[Dshield] Blackworm liability with ISPs?

Chris Wright dshield at yaps4u.net
Thu Feb 2 15:49:09 GMT 2006


Now this would be an ideal situation if we were starting from scratch but
the reality could be financial problems involved with setting up, policing
and enforcement.

Does anyone know of any previous actions/lawsuits whereby some one person,
group or network has sued another home user/ISP for damage done to their
machine (whether damage be DOS or SPAM). Would kind of be hard to sue
someone for infecting your PC which would tend to point to the fact that you
were as much a potential perp rather than a victim in this case.

On what grounds would I have to sue my ISP / Another User / A large Software
Corp?

What is the end result of having a clean network?
Will it mean that I no longer have to have AV or Spam blocking SW,
Netfilters etc etc?
Will there always be those around who seek to gain by illegal means? (I
think so)
So if that is the case, then it must be that Each and every PC on the
network requires protecting from that threat
ISP's have the technology to provide a clean up/downstream, but that would
seriously eat into any profits they make (if any - yeah right).

You don't want to spend a lot of money securing 100% of your
upstream/downstream, so why not provide a small percentage of your network
that is 'sanitized'.

Nobody on this list wants to be on that clean network, because we consider
ourselves savvy enough to be able to look after our own networks and not be
effected by 'Mr I don't have a clue about my PC'.

But if 'Mr I don't have a clue' appears in a report (DOS, RK, Trogan,
Spammer) then he gets warned, clean up you act or get pushed to the
sanitized network (which by the way is 4 x the cost). 
3 warnings and your out.
But then no ISP is going to want to ban any of their customers. And just
think of the numbers that would be involved.  Let us think of one of the
major ISP's and then consider the amount of machines on its network that are
or are potentially infected.  They'd probably lose half of their customers
overnight or have to convert most of their network to a sanitised network.
Or their customers would go to a let reputable ISP who doesn't care what
they do at half the cost.

So, that does lend to putting some financial penalty on the end user.

If there was a way that I could prove that "Mr I Don't have a Clue" was
responsible for what I shall call a hostile action towards my network, what
laws are there are present to protect me, or what laws do we need in place
to prevent 'Mr No Clue' from just ignoring it and carrying on.

I know if I said to my dad that he had a trojan on his PC, he'd think
someone had left a packet of condoms on his desktop.

Chris

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Jon R. Kibler
> Sent: 02 February 2006 15:09
> To: General DShield Discussion List
> Subject: Re: [Dshield] Blackworm liability with ISPs?
> 
> "Johannes B. Ullrich" wrote:
> 
> > <SNIP!> (or do people actually want an Internet drivers license?)
> > 
> 
> Well, we currently screen or license users of just about 
> every other type of 'dangerous' technology: cars, airplanes, 
> boats, motorcycles, guns, broadcast radios, etc. 
> 
> So why not license computer users? 
> 
> Why not require a certain minimum understanding of the 
> technology before allowing its use? 
> 
> Why not require that you must demonstrate that you are 
> minimally competent at using the technology before turning 
> you loose on the world?
> 
> After all, a wayward computer or computer user can cause just 
> about as much damage (if not more!) than most of the 
> technologies that we currently license. 
> 
> Jon
> --
> Jon R. Kibler
> Chief Technical Officer
> A.S.E.T., Inc.
> Charleston, SC  USA
> (843) 849-8214
> 
> 
> 
> 
> 
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
> 
> 



More information about the list mailing list