off. Of course, if such solutions became popular, it seems like only a matter of time before phisher moved on to spoofing the browser-based error messages.

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    Dr Creek, Feb 9th, 2006 @ 2:54am


    My ISP already does this with certain viri and spyware. i was browsing and it came up with a page that wouldn't let me browse the web but it would let me visit there home page and various anti-virus sites and microsoft.com

    reply to this | link to this | view in thread ]

  2. identicon
    giafly, Feb 9th, 2006 @ 4:07am

    Message from ISP explaining the problem

    Nice idea, but unfortunately malware has been using fake error messages to trick users for years.

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, Feb 9th, 2006 @ 5:33am

    No Subject Given

    The simple solution is to always tell the customer to contact the ISP support line on the pop up screen. Easy enough for tier one support to then walk them to real cleansing sites. Will not stop all of course, but reminders that "ISP ABC" does not send you to links added to billing statements would also help some. Just my opinion.

    reply to this | link to this | view in thread ]

  4. identicon
    STJ, Feb 9th, 2006 @ 8:14am

    No Subject Given

    The problem with giving them a heads up is that they then can adjust their tatics to avoid detection.

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, Feb 9th, 2006 @ 8:54am

    Re: why not chat

    how about a live chat popup. would decrease call volume for the ISP and give the customer a better experience. And is a it more proactive

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, Feb 9th, 2006 @ 10:37am

    Monitor and allow limited email from infected user

    Perhaps one the ISP can control SMAP infections is have a weekly limit of email from each user. Then if this is exceeded - advise the user.t this number is exceeded then tell the user so the user can clear up the situation.

    Another step would be to only allow the user a web based Email while infected - with a limit of the
    number of outgoing emails. This would limit the outgoing SPAM while letting the user still communicate - the web based eamil might be text only.


    reply to this | link to this | view in thread ]

  7. identicon
    Anonymous Coward, Feb 9th, 2006 @ 11:53am

    Cisco kind of already does this:

    Cisco kind of has technology like this. It is called Cisco Clean Access.
    Link: http://www.cisco.com/en/US/products/ps6128/
    We have it implemented at the University of California, Irvine. While it doesn't tell them what virus they have, it enforces network rules such as mandatory windows updates, they must have an anti virus. Not sure I would want an ISP doing this to me, but i'm sure it could be modified

    reply to this | link to this | view in thread ]

  8. identicon
    Fishbane, Feb 9th, 2006 @ 2:07pm

    No Subject Given

    I don't want my ISP paying attention to my traffic. I want it to transmit my bits.

    If this becomes popular (as in, my ISP starts doing it), that will just lead me to start encrypting/tunnelling more of my traffic (as in, all web traffic; my mail and shell traffic already is).

    I pay for a road, not a traffic cop.

    reply to this | link to this | view in thread ]

  9. identicon
    Raul Vaughn, Feb 11th, 2006 @ 9:50pm

    Security Messaging Clarification

    Nice write up. A couple of clarifications for your readers.
    1. Front Porch uses a non-proxy method to deliver security notifications based on output from IDS/IPS. Proxy's have lots of problems delivering content. We know, we used a proxy approach for a number of years.
    2. Security Messages are branded by service provider, enterprise, university and are served from a secure server. Phishers are not likely to duplicate this approach.


    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.