Get a Virus, No Web for You!

[HardOCP News]

Australia wants to ISPs to require anti-virus software for all users and, if a customer does get infected, they will be booted off the internet until they get their PC fixed. Good idea? Bad idea? What do you think?

A new plan floated by the country’s House of Representatives Standing Committee on Communications suggests that Australia should allow ISPs to mandate anti-virus and firewall protection among their customers. If a customer does get a malware infection, the ISP would be allowed to cut off that customer’s connection until the problem was fixed.

 

[SavageThrash]

We have something like that happening in Ontario. Rogers will just cut people off and tell them to clean up their pc.

And no I don't like it.

 

[haste]

so much for d/ling a fix from the internet if u get infected...

 

[Astronomica]

Force me to run software on my PC? I don't think so Tim.

 

[Darrell262]

Or searching for a fix

 

[LeninGHOLA]

Some part of me thinks that part of California broke off millions of years ago and migrated down there, now they call it Australia. Don't get me wrong, it's a damn fine country, but the privacy laws, internet laws, and censorship laws over there are offensive to my nature.

 

[NoForgiveness]

My parents got a spambot trojan and I was booted from EfNet. It sucked. I'm back now, after having cleaned up their PC and waiting a few days to get the ban lifted. Basically, only do-dos who don't know how anything works would propose such legislature.

 

[HaMMerHeD]

Bad idea.

Let's not give government, especially one which apparently doesn't believe its adult citizens to be capable of making their own entertainment choices, more power to regulate what we do with our own computers.

 

[jiminator]

eh, I am not sure how they can determine if a user has a virus.
certainly for trojans that phone home, or computers that join botnets that might actually be a good thing.
But the ultimate result will likely be that the scum developers get smarter and write something better and more able to bypass the filters.

 

[badcookies]

bad idea.

That said, the difficulties with implementing such a solution seem almost insurmountable. How exactly would an ISP identify infected machines? And would it be able to distinguish among Windows, Macs, Linux, and other devices? How would false positives be avoided? What’s the process for fixing a machine that’s been knocked off the Net? After all, if a user is unsophisticated to the point where he doesn’t know he has a virus, how will he be able to correct the problem without Web access?

a better idea might be focusing money on a antivirus program that an isp might distribute for free to its users and focus on the database of that one program. with govt funding, such a program could possibly end up with better compatibility and least false positives than many retail apps.

that or maybe provide coupons for retail AV apps?

this shutting the user out thing is such a out-of-sight-out-of-mind approach....

 

[heatlesssun]

Perhaps this needs to be better implemented however I have no problem in principle with having a machine "locked out" if it is truly infected but I can see this going wrong in a lot of ways unfortunately.

 

[XamediX]

Most of the best virus scanners are online based. Meaning once you got infected, the superior software based AV gets rendered useless, so u cant use it. You have to go online and use a web based scanner. I think they should put you in a portal like Comcast does when you dont pay your bill. You get stuck on one webpage or series of webpages that are dedicated to removing viruses.

 

[Kendrak]

If you can get an anti-virus program installed, how do you update the definitions?

 

[niconx]

Since antivirus doesn't work and the Australian government only wants a backdoor into home PC's I would have to say this is a bad idea.

 

[obs]

I've already seen this happen in the US. My Uncle's computer got horribly infected from virus' (from crap they installed most likely) and their ISP shut off their net. I ended up formatting their computer and the ISP re-enabled their internet. I think this is actually a good thing to help prevent virus' using computers as zombies.

 

[obs]

However, the government forcing all computers to have anti-virus is fucking stupid. I often run without any AV because I know not to use IE or download and run random exe's from untrusted sources.

 

[heatlesssun]

However, the government forcing all computers to have anti-virus is fucking stupid. I often run without any AV because I know not to use IE or download and run random exe's from untrusted sources.

IE is not the source of most malware issues these days for Windows. The #1 way to combat locally run malware is to not run all the time with administrative level privileges.

 

[Lemurion]

Yes: just like the best way to deal with sick people is quarantine them so they can't go to the doctor.

 

[CaptNumbNutz]

I'm all for them contacting their customers warning them of the dangers and informing them that they may have a problem.

However, everything is web based now days, including the fixes for the problems they are booting people off the net for. Also, sometimes it doesn't matter how up to date you are, the malware writers are always a step ahead. I had to clean a trojan and rootkit off my father's laptop just this past week that wasn't defined on 3 different antivirus programs that I tried with full updates (one of which, MSSE was already installed). Even then I didn't get all of it off, just got the computer usable. 2 days later a new update for MSSE got the rest of it.

I wouldn't want this bill to pass if I was an Australian, but if it does go through the only way it would work is if there is some prevision in place to give the customer several month's warnings to fix it before they disconnect service.

 

[MartinX]

Bad idea.

Let's not give government, especially one which apparently doesn't believe its adult citizens to be capable of making their own entertainment choices, more power to regulate what we do with our own computers.

I don't know, you could also look at it as them regulating what you are doing to other peoples computers if your PC is spewing spam or whatever as part of a botnet.

 

[lord_emperor]

In soviet Australia...

Anyway i work for an ISP and when someone has an obvious infection we block the targeted ports and advise them to get it cleaned up.

 

[TheBuzzer]

Well there is this solution that university uses for a while now.

The university have packet sniffer and it can determine some viruses sending out certain packets. When they found a comp with it they will restrict that comp from accessing the whole internet but to a sub internet to help clear the virus out. After clearing the virus out the sub internet page will have a check to see if it does really seem clean. If it passes, it re enable access to all the websites.

 

[Ehren8879]

We've instead started disabling smtp traffic (our smtp and specific ports) for infected people zombie spamming.

 

[Ehren8879]

We've instead started disabling smtp traffic (our smtp and specific ports) for infected people zombie spamming.

We've tried entertained the idea of a walled garden as well letting people know what's up.

 

[stop!theradio]

The problem is that a lot of people depend on the online community to help them get rid of malware. For example, people here who have a seemingly impossible virus post on the networking/security forum here to get some help in removing it. Ya couldn't do that if you were to be booted off the net.

 

[m2h]

We have something like that happening in Ontario. Rogers will just cut people off and tell them to clean up their pc.

And no I don't like it.

That happened with my friend and Rogers. It was bullshit. They just said you might have a virus and cut off his internet. No real information. He didn't have a virus, or anything. Best we could determine the VOIP ATA (not Rogers) was sending to many keep alive packets which he has no control over.

That one incentent was enough to make him go back to DSL which he hates. Luckly Teksavvy now has Cable, so hopefully the same shenanigans won't occur.


The problem with cutting off the internet is, ... you basically need the internet to resolve the issue.

 

[LOCO LAPTOP]

I see it both ways good idea if you are a tech guy to make money, bad for almost everything else.

 

[Bahamut]

Bad idea from start to finish, any way those Aussies choose to barbie it up...

 

[phoffman]

Its only a matter of time.

The government has you get car insurance
The government has you get health insurance
Next the government will have you get network insurance.

 

[IRSmurf]

I like it a lot. This will help stop many methods of distribution.

And when they catch people who make these viruses, they should be held financially responsible for the downtime caused for each user and the cost of fixing their computer. Maybe they already do that? I don't know.

I'd imagine it's easier to extradite someone from Russia or China when they're facing fines in the millions vs just being charged for distributing a virus.

 

[Climber]

Bad idea.

Let's not give government, especially one which apparently doesn't believe its adult citizens to be capable of making their own entertainment choices, more power to regulate what we do with our own computers.

This +100

 

[itanium]

Sounds like obama care for computers...

 

[BallerX]

LOL bellsouth will do that. I had to call them to get my cousin's service turned back on after they cut it off because she was severely infected. I don't blame them. They know what most of the botnet IP's are. If your box was a zombie, I would cut you off my network too.

I don't approve of requiring someone to have a certain virus scanner. That just makes the hacker's job easier. I think no one should be able to tell you what you have to install on your PC. But, if your a bot, I would cut your ass of in a second.

 

[MavericK]

The University of Washington did this when I went there (presumably still does). Good idea, I guess, but ISP-wide? Dunno.

 

[gimp]

However, the government forcing all computers to have anti-virus is fucking stupid. I often run without any AV because I know not to use IE or download and run random exe's from untrusted sources.

lawl. There are plenty of drive-by malware, infected ads that plague reputable sites, etc. That's like saying you'll never get herpes because you wore a condom; while it does greatly reduce the chances of getting the virus, it's still only 99% effective.

In soviet Australia...

Anyway i work for an ISP and when someone has an obvious infection we block the targeted ports and advise them to get it cleaned up.

when I worked for a local ISP, we would get informed of a possibly-infected machine from a source, with attached log that showed said-IP port-scanning, or the like.
First offense, we would simply call them and let them know of said issue and to run a scan.
Strike 2, temp disable their account, call and inform them to run full system scan(s). Once that was done they called back and their account was re-enabled. Would also ask about wireless, if it was secured, etc.
Strike 3, they had to pay us to do a site-visit and PC cleanup, verify wireless security if applicable.
Strike 4, no more interwebs from us.

Now, it would also depend on the timeline between the strikes. If there was a year between, no biggy and no repercussions. But if all 4 strikes happend within a couple months, then buh-bye.

 

[Emission]

bad idea.


a better idea might be focusing money on a antivirus program that an isp might distribute for free to its users and focus on the database of that one program. with govt funding, such a program could possibly end up with better compatibility and least false positives than many retail apps.

that or maybe provide coupons for retail AV apps?

this shutting the user out thing is such a out-of-sight-out-of-mind approach....

I like your idea better.

 

[gimp]

LOL bellsouth will do that. I had to call them to get my cousin's service turned back on after they cut it off because she was severely infected. I don't blame them. They know what most of the botnet IP's are. If your box was a zombie, I would cut you off my network too.

I don't approve of requiring someone to have a certain virus scanner. That just makes the hacker's job easier. I think no one should be able to tell you what you have to install on your PC. But, if your a bot, I would cut your ass of in a second.

this is part of the reason, too, I'm sure.
You get a spam-bot? Guess what, chances are your ISP will eventually get blacklisted or grey-listed on RBL's, depending on the number of junk that virus spews out.

What ISP would want to put up with that? It's easier to deal with a relatively small number of users with infected computers, then it is to deal with your whole customer base bitching about their email not getting to their recipients (because said virus-infected computer got the whole ISP black/grey-listed).

Not to mention another ISP/company's security team contacting your ISP because an IP owned by ISP is port scanning/attempting hacking/etc.

 

[bexamous]

Whats the point of this being a law? ISPs can already disconnect users for anything covered by TOS. Eg if some end user's system is infected & spamming emails, ISP should have no problem disconnecting them, or more likely just warning them first. But why would there need to be a law covering this?

 

[Rockjay420]

Awesome idea!!!!!!!!!!!!
How bout next, If you get an infection inside a hospital, they throw you out until you get better!!

 

[Cerulean]

IE is not the source of most malware issues these days for Windows. The #1 way to combat locally run malware is to not run all the time with administrative level privileges.

I disagree.

I do not use antivirus (as have stated several times before in other past threads), and I do a checkup about every 6 months and never get infected; ever since I stopped using antivirus 3 or 4 years ago, my Windows hasn't been slowing down over time, nor has it taken a massive performance hit (CPU and RAM have nothing to do with this), nor have I gotten any problems. I'm not boasting, bragging, or anything of this nature -- I am just sharing my observations and experience. :X

On another note, at a company I worked as a network administrator, workstations used by user-level accounts without administrative rights (and mind you this company's Group Policies were also terribly strict and too tight) would get infected. However, infections would usually be isolated within the user account/profile responsible for the infection for only a couple days before infecting the entire workstation. (Heh, this would also be a pain in the arse to cleanup sometimes because of the group policies being too strict and tight.)



Linux might be a different story though, I don't know. Security through obscurity, too?