ISPs Employ 'Walled Gardens' To Limit Infection Cox sees significant improvement after launching program Last year we discussed security "walled gardens" with a network engineer for Canadian cable provider Cogeco. The practice limits the Internet access of an infected customer -- only allowing access to ISP-hosted cleanup tutorials, patches and other resources. The practice lowers an ISP's call volume (as opposed to just cutting them off) while protecting other users on the network. The Washington Post blog today touches on security walled gardens and focuses on Cox's use of the tactic, which began in 2005 and reaped significant rewards: "Prior to initiating this program, Cox was taking roughly 22,000 customers offline each year for Trojan infections. By 2005, that number was down to 8,000. And in 2006, the first full year in which it had those mechanisms in place, it confined slightly more than 1,800 users out of a user base of more than 3.3 million." The report suggests that other ISPs have been hesitant to employ the tactic because they don't care about spam, and (as the Cogeco engineer hinted) executives can't neatly monetize the impact of infected machines. Instead, many ISPs "beef up the strength of their network so they can just carry the bad traffic along with the good."
|
 | | sounds about right just upgrade to handle the traffic | |
|  |  wifi4milezBig Russ, 1918 to 2008. Rest in Peace
join:2004-08-07
New York, NY | Interesting Assuming they can correctly identify "infected" machines, I think this idea is good. My main (only) concern would be that the ISP would somehow flag a "normal" PC as infected and then quarantine it.
--
я люблю Денди! | |
| | | | | Re: Interesting Or worse,.. state in their AUP that bittorrent usage is not allowed. Then, set their network to detect bittorrent traffic (used legitimately), deem it against their policy, and limit the user to pages on their site about bittorrent use. Then, ask for the user to check the AUP, and have them call tech support to release their account once bittorrent traffic has ceased. | |
| | | |  cdruGo ColtsPremium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:5
 ·Frontier FiOS
| Re: Interesting said by blueeyesm:Or worse,.. state in their AUP that bittorrent usage is not allowed. Then, set their network to detect bittorrent traffic (used legitimately), deem it against their policy, and limit the user to pages on their site about bittorrent use. Then, ask for the user to check the AUP, and have them call tech support to release their account once bittorrent traffic has ceased. Not that I would condone such actions, but if an ISP did that it would be perfectly within their rights in almost all circumstances. You are paying to use THEIR network. If THEY don't want something on THEIR network, it's THEIR choice, not yours. The extent of what you can do is find another provider.
--
Go Colts | |
| | | | | | | Re: Interesting
Exactly right. YOU are PAYING them for the unrestricted use of their access network. Some here seem to use the idea of it being their network to justify any abuse of their customers, with the attitude that "they can do whatever they want. It's THEIR network".
They are being paid for access. To me, that means unrestricted access. Of course, if they crap on their customers in this manner, their customers will crap on them by taking business elsewhere, or, getting around their restrictions. | |
| | | | | | cdruGo ColtsPremium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:5 Reviews:
·Frontier FiOS
| Re: Interesting said by Fatal Vector:They are being paid for access. To me, that means unrestricted access. Every ISP I've ever seen has had a AUP and/or TOS that spells out what a user can, or in most cases can't do with the account. Almost every time there are two provisions, one that says a user's activities can not have a detrimental affect on the network and the other is that the policy may be changed without notice. You are NOT paying for unrestricted access. Heck, ISPs don't even get unrestricted access. They can and have been cut off from their upstream providers for violating policies.
I'm not saying it's right and that ISPs should just arbitrarily block a service just because it can be used for something illegitimate. I'm just saying that it is within their powers to do so.
--
Go Colts | |
| | | | | |  Michieru2zzz zzz zzzPremium
join:2005-01-28
Miami, FL | That's why there is 1 year contract exists just to piss those customers off even more.
--
The only limits we have are the one's we set ourselves. | |
|
| |  TopmounterSent By Grocery Clerks
join:2001-02-20
Evergreen, CO | It's not hard at all to identify an infected machine.
It is nice to see an ISP actually be responsible and try to clean up their network, not to mention the Internet in general. | |
|
| | | Re: sounds about right You must work in marketing or sales. | |
|
|  DavidI have a son- d3Premium,VIP
join:2002-05-30
Granite City, IL
kudos:68 | Well assuming cox got it right this could be a rather interesting approach. Could benefit the ISP in a cost savings to the for them. | |
| |  TweakPremium
join:2002-06-08
Oklahoma City, OK | Re: Well assuming cox got it right At&t should take a page from Internet providers that are taking proactive steps to protect the network. It might keep most of your mail servers from being black listed. | |
| | | | | | | | | | | | |
Reviews:
·Verizon FiOS
| Moving... now, Wouldn't you rather be with an ISP that is "pro-active" in keeping the service clean for it's client base (thus attracting users that want this feature) than with an ISP whose corporate attitude is to through more at marketing than IT services...  | |
|  major marcoRes Firma Mitescere NescitPremium
join:2003-02-13
Stepford, CA | One Small Baby Step of Improvement Weeding out the infected slugs from the flow of normal traffic is always a good thing, but I'll be more impressed when Cox stops overselling the service and putting too many people on the same node.  | |
|  newviewEx .. Ex .. ExactlyPremium
join:2001-10-01
Parsonsburg, MD
kudos:1
 ·Vonage
 ·DIRECTV
1 edit | I applaud Cox . . . for their initiative in protecting the rest of the us from their infected customers.
Now if only OTHER ISPs would get off their ass* and do the same thing, the problems of spam and trojan infection would be mitigated tremendously.
*Hear me Comcast?
--
Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket? | |
|  morboComplete Your Transaction
join:2002-01-22
00000 |  sounds good
i like the idea. nice to hear that some providers are making an effort to solve the problem. | |
| | | Within reason I've seen ISP's implement it differently in a T1 environment you usally got and email pointing out a problem and giving you 24 hours to clean it up. I've see cablevision do it and they just cut you off, have fun getting to the tools you need to fix it without service. | |
|  joakoPremium
join:2000-09-07
/dev/null
kudos:5
 ·Comcast
·AT&T U-Verse
| Cox LOL Cox by far has the worst cable systems in the nation. It is totally devoid of any decent content, there is no video on demand (what do you expect from 550mhz systems) they use poor hardware and software (SA + PowerTV).
Of course they are going to avoid upgrading their network, they just market their technical ineptness as "security."
Don't get me wrong every ISP should shut off customers that send spam or are part of botnets but that will increase their support costs. I just don't think Cox has the right to set any examples when they have an old network that needs updating.
--
Am Heimcomputer sitz' ich hier, und programmier' die Zukunft mir | |
| |  MikePremium,Mod
join:2000-09-17
Pittsburgh, PA | Re: Cox LOL This sub-thread will be filled with a bunch of "oh yeah" and demonstrations of companies which suck more. | |
|
| |
|
|
·
