Why ISP’s don’t monitor and catch zombies
There has been a lot of talk about zombies and how ISP’s are the ones that should catch and quarantine them. You won’t get an argument from me about that. They should, period.
But why don’t they?
They are in the business of making customers happy, period.
And customers who feel spied upon and vilified by their ISP aren’t happy.
So we need the zombie catchers to tell us how we can spy on our customers in such a way they won’t feel like we’re reading their mail, or know what they’re doing. They want to be able to keep using P2P networks in peace, and whatever else they’re doing, short of child porn.
My ISP actually tracks things like apparent viral usage (programs trying to portscan, connections outwards on 139 to remote networks), and the systems will automatically put you in to a ’safe’ zone using web redirection tricks (forget the name, but lots of universities in the US do it when a new MAC shows up on a switch port, as do hotels). It lets you out after a few minutes, but repeated offences alert their support team.
I certainly don’t feel spied upon - I just wish they could monitor port 25 outbounds to catch the viral floods that occur once in a while.
At least, that’s how it was last year. I haven’t portscanned a server since :>
Really simple: When you detect a zombie, you shut off the customer and have an autodialer CALL them, saying:
“We have received a complaint and realised it was due to a possible virus or trojan on your computer. This needs to be fixed before we allow you online. Please $ISP at your convenience and one of our technicians will help you remove the virus.”
…then have the Customer Service people walk them through how to remove the trojan before letting them online again.
Bundling a decent antivirus package with the internet service might be a good idea as well.
I agree this is the only solution, but the problem is some people are going to be upset that the internet service they pay lots of money for was disabled and have no interest in taking their time to fix it. The loss of connection at some vital time could get the ISPs into trouble. If the customer was working on some important project that had to go out before a deadline, disabling their access could prevent them from finishing and/or submitting the end product.
I believe no-one, and I mean really NO-ONE while working on some important project will get infected. Still - I believe there is a lot of internet-cafe in the neighbourhood.
Disconnecting zombie on sight will greatly improve the knowledge about viruses at the end users.
Zombies… it’s not ISP’s problem I mean - they don’t really do them any harm. ISP want to have a happy customer. period. Disabling one’s account wont make him happy
If your computer gets infected with a program that click on AdSense - will u be less happy with your ISP’s service? No.
If your computer gets infected with a program that click on AdSense and becuase of that your internet connections becomes disabled - will u bee less happy with your ISP’s service? YES.
It would be hard to get infected while working on some important project, but what if someone is already infected and that just happens to be when the activity starts. Or they decided to take a short porn surfing break. Yes it is dumb and wasting time, but it is possible.
If it isn’t the ISPs problem, then it is no one’s problem because we already know the customer isn’t going to do anything about it. They don’t even realize anything is wrong.
Yes a AdSense clicking bot isn’t a major problem for the customer, but if the bot software is capable of that, it is capable of plenty of other things.
Computers that are infected usually don’t run well but most people don’t know why. And they are more vulnerable to further infections. Depending on the infection, anything on your machine is open to access by criminals. Your SSN, CC numbers, passwords, financial information, and plenty of other stuff is likely on many people’s computers. People may be upset at the ISP for disabling their access, but they should be more upset for leaving them vulnerable to viruses and malware. Many ISPs provide malware and virus protection free to help users, but many users don’t install them. If ISPs include the option to disable access for infected computers in their TOS they should be safe.
I worked at a Business ISP. I never had a problem with a customer reporting a botnet issue to them. Nor was I restrained by the business/management from doing so directly.
[...] SpamHuntress states in an Article entitled Why ISP’s don’t monitor and catch zombies: But why don’t they? [...]
this is sort of spamvertisey (since I work for F-Secure), but I thought it might be relevant: there are products out there that automatically identifies zombie hosts and isolates them in the network until they have been disinfected. One such product is Network Control: http://www.f-secure.com/products/fsnc/