[Dshield] Blackworm liability with ISPs?

Anonymous Squirrel anonymous.squirrel at gmail.com
Thu Feb 2 21:16:26 GMT 2006


On 2/2/06, Chris Wright <dshield at yaps4u.net> wrote:
>
> There's a flaw in that idea - One router, many PC's.
>

There's another flaw.  In the grand scheme of things we've moved
intelligence from the center of the network to the edge.  The skills
necessary to control that intellegence also moved to the edge.  However, the
actual edge users simply don't have the skills, knowledge, or motivation to
do what they should.

So, we can:

1) Sue the heck out of them.  But that won't increase their skills, it will
only chase several off the net, drive others underground, and create many
other unforseen problems.

2) Try and train them.  The problem with that is the current mantra of "Use
AV, a PFW, and Patch" is falling on deaf ears.  Expecting the users to
perform something more rigorous (which will be necessary in the future if
not now) is not realistic.

3) Cut off their access, and restore it when their machines once again
behave.  That puts us (and them) in a loop.

4) Try and remotely tell what their security status is....which works until
they click on that image of a dancing bear, or have an unsupported OS, or do
any number of other things that break the model (simply put, we can't
control what they do or what they send to the sensor).

5) Reduce the skill level necessary to maintain a consumer computer.  Other
than market resistance (from both consumers and suppliers), this option
holds the most promise.   The less consumers can mess up, the better off we
will all be.

I don't see the problem as an engineering problem, the matching of a
computer's security maintenance and operational requirements with the
capabilities of the operator.  I don't see it as a legal problem, as
insurance problem, a remote access problem, or any other problem.

Until the engineering improves, nothing is solved.


More information about the list mailing list