[Dshield] Possible solution for ISP (was DShield's public goals)

Tom dshield at oitc.com
Tue Jan 17 00:33:14 GMT 2006

At 6:01 PM -0500 1/15/06, Valdis.Kletnieks at vt.edu wrote:
>Content-Type: multipart/signed; boundary="==_Exmh_1137366067_3077P";
>	micalg=pgp-sha1; protocol="application/pgp-signature"
>Content-Transfer-Encoding: 7bit
>On Sun, 15 Jan 2006 15:03:13 EST, Tom said:
>>  I was responding to the assertion that ISP's can't afford to worry
>>  about security in North America because they were to poor to afford
>>  it. An assertion that I think is hogwash.
>OK.. Let's crunch the numbers.
>Your level 1 support desk is still in the US, and you pay the people
>minimum wage.  Bam!  That's $6/hour.  Now add in the cost of the seat the
>refugee from McDonald's is sitting in, and you're probably looking 
>at $10/hour.
>You're charging $9.95/mo for dialup. That's $120/year.  Now let's assume that
>your profit margin is an obscene 10%.  That's $12/year profit.
>If that guy calls the help desk *once* that year and the problem takes an hour
>to resolve, you've just wiped out almost all your profit for that account for
>the year.
>If your profit margin is only 5%, and that seat costs $12/hour, your profit
>evaporates in 30 minutes.
>Now you know why Indian help desks are so popular. :)
>(Oh - and an existence proof that the profit margin can't be a lot more than
>10% - if it were, some other company would be offering bare-bones no-support
>dialup for $8/mo and still making money at it...)
>An important thing to remember here is that many of these low-price 
>solutions wouldn't be financially feasible if there wasn't a lot of 
>going on.  Remember that the ISP doesn't bear the costs of their customer's
>security problems - the sites they connect to bear the cost.
>If you want to know how much security *actually* costs an ISP - consider that
>both AOL and NetZero are bragging up their free A/V for customers. 
>They wouldn't
>be doing it unless the cost of the volume-purchasing agreement plus the cost
>of the TV ad campaign wasn't *less* than their costs of the phone ringing at
>the help desk when a customer gets whacked with a virus.
>(For those who care, our most recent estimate of the cost of dealing with
>one of our users infected with a virus was $30 per call - and that was *not*
>including lost time/productivity on the victim's part.)


I doubt anyone else on this list is interested in this thread as 
noone has chimed in and I will give you the last word but before I do

1) whole idea that isp's are poor and that they can't afford to deal 
with problems is bogus The idea of of $/customer is that _most_ do 
not need help desk which is why your model is wrong. If you used your 
model for cars then every car would have a major brakedown every year 
and the warrantee cost would be astronomic - but they don't.  If your 
scenario was true then they would all go out of business. Further you 
forgot that dialup's as aggregated and not by the ISPs... Nonetheless 
it doesn't invalidate my comment

2) You never bothered to address how our (and most other) local ISP's 
can support local employees, help desks, and great service without 
going bankrupt and competing with those big boys that are "loosing 
money and can't afford security because of the cost."

3) Didn't deal with the fact that the BIG telcoms in NA are going 
after the ISP market big time and yet you believe that they are poor?

4) Didn't deal with the real thrust of the commentary which was NA 
broadband users are getting stiffed by their providers into paying 
huge $ per bit in comparison to overseas and it is happening because 
they can market it as "really good" which is BS.

I will have to say that big ISP/Telecoms/Cables are crying poor only 
to try to influence proposed FCC changes.

Get a grip.  We have 3 local ISPs here that employ locals and provide 
quality service (and bandwith) and they deal with viruses, security, 
etc promptly without crying poor nor asking for regulatory changes.

So explain to me why why these poor _huge_ companies should be cut a 
pass since they can't afford security when local small businesses 
with less income can deal with it (and provide better service)?


Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
321-258-2475(cell/voice mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw at mac.com
skype: trshaw

More information about the list mailing list