Friday 23 September 2011

ISP's To Cut Internet To Infected Machines?

An interesting article posted this evening over at Naked Security by Chester Wisniewski. A proposal to cut internet access to machines under a botnet control.

I read through the article and it got me thinking about this, how would I feel if ISP's did cut peoples internet access of infected machines?

Machines under a bot masters control is quite dangerous, don't get me wrong, but the idea of cutting their internet access straight away isn't something I agree with. As a person who works in the malware removal field across several online forums, internet access to infected machines is actually quite important.

1. Some of our tools need internet access, I wont name the tool I'm refering to, but it needs internet access to be able to install the Microsoft Windows Recovery Console, and Microsoft are all about making things easier for the end user right? Sure we can install the Recovery Console another way, but the way we do it through internet connection makes it so the process is automatic, much easier on the user and me helping them.

2. We also need internet access to submit malware samples to security researchers to make our tools better; cutting internet access to infected machines stops us doing that, or are these top government guys happy so long as they get their way?

So really, all your doing in cutting internet access is making our jobs harder and frankly annoying me in the process, I see this as more ISP censorship, that they can do this without really giving the user chance to sort the issue out.

However, I don't want to just say I'm all for one side of the coin without thinking about the positives. Right now, this is just an idea of the DHS and NIST, but this idea is far from bulletproof.

Yes cutting internet access to infected machines would solve some of the problems, stops the bot master using the users infected machines for malicious purposes; stops the end user making things worse, but just suddenly deciding to call/email the end user and giving them the "oh hai your machine is infected, were cutting your internet access now and you don't have any say in it, kthxbi" isn't the right way to do this.

Really if ISP's want to go with this method, I personally think they should give the infected end user X amount of time to clean the machine up before cutting internet access. That way governments get what they want, and we get what we want, right?

No comments:

Post a Comment