Would ISPs Quarantine You for Insecure Software? IT Architect ( via Slashdot) explores a "threat" that ISPs "may try to restrict the customer's side by denying access to machines based on their hardware or software configuration." Essentially any user running vulnerable software would, according to this writer anyway, be quarantined from the Internet. He suggests Microsoft is campaigning against such an idea because Windows itself could be considered a threat worthy of banning.
|
 | | quarantine well of course MS would be against this..........freaking p.o.s. has holes all in it, but guess what? 95% of us still use it everyday. | |
|  |  ScilicetPremium
join:2005-04-11
Aurora, CO | Re: quarantine We will see after the resultant lawsuits. | |
| | | nosx
join:2004-12-27
00000
kudos:5 | Re: quarantine There will never be a lawsuit, as software companys are not liable.
Why? A few reasons.
1) THE EULA that YOU AGREED TO when you installed their software. It releases them from any liability.
2) IF somehow you managed to hold software companies liable, making software wouldnt be profitable, and they simply wouldnt do it. You would not be able to afford a copy of windows, for 20,000$, if microsoft had to defend itself from lawsuits about crappy code.
There is no such thing as bug free code. Its simply impossible, and has never been done before. All code is writen by humans, and is inherently flawed for that reason. DO NOT blame software engineers for poor code, blame their teachers. Many USA Taught coders are not proficient, as their schools never taught that aspect. Only in the last few years have they even THOUGHT about offering courses in SECURE CODING PRACTICES.
In the end who becomes the teachers? Thats right, the coders that arent good enough to find real work. This means your being taught by the guy that did poorly, and he was taught by the guy that did poorly, etc etc we are in the 3rd iteration of crappy teachers in this country in MANY areas for that reason. There will ALWAYS be exceptions however overall this seems to be the story at most schools.
Lets recap: Holding software engineers and companies liable for buggy software is a terrible idea. The price would skyrocket, you couldnt afford it, nobody would risk writing software, and most importantly ITS YOUR CHOICE TO RUN THAT PARTICULAR SOFTWARE. You accept PERSONAL RESPONSABILITY for the software you CHOOSE to run. The company out there is NOT FORCING you to use their product, so if you dont like it, go grab the latest copy of a competing product. | |
| | | |  en102Canadian, eh?
join:2001-01-26
Valencia, CA | Re: quarantine I agree with you there...
All software has bugs (some may be percieved as 'limitations', others as 'features').
I do wonder what the take on open source would be  | |
| | | | lawrence171Evilly Yours - Evilness
join:2001-12-24
Canada | Microsoft don't write "crappy" code. Its just that with 95% of desktop market-share, its hard for it to not be a target.
--
What I used to be I no longer am... God, why can't you freeze time for my sake? | |
| | | | |
approval from:
shrtckt1 
| Re: quarantine are you f*cking kidding me!?!?!? the problem is that they have 95% of the market share so they don't care how crappy the pos o.s they write is. If it works it will sell. Tell me the RPC buffer overflow vulnerability wasnt due to crappy code. you clearly have NO idea what you are talking about. Maybe if they lost some of their market share they would clean up their act a little bit.
| |
| | | | | | lawrence171Evilly Yours - Evilness
join:2001-12-24
Canada | Re: quarantine said by clumpy :
are you f*cking kidding me!?!?!? the problem is that they have 95% of the market share so they don't care how crappy the pos o.s they write is. If it works it will sell. Tell me the RPC buffer overflow vulnerability wasnt due to crappy code. you clearly have NO idea what you are talking about. Maybe if they lost some of their market share they would clean up their act a little bit.
If someone can write an OS that's as logical and easy to use as Microsoft Windows, and runs on the PC platform, I'm still waiting.
--
What I used to be I no longer am... God, why can't you freeze time for my sake? | |
|
|  a
@qwest.net | that's because 95% don't know any better. | |
| |  9143930615,000 Watts of Bass Power
join:2002-10-16
New Milford, CT | Quite the contrary. MS would love to push the TCPA platform on us. ISPs requiring TCPA-enabled hardware would force a lot of people into it that otherwise would avoid TCPA like a plague. | |
|
 MattAll noise, no signal.Premium
join:2003-07-20
Jamestown, NC
kudos:12 | In other news.... ...all ISP's have decided to go out of business by banning any customer who runs Windows. | |
|  pnh102Reptiles Are Cuddly And PrettyPremium
join:2002-05-02
Mount Airy, MD | Dumb Idea Why not just disconnect everyone from the Internet? This will prevent all possible security compromises.
But seriously folks, this is a really stupid idea. Any configuration is bound to have some security problems. The best approach still remains a combination of user education and reactive policing by ISPs when users do cause trouble.
--
Rove / Rumsfeld 2008! | |
| Primis1
join:2005-06-13
Coldwater, MI | 3 Fingers pointing back I like how ISP's (who aren't even capable of closing email relays on their own end) suddenly think they're judge, jury, and executioner on what's secure and what isn't.
If they're going to block any and all insecure software from access, the first thing they'll have to do is take *themselves* completely offline. | |
| |  Wills
join:2001-01-03
Port Charlotte, FL | Re: 3 Fingers pointing back They are Judge, Jury, and Executioner because it's their freakin network...
Why do you people find that so hard to grasp? They can do anything they want. Will they lose customers? Yep. Will they go out of business? Probably. But it's still their decision.
The still retain the right to refuse service to anyone.
--
I have a shaved head, a goatee, and tatoos. Don't you realize the rules don't apply to me. | |
|
 kamm
join:2001-02-14
Brooklyn, NY
1 edit | They have zero rights to do so. I think it' nothing but some fearmongering - I can't imagine any ISP to be this dumb, to try this. | |
| | Reviews:
 ·Shaw
| Re: They have zero rights I don't know how things are run in your world... but here in the real world an ISP can terminate or suspend service to any customer, especially if the said customer is a home subscriber.
My ISP, Shaw Cable, DOES suspend users who have worms or trojans on their systems.
It an ISP disconnects you from their service because you are running a pre SP1 WinXP workstation your ISP is doing you a FAVOUR. | |
| | |  tapeloopNot bad at all, really.Premium
join:2004-06-27
Airstrip One
kudos:1 | Re: They have zero rights said by wilburyan:I don't know how things are run in your world... but here in the real world an ISP can terminate or suspend service to any customer, especially if the said customer is a home subscriber. My ISP, Shaw Cable, DOES suspend users who have worms or trojans on their systems. It an ISP disconnects you from their service because you are running a pre SP1 WinXP workstation your ISP is doing you a FAVOUR. Yes, but there's a difference between treating someone for having tuberculosis and quarantining them for not washing their hands with antibacterial soap.
--
Copyright infringement is illegal. Murder is illegal. Therefore, file sharing is murder. | |
| | | | Wills
join:2001-01-03
Port Charlotte, FL | Re: They have zero rights Not in my hospital. I'm going to shoot you and burn your body for both tuberculosis and not washing your hands. It's my hospital, if you don't like it, go someplace else.
Don't have anywhere else to go? Sit down, shut up, and enjoy the bullet.
--
I have a shaved head, a goatee, and tatoos. Don't you realize the rules don't apply to me. | |
| | | | | tapeloopNot bad at all, really.Premium
join:2004-06-27
Airstrip One
kudos:1 | Re: They have zero rights Wow. Someone take away your coffee today friend?  Hippocrates probably would have had a few choice words for you. Then again, he never had to remove WildTangent from 10 Dell machines...
--
Copyright infringement is illegal. Murder is illegal. Therefore, file sharing is murder. | |
|
| | | | said by wilburyan:It an ISP disconnects you from their service because you are running a pre SP1 WinXP workstation your ISP is doing you a FAVOUR. That is complete bull sh#$. I can have a WinXP SP1 running behind a nat router, running behind a firewall, not running as admin and I hand it off to the wife and she wouldn't pick up a worm, virus, or anything else. Its all about configuration and having a bit of knowledge of what you are doing. So to tell me that a pre SP1 is the issue is bull sh#$. Yeah SP2 has less security holes and other fixes but its not 100% needed to lock down the system.
There is no need for an ISP to blindly lock people out without having a better reason then simply what version of an OS they are running. | |
| | | | Reviews:
·Shaw
| Re: They have zero rights If you have workstation(s) behind a router than it doesn't matter... but if it's behind a router your ISP really has no idea what you have connected to it in the first place.
Also, notice I said pre SP1... not SP1. So no service packs whatsoever. I have an older XP cd that has no service packs, when I install XP from it and connect the computer directly to the internet I get dominated with everything under the sun within 10 minutes... it's really quite amazing.
I'm not saying folks like you should have their service suspended... but those who are running wide open and unprotected (and likely already infected) should. | |
|
| | | | said by wilburyan:I don't know how things are run in your world... but here in the real world an ISP can terminate or suspend service to any customer, especially if the said customer is a home subscriber. My ISP, Shaw Cable, DOES suspend users who have worms or trojans on their systems. It an ISP disconnects you from their service because you are running a pre SP1 WinXP workstation your ISP is doing you a FAVOUR. Tell shaw cable they are dumb idiots for me will you?
They are doing you a favour? The only thing they are doing is being annoying idiots. If I want to run a machine without SP1 I SHOULD BE ALLOWED TO DO SO. | |
|
| |  Just block everyone then.
I don't care what software/hardware you use. Windows, Unix, Linux, etc can all be made insecure by putting the configuration of it in the hands of someone that doesn't know what he/she is doing. Yeah I agree MS is the worse at security but heck, give Linux to someone that doesn't know better and see what happens. Watch as said person installs every piece of software that some unknown email or website told them they need to install. Yeah there won't be the mass worms like we see in windows but just because other OS's are more secure doesn't mean the users will all of a sudden become smart and properly secure their box.
Go ahead ISPs...start shutting people down. Watch as all your money dries up. Maybe we will get lucky and get rid of some of the sucky ISP companies and start over with some new blood in this market. I guess we can hope anyway... | |
| |  ifarrell
join:2000-08-10
Willow Spring, NC | Re: Just block everyone then. Yep, here we go. A bunch of Net Nazi's who have no clue themselves, blaming everyone else for their own problems.
What will happen is they'll start blocking users who have taken proper security precautions and then it will be up to that user to prove beyond reasonable doubt that they are secure. Guilty until shown innocent. | |
|
| | Why is this suprising? These are the same companies that want to block VoIP, charge you based upon the sites you visit, and 'scan' all your traffic to prevent you from viewing disney material over the internet (Verizon), so this shouldn't be too surprising. Before long, they will restrict it as part of the homeland securities plan to 'stop terrorists' and other Patriot act violators like P2P users.
Stand back a minute and look at the 'big picture'. Start with the TCPA chip in all boards 'legally' sold in the US in 2007. Next, add in longhorn to the mix, which will only run with TCPA. Next, add in the restrictions as to what you can do with your computer, courtesy of the **AA's. Finally, give the NSA the power to automatically keylog everything you do.
This is only being done to prevent terrorists from using the internet to attack the US interests. You DO want to stop terrorists, right? Cause terrorists use the internet all the time to plan their nefarious attacks. And it's not just foreign terrorists, it's the home grown kind too. You know, those that want stuff like seperation of church and state, and government oversight, and that document that the administration considers nothing but a pesky roadblock (the constitution).
The solution, of course for the home user, is to encrypt everything leaving your house via an Open Source encryption routine. That would prevent the ISP from finding out what traffic/OS you are running over your connection. But that will never happen, cause only terrorists use encryption. If you've got nothing to hide, why would you need encryption anyway? | |
| | jp10558Premium
join:2005-06-24
Willseyville, NY | Re: Why is this suprising? I think these issues are exactly the reason freenet was developed. Sad that it barely works at all, and is just getting to 0.7 stage. . . | |
| | | | said by G_Poobah:Stand back a minute and look at the 'big picture'. Start with the TCPA chip in all boards 'legally' sold in the US in 2007. Next, add in longhorn to the mix, which will only run with TCPA. Next, add in the restrictions as to what you can do with your computer
All new Mobo's will have TCPA in 2007.? Fook that,Fook all them facist nazi bastids.
Now ISP'S want to play internet police.? IMHO i believe they stand more to lose that cancelled subscriptions.Example they cut off service to an internet junkie,some junkie may just sabotage the whole damn network on em.
said by G_Poobah: This is only being done to prevent terrorists from using the internet to attack the US interests. You DO want to stop terrorists, right? Cause terrorists use the internet all the time. The premise of your arguement here is ..BBR members who post on these and other public boards ARE the terrorists in the eyes of the current Bush Junta.?
said by G_Poobah: You know, those that want stuff like seperation of church and state, and government oversight, and that document that the administration considers nothing but a pesky roadblock (the constitution). Another words current members of the legislative,executive and judicial branches of government.
--
Bass....the glue of rhythm and harmony...the heartbeat of the band.! Shaking the earth with deep,sonorous vibrations.The dark ominous thunder of an approching storm. | |
|
 CheesePremium
join:2003-10-26
Naples, FL
kudos:1 | Um Unless they require you run something, HTF are they going to know what each and everyone's "software or hardware" configuration is. I don't buy this one bit.
Did find this though.
It seemed crazy at the time, but the required technologies are now becoming available. Vendors call them by different names, but all use an agent on the client to verify its configuration. If the agent reports software (or in more advanced versions, hardware) that isn't on a white list, access is denied.
Seems they would require a piece of software to be run. So it seems like they want to spy on your pc, to determine if you own certain hardware or software, to ban you from the internet. Lovely, just lovely. | |
| | | Interesting Idea... I thought of this a while ago but someone brought up a good point to counter my argument for it.
That person said a lot of people don't update software because of the issues it causes. So for example, for those that use Windows, a lot of people didn't update to SP2 because it was causing issues. Completely understandable, but if the ISP said "We want everyone running SP2", they'd cut you off after a certain amount of time from the internet and cause a bigger problem with you.
Plus, who is to decide what is unpatched/insecure software and what's not? I'm all for shutting off virus-laden computers off of a network; I think most of us would agree. In the example of SP2 again, some companies refused to use it because of the problems it caused. So would they be at fault and shut off the network because of an 'unpatched' system? It certainly wouldn't be fair to them if it cut down on productivity. Along those lines, some people had NO problems with SP2.
I guess it all depends on the severity of the update and what kind of update it is, but it's certainly not fool-proof, though it is an interesting idea. | |
| Reviews:
·Hargray Cable
| Girl I worked with was cut off My ISP Hargray.com cut off service to this clueless girl I worked with. Her computer was controlled by bots doing all sorts of stuff. The thing is you really shouldn't have to have a degree in computer science to have an internet connection, all this girl really used the computer for was e-mailing and surfing. A computer should come out of the box safe or fairly safe. There shouldn't have to be thought to hook the thing up to the internet and not be taken over as soon as you connect. | |
| | Reviews:
·Shaw
| Re: Girl I worked with was cut off But you do have to have some working knowledge about software updates, anti-virus, and a working firewall.
MS has tried to simplify this be making the firewall enabled by default in SP2, automatic updates, and notifying the user that their anti-virus protection isn't up to par (or even present).
A car is a hell of a lot easier to operate than a computer in most cases... and you need a liscence to drive  . | |
| | Wills
join:2001-01-03
Port Charlotte, FL | And you shouldn't have to change the oil in your car. You shouldn't have to buy new shoes when the old ones don't fit. You shouldn't have to sharpen the blade on your lawn mower. You shouldn't have cut your hair, or brush your teeth, or wipe your butt after you poop....
Everything should come out of the box specifically made for the lame, stupid and lazy right?
--
I have a shaved head, a goatee, and tatoos. Don't you realize the rules don't apply to me. | |
| | | Reviews:
·Hargray Cable
| Re: Girl I worked with was cut off No lame and lazy aren't the right words. Yes you need to update but what I do to secure my computer is beyond many people and just to techie for them.
If these lame and lazy people could easily secure their computer it would be a lot less work for the rest of us.
I can tell, you would probably just be an ass to someone who asked you what to do. That's part of the problem. | |
|
|  Fluker
join:2005-04-07
West Lafayette, IN | A computer ought to not be targetable by worms only seconds after it is jacked into the internet though.
Sorting junk from tools is not too much to ask of a user. However the number of patches required to have a direct connection is just insane. | |
|
| | I have no problems I would prefer that ISP's quarantine malware. And the easiest way to do that is to block service to users who do not have current AntiVirus/AntiSpyware. I'd also be in favor of those running Norton and McAffe getting a lower quality of service. We have had more issues than I can count regarding those two pieces of crap software. I could care less what OS you run, as long as it isn't ME, there again not because it would cause problems, but you'd be doing the customer a favor.
But what it all boils down too, is the current regime would prefer to put restrictions on ISP's rather than fixing the countries education system. If the users in general had half a brain, malware wouldn't be the problem it is today. I see that proven out everyday, at least on my network, the problem users are the younger kids that should have been taught all of this in school. | |
| | | | Re: I have no problems said by jazzy112:I would prefer that ISP's quarantine malware. And the easiest way to do that is to block service to users who do not have current AntiVirus/AntiSpyware. I'd also be in favor of those running Norton and McAffe getting a lower quality of service. We have had more issues than I can count regarding those two pieces of crap software. I could care less what OS you run, as long as it isn't ME, there again not because it would cause problems, but you'd be doing the customer a favor. But what it all boils down too, is the current regime would prefer to put restrictions on ISP's rather than fixing the countries education system. If the users in general had half a brain, malware wouldn't be the problem it is today. I see that proven out everyday, at least on my network, the problem users are the younger kids that should have been taught all of this in school. NO. You shouldn't need to have anything on your comp. You should run the computer like you want. I am not going to pay another $3000 for a machine that I CAN'T decide what I want to do with it because my ISP says so.
Just because joe bob down the street is computer illiterate now I should have to run unnecessary software? | |
| | | Fluker
join:2005-04-07
West Lafayette, IN | Re: I have no problems Right and if you secure your stuff - then do as you will.
I'm sure an ISP would rather waste 50gb in upstream knowing that you are using their service for your benefit than have an uninformed user use 100mb to help DOS ebay for an hour.
I think a rearely mentioned reason that upcaps are kept so tight is because a rogue machine with a 3mb symmetrical connection can be a very busy little b4stard once it gets hijacked.
If I got a letter saying that trading unedited DV with my friend is not cool - Bet I'm switching to a competitor.
But is anybody going to be ditching their service because "X won't let me have a compromised machine if I want to"? | |
|
BVT
join:2004-10-25
Mount Juliet, TN | Solution for broadband The solution for broadband is to require a router for a connection. Close off all ports not needed for simple email & browsing.
Everyone will still have the ablility to open ports if they want. Maybe only 10% of the population would tho, since they would not know what they are doing.
This will help control P2P traffic also. The **AAs would love this. Maybe even help fund the deployment
I do not know how to control dialups unless you place an agent on each computer that updates the system & manages the firewall, spyware & antivirus. | |
| |  richk_1957If ..Then..ElsePremium
join:2001-04-11
Minas Tirith | A good idea - in *Theorey* But in the real, practical world - forget it. First nothing is perfect. You dig hard enough into any software and you are bound to find 'vulnerabilities' of some sort. Every OS has some - windows, because it is the most used, appears to have the most. Face it, we'd all like to have to have multiple security programs installed [firewall, anti-virus, anti-spam, anti-spyware to name a few] but this is the real world, with bad guys out there, and that's not going to happen.
First thing, who makes the decision of what software is or is not vulnerable? Personally, I don't want anyone making that decision for me. If the government was what it's supposed to be, for the people, not big corporations [RIAA, MPAA, etc] I *might* trust them [but probably not] - and with TCPA right around the corner, we might not have any choice.
And someone suggested that all ISP's provide a router that would have everything blocked off, except for general surfing & email, but could be opened by someone who knew what they were doing. Sounds great, until you have someone who finds out how to open ports, but not know what that means - and the cat's out of the bag - forget that solution. | |
| amungusPremium
join:2004-11-26
America Reviews:
 ·AT&T DSL Service
| blah blah blah "A computer should come out of the box safe or fairly safe."
true, there should be a better way of securing the box automatically for the common user. Many can't understand that the 'net is constantly crawling with this madness....
"There is no such thing as bug free code. Its simply impossible, and has never been done before."
mostly true, ..but what if essential os components etc were hard coded... in ROM. That would be nearly impossible to mess with. much like an old nintendo.
...imagine... here's your windows, on a ROM drive. all other drivers must be added to your own (hopefully secure) flash or hd. ..I know, too expensive now... but it's better than being forced into having your mobo flashed with this "trusted" computing consortium that strips your rights to even use your own computer without big brother's approval | |
| | | | Re: blah blah blah I am the Network Manager of a small wireless broadband company. The IPS/IDS devices I run sit between my private network & our uneducated customers.
When something, or someone's PC, is dogging one of my locations, I have the luxury to look at those devices first, to determine what virus, trojan, etc. is hammering my network & from what PC. If the threat is serious to my upstream network - the customer is MAC blocked instantly.
Our technicians provide a virus cleaning disk to the customer to clean their PC; we check them out thoroughly & then allow them back onto the network.
I see nothing wrong with protecting my bandwidth from uneducated customers who refuse, and sometimes just cant afford, an antivirus program. | |
|
Fluker
join:2005-04-07
West Lafayette, IN | A new ultimatum There is no real reason that a desktop machine (and ESPECIALLY A HOME COMPUTER) needs a publicly routable IP address. Use a router with port triggering for your gaming and p2p. as far as servers. Well, alternatives exist.
I actually had never thought of something like this and it makes a lot of sense to me. I'd love to see detection and masking of windows machines by ISP's. Who do you think is being recruited by botnets? Not the 5% of non-MS desktops.
If the modem that is handed out detects a router. Open access is ok because worms cannot wander in.
If a direct connection to a windows managed nic is there. Filtered access is mos def needed. That modem's activity light that blinks even when the PC is off is only asking for trouble and ought to be taken care of.
I'm really surprised that more ISP's don't simply offer routers or even modems that default to some sort of built in NAT. The concept of directly jacking a windows PC into a modem is appalling to me. I enjoy my privacy and exclusion from botnets. | |
|
| |
|
|
·
·