[Dshield] Blackworm liability with ISPs?

Jon R. Kibler Jon.Kibler at aset.com
Thu Feb 2 17:13:21 GMT 2006


"Johannes B. Ullrich" wrote:
> 
> > So why not license computer users?
> 
> Aside from the "cultural aspect", there is not much sense to have an
> "internet license" for end users as long as the rule and the technology
> keep changing at the pace they are changing now.
> 
> For a drivers license, you can pretty much assume that the basic rules
> of the road will remain the same over the next 50 or so years. Cars
> essentially still operate the same way they did 50 years ago, even if
> particular details changed.
> 
> However, if you got an "Internet Users License" 10 years ago, what you
> learned is pretty much useless now.
> 
> This is of course different for "professional licenses", and thats
> probably the first point of attack if you are looking for something like
> a license.

Johannes,

I both agree and disagree with your points.

The major disagreement I have is with a 10 year old license being useless now. A couple of issues:
   1) Every 4 years you have to take basic tests (at minimum, an eye test) to prove that you are still capable of driving. Having to retest on computer knowledge every few years (or have CEUs) is only reasonable.
   2) Even 10 years ago, the concept of 'anti-virus software is required' was relevant, and once vendors got their foot in the door, vendors would tend to educate users as to the changing security environment as a means of selling more product.

Perhaps, a better approach is to 'license' computers. For a computer to connect to the Internet, the computer must be able to demonstrate that:
   1) It is fully patched
   2) It is running AV software w/ current sigs
   3) It has a properly configured firewall

Commercial tools already exist to perform such checks. Why not require it?

Now, having said all of this, I have to agree with the cultural/political aspect: I would probably be one of the first to object if the government was to impose such requirements, but would probably welcome an ISP imposing such requirements.

Bottom line, there is no easy answer. However, it is also clear that we must do SOMETHING to improve our current situation. The real question is "What?".

Jon Kibler
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list