devicenull
Premium
join:2002-12-01
Clifton, NJ
| reply to SpannerITWks
Re: Security Absurdity: A long-overdue wake up call
Who do you mean by provider? I hope you aren't saying that ISP's should notify their customers of any possible security issue with any software the customer is running. That would require the ISP to be provided with a list of every installed piece of software. I'm sure they would like that. (Additional fee for P2P anyone?)
Most non-free software I've seen has an option of registering with the developer, so they can notify you of product updates.. I'm not sure if any do this, because I don't see a need to register my software. Most of the people I know go on a "if it's not broke, don't fix it" theory.. Their software is working fine, why should they risk breaking it with updates? They don't understand the concept of things broken that they can't see.
dave, it works even better when you put it like that. When you get a computer from somewhere, it's not "spewing junk". Neither is your car. Modifying it further (removing exhaust system for a car, or installing various programs for a computer) is something that the manufacturer can't be responsible for.
I can't think of any way where ISPs or software developers can keep a computer clean. ISPs can, and should react if a subscribers computer is spewing junk. They can offer services/tools to users, such as antivirus, firewall, etc. Ultimately though, the decision to install these tools comes down to the user. The user then has the power to ignore the warnings these tools generate. The user also has the power to not install these tools, and not care that their computer is spewing junk.
Lacking a perfect anti-everything tool (viruses, trojans, spyware, etc), the only acceptable response, in my opinion is user education. |
|
N O Y B
St. John 3.16
join:2005-12-15
Forest Grove, OR
1 edit | The operator of a product (automobile, etc) is responsible for its use and modifications they may make. Yes. But the manufacture or service provider is responsible for the product or service being provided. These are two different things.
If an company sells a product or service that is unsafe when used as intended, they should be held liable for damages suffered by their customers.
ISP are currently selling services that as provided are unsafe and most certainly does result in loss by their customers. It would be sort of like leaving seatbelt purchase and installation up to the customer.
If an ISP is unwilling to provide a safe and secure internet connection then they should get out or be put out of business. |
|
devicenull
Premium
join:2002-12-01
Clifton, NJ
| The internet is inherently unsafe. For all I know, the next time I visit this site, it will have been hacked using a 0day exploit, have another 0day exploit to bypass my proxy software, and a 0day exploit to infect my computer via my browser. Not likely at all, but still a possibility.
The only way an ISP can provide a totally safe approach is with some sort of walled garden. Don't allow anyone onto the "public" internet, only trusted ISP sites. I somehow doubt this is a good idea.
The last thing I want to see is the ISP filtering sites. If they started doing this, I would drop them pretty quickly. Who says what they block? Their "unsafe" sites, or sites they don't like. |
|
N O Y B
St. John 3.16
join:2005-12-15
Forest Grove, OR
1 edit | Traveling the highways is also inherently unsafe. That’s why auto manufactures are required to provide certain safety devices and meet legislated requirements. The legislation is a result of their own unwillingness to do it on their own. ISP are headed down the same road. |
|
Just Bob
Premium
join:2000-08-13
Spring Hill, FL
| reply to devicenull
said by devicenull  :[...] The only way an ISP can provide a totally safe approach is with some sort of walled garden. Don't allow anyone onto the "public" internet, only trusted ISP sites. I somehow doubt this is a good idea. [...] Actually, that may not be a bad idea. New and inexperienced users could be confined to their ISP's portal. Only after demonstrating some level of competence would they be allowed out onto the internet. They could also have to demonstrate that their computer met some level of security.
Add egress filtering and many of the problems would be somewhat mitigated.
»www.sans.org/y2k/egress.htm |
|
