[Dshield] Interesting Zombie Data Graphs

Pete Cap peteoutside at yahoo.com
Tue Nov 8 16:15:09 GMT 2005

Here's an idea:

Require all customers to exercise some level of due
diligence: you must have a virus scanner, you must
have a personal firewall, etc.  The ISP is paying for
bandwidth and passing the cost onto the customer; if
the customer refuses to take advantage of the free,
automated, and typically transparent security tools
available, then by all means the ISP should pass the
extra cost onto the end-user.  I guarantee that after
the first time Joe User gets slapped with a $300 cable
bill, he won't be so careless.

Obviously you're not going to nail every customer who
gets hacked or zombied by the worm-du-jour.  If it's
something they could not reasonably be expected to
prevent, taking into consideration the average (low)
level of technical expertise on the part of the users,
then don't charge them.  That is, if it was a worm
with a 0-day exploit that zombies half the internet,
don't charge them.  But if they get a worm for which
signatures were released three weeks
ago...well...sorry, you signed the user agreement,

Finally, and this is very important, make SURE the
customer understands this when they sign up.  Link to
AVG and ZoneAlarm from your main website.  Give them
some kind of three-strikes policy if you want to be
really nice.  But, in the end, they will learn not to
be a danger to the rest of the user community, or they
will pay for it either through their wallet, by
getting their access revoked, or both.

I don't think that's too draconian a policy, let me
know if it sounds crazy, though :)


Yahoo! FareChase: Search multiple travel sites in one click.

More information about the list mailing list