[Dshield] ISP Responsibity...

Clinton E. Troutman troutman at mesh.net
Sat Aug 20 02:21:20 GMT 2005

On Friday 19 August 2005 11:24, admin wrote:
> On a somewhat different note, it seems to me that a large part of the
> problem lies with the ISPs. If they would take an active roll in the
> fight against SPAM and WORMS and Viruses we would be a lot further
> along.
> Why can't they unplug machines that they know are infected, 

Personally, I don't want some random mis/ill/uninformed ISP employee making 
any attempt to determine what my machines are doing and/or why they are 
doing it.

> and 
> why can't they try to identify infected machines on their networks? 

Same statement as above...
Now that doesn't mean that triggers can't be set such that blatantly obvious 
behavior is flagged; mass email, mass IP scan, etc. These things are 
usually out of the boundaries of AUP anyway...
But, I don't want anyone closing in/outbound ports for me for any reason.

> I certainly don't want to have to wait till our legislators draft some
> bizarre law to force ISP to do the right thing. 

Oh marvelous...
A political entity that is even more mis/ill/uninformed than an ISP employee 
should draft legislation telling an ISP to tell is clients how to conduct 
themselves and their hardware/software. This is analogous to the 
legislators telling me that if I don't monitor access to my house, they 
will build a fence with concertina wire around my house and charge me for 
it and not give me the keys to the gate.

I don't find the idea of ISP Responsibility palatable at all whether the 
ISP's decide on their own to undertake the task or whether the legislators 
require the ISP's to undertake the task. 

I think, perhaps, that those folks that advocate ISP Responsibility consider 
the ISP as a point of access concentration where monitoring/control could 
most easily be accomplished. While true, it addresses the symptom and not 
the disease.

The disease is actually the thread that sparked this thread. Stupid Users 
with always-on broadband connections, no firewall, no AV, no mal/spyware 
detection/removal, etc...
But realize these are probably the same folks that drive their cars 
everyday, put gas in it when necessary, never look at the dashboard, and 
when it breaks they take it to the mechanic. Well, when their computer 
"breaks", they take it to the computer mechanic or buy a new one.

While there will always be stupid users and users who just don't care, my 
expectation is that as the computing populace becomes generally more adept 
and more educated (as the young become old and the old die off), this 
problem will mitigate itself for the most part. Call it Computer Darwinism 
if you will...

Clinton E. Troutman
Independent Computer Consultant for Home,
  Home Office, and Small Business in Fort Worth, Texas

More information about the list mailing list