from the first-step-on-the-slippery-slope dept.
The recent effort to disrupt the Gameover Zeus botnet includes plans for Internet service providers to notify victims, but some security researchers think ISPs should play an even bigger role in the future by actively quarantining infected computers identified on their networks. Law enforcement agencies from several countries including the FBI and Europol announced Monday that they worked with security vendors to disrupt the Gameover Zeus botnet, which is estimated to have affected between 500,000 and 1 million computers. "Individuals in the U.K. may receive notifications from their Internet Service Providers that they are a victim of this malware and are advised to back up all important information - such as files, photography and videos," the U.K.'s National Crime Agency said in a statement on its website.
Notifying Internet users of malware infections, especially when their computers become part of known botnets, has become a relatively common practice for some ISPs in recent years. For example, in the U.S., Comcast introduced security alerts for its Xfinity service subscribers back in 2010, while in Germany the government partnered with ISPs to notify users whose computers are infected with malware on an ongoing basis and help them clean their machines.
Related Stories
Furthermore, since we don't log IP addresses in access.log, and IP's run through Slash are turned into IPIDs, its hard to get an idea of where our userbase is (the general feeling is the vast majority of us are based in the United States, but even then, that's more because our peak hours of traffic are between 4 and 10 PM EST). We've wanted to get a better idea of what our traffic and userbase are, so we're asking permission from the community to install piWik, and embed its javascript tag in the footer of each page, which will give us a wide berth of solid information to work from.
(Score: 3, Interesting) by jasassin on Thursday June 05 2014, @12:30AM
I was part of a BITNET and my ISP just joined me. It wasn't until I called and then they told me. At least they shut me down so I could reinstall and have them confirm, yes I'm online, and no I am not shooting out whatever the not was doing. I appreciate it. Even if they just turned me off. The problem was solved the same day I was turned off.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 5, Interesting) by frojack on Thursday June 05 2014, @12:52AM
I've often thought this would have stopped many viruses in their tracks, and almost all of the spam bots.
I knew a guy who was the manager for an large-ish ISP, and I asked him why they didn't automate this, and the answer was that they didn't want to seem creepy. If they called up Aunty Polyester and told her that her computer was spitting emails non-stop at all hours of the day, she would get all upset because someone was "reading her emails."
You still see this mentality today, every time google pops an ad up on a gmail page that happens to mention some product your friend just emailed you about, people accuse google of reading their mail.
Comcast now just offers you free antivirus software [comcast.com]. (No thanks guys).
No, you are mistaken. I've always had this sig.
(Score: 2) by jasassin on Thursday June 05 2014, @02:34AM
I wondered this too. Your post was very enlightening.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 5, Interesting) by sjames on Thursday June 05 2014, @12:43AM
Absolutely, positively no. I had enough trouble getting Comcast to stop blocking SNMP so I could monitor my network from home. I also periodically get security alert texts from them saying I seem to have a virus. They are windows viruses and I don't have windows here.
I do not need to keep getting quarantined for viruses I can't possibly have.
(Score: 4, Insightful) by frojack on Thursday June 05 2014, @01:18AM
So you're the one?!?
That crap belongs in an ssh tunnel, or at the very least use Transport Layer Security, where comcast wouldn't know what was in there. Sounds like they were doing you a favor.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Thursday June 05 2014, @01:54AM
Fine, but at some point they will clamp down on ssh traffic. Presumably botnets are already using it. Though I suppose at that point you could just run your ssh server thru port 80 or something.
(Score: 2) by sjames on Thursday June 05 2014, @02:24AM
Why would I want to do that? It's an RO community for monitoring and is only accessible from specific IPs. Anything that can actually change anything or expose data goes through ssh.
The NSA is not likely to be all that interested in how much traffic switch port 5 is carrying.
And, in fact, I had to explain to them that no, I don't mean mail.
(Score: 3, Interesting) by Angry Jesus on Thursday June 05 2014, @04:00AM
Your SNMP configuration might be set up that way but in general SNMP is a huge mess, they are right to block it by default because the people who do understand it enough to make sure it isn't vulnerable are rare as hens teeth.
(Score: 3, Interesting) by sjames on Thursday June 05 2014, @04:25AM
My problem with it is that even getting them to understand that I don't mean email and that I'm quite sure it isn't a problem with my outlook setup was like pulling teeth. If they're going to block potentially useful things for security purposes they need to be ready to unblock them painlessly. Based on experience I don't think they're up to the task at this time.
And, as I said, I have gotten quite a few security alerts for viruses that cannot possibly be on my home network. I can just imagine the hours of fun trying to get their support people to understand that no windows = no windows virus. The fact that I got the alerts suggests that they need to make a few adjustments to their detection heuristics.
(Score: 2) by Angry Jesus on Thursday June 05 2014, @05:18AM
In this case I disagree. I don't think they should be expected to unblock snmp because you can use it through a tunnel like frojack said and since you want expert-level access it is seems fair to expect you to use expert-level skills to make it work.
> And, as I said, I have gotten quite a few security alerts for viruses
That's a different issue and I have no way to make an informed comment on it.
(Score: 2) by sjames on Thursday June 05 2014, @06:27AM
I paid for the entire internet, every port of it. a raw connection. Besides that, it's a pain to try to do UDP through ssh (since it only forwards TCP or a full tunnel with funny routing). It becomes especially problematic if the machine I have available to be a tunnel endpoint is on the other side of the router I want to monitor.
Why should I have SNMP blocked because some corporate fumblefingers couldn't properly secure his router just in case I might turn out to be a black hat?They can block the port if they get an actual abuse report from somewhere.
(Score: 2) by Angry Jesus on Thursday June 05 2014, @04:26PM
> Why should I have SNMP blocked
Limited resources. Your case is exceedingly rare, you may well be the only customer who has wanted that. It doesn't make sense to put in place an entire system for handling such a rare exception - it isn't just a matter of setting a flag, it is all the training around it, phone-support has to know about it, engineering has to be aware of it in case you do screw up and get owned, and they also have to keep it in mind when doing any major system changes that might break it, customer database has to have a field to track, etc. It all adds up to a high price for a very rare exception.
(Score: 2) by sjames on Thursday June 05 2014, @05:29PM
If I screw up and get owned, it will be at the datacenter downtown and completely not Comcast's problem (not their network, not their datacenter). All I'm doing at home is querying a device on the network at work.
They already had a mechanism to subvert NXDOMAIN replies to send customers to a search page, and a flag that could be set to disable that "feature" for any customer who cared. They also already have a setup to give customers a non-routable IP and redirect them to an internal website on a customer by customer basis. They use that for cablemodems that haven't been registered yet or (presumably) for delinquent accounts).
They implement the block through a configuration sent to the modem. They already have a configuration control system that can customize the config to each modem. If a system change breaks that, their customers will all be down anyway.
I know for a fact that I am not the only customer to need SNMP unblocked.
(Score: 2) by Angry Jesus on Thursday June 05 2014, @07:33PM
I didn't expect you to see it any other way.
(Score: 2) by sjames on Thursday June 05 2014, @08:09PM
So, any other ports/protocols you figure they should block because you don't use them? Perhaps IRC, a few popular gaming ports, torrent? How about FTP, nobody uses that anymore. Oh, and telnet and port 80 (you should be using https) We'll change the name to WAMSP (Web and Mail service provider). And of course, block SIP (damages profits).
(Score: 1) by Angry Jesus on Thursday June 05 2014, @08:12PM
> So, any other ports/protocols you figure they should block because you don't use them?
That is indeed why I think you are wrong, because I don't use SNMP. Of course, I've been coding SNMP apps since snmpv1.
BTW, Comcast's reason for blocking snmp in both directions is because it is easy to recruit into a reflection DDOS.
(Score: 2) by sjames on Thursday June 05 2014, @08:47PM
How will my CLIENT behind a NAT get recruited into a DDOS attack? How would it be a problem if they followed the usual firewall rules where the outbound UDP permits the reciprocal reply packets?
(Score: 2) by Angry Jesus on Thursday June 05 2014, @10:02PM
> How will my CLIENT behind a NAT get recruited into a DDOS attack?
Again, you are not the common case. It is unreasonable to expect them to set policy based on exceptions. You will never see that, so I won't respond any more.
(Score: 2) by sjames on Thursday June 05 2014, @10:47PM
So how does a customer with a firewall (from their AP/router) and no client or server become a dos amplifier for SNMP?
I guess you are against net neutrality.
(Score: 5, Informative) by Hairyfeet on Thursday June 05 2014, @12:48AM
Because they can and WILL use this "you're infected" excuse to keep from giving their customers what they paid for! I got that "you're infected" shit from a previous ISP (A WISP that apparently don't even understand how networks function, a place so badly run I could literally see every person on the same tower as me by using network neighborhood with an XP VM) and finally the last i time I brought the laptop I was using at the time (which was running Xandros Business) and said "here show me this supposed virus or give me my money back!" only to watch gob smacked as their "tech guru" tried to install Norton for WINDOWS on a Linux laptop and just couldn't understand why the .exe wouldn't run!
So I'm sorry but no, just...no. in a perfect world this would work but IRL they will look at a "typical user" which will be based on "granny Pipkin who uses the Facebooks with IE" and ANYBODY who doesn't fit that usage pattern? Why they MUST have a virus!
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by kaszz on Thursday June 05 2014, @01:35AM
> only to watch gob smacked as their "tech guru" tried to install Norton for WINDOWS on a Linux laptop and just couldn't understand why the .exe wouldn't run!
OMG.. ROTFL.. ;-)
If you had filmed that it would had pulled some serious video view ratings ;)
When a windiot see unix everything looks like a windoze problem.
(Score: 3, Interesting) by Hairyfeet on Thursday June 05 2014, @01:52AM
Actually I build sell and support Windows machines so you would probably call me a "windiot". I was only using Xandros because it had frankly better AD support than XP and I was having to support corporate networks at the time.
Of course the second the Linux "community" found out they paid MSFT for access to their AD and Exchange APIs so they could build a superior solution? they shit their shorts and boycotted Xandros until they went out of business. Now I wouldn't run Linux if you paid me as its all the same, lousy drivers, zero upgrades without serious breakage, its a fucking shame but that is what you get when you care more about politics and GPL "purity" than having a solid OS.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by kaszz on Thursday June 05 2014, @03:24AM
Well you actually seems to have a big clue on systems besides MS-Windows so I would not call you such names. Think of it as a name for a stereotype that really only knows Windows and truly believes everything is Windows. And that there can't be anything else etc. Computer structure and design would of course also be thought in company specific lingo and not general terms.
Sorry if you took it personally.
(Score: 1, Interesting) by Anonymous Coward on Thursday June 05 2014, @03:25AM
That's funny considering your always getting quoted on Linux Insider [linuxinsider.com].
(Score: 2) by Hairyfeet on Thursday June 05 2014, @07:30AM
What can I say? I'm the only non koolaid drinker at a place full of winos. I have to bring a little sanity to the place.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 3, Interesting) by Magic Oddball on Thursday June 05 2014, @12:05PM
I have no doubt that you're telling the truth about the experience and not trolling, but you should update your info so the rant at least partly reflects reality within the past several years. I only have a clue how long it's been because I had to look Xandros up in Wikipedia to know for sure what you were referring to.
Here's a hint: I've used Linux for 6 years across 6-7 systems yet haven't experienced bad drivers or updates breaking things unless I seriously fucked up (and if I blow it that badly, the whole OS tends to go south whether it's Linux or Windows). Only a very small percentage of distros care about whether software/drivers are even FOSS let alone GPL, and most of them make it easy for users to access repositories with closed-source stuff.
MX-14 [mepiscommunity.org] is the new distro I just installed from live CD to try out, in case you want to avoid having your rant sound like a ignorant troll's FUD. They've got versions for modern & ancient (non-PAE) computers, so you can always toss it on a retired system if you wish to see whether everything is still FOSS/GPL-only and see whether updates break things.
(Score: 2) by Hairyfeet on Thursday June 05 2014, @02:49PM
The Hairyfeet Challenge has stood for SEVEN YEARS with ZERO distros passing, and the rules are quite simple. Take a distro released 5 years ago (if the test weren't slanted in favor of Linux it would be a distro released the same date as Vista or Win 7, the last 2 versions of Windows still supported, that would be 6.04 for Vista and 9.04 for Win 7 if you were using ubuntu) and NO LTS since Canonical has stated quite clearly (including on their own site to scare away anyone curious) that LTS is NOT for consumers but for BUSINESS, make sure you have ALL the drivers working INCLUDING WiFi connected via WPA V2 and then update to current using ONLY the GUI, as any normal user would and any Windows system can do without fail.
I'm sorry but you can cry FUD all you want but I will bet my last dollar that YOU WILL FAIL and the reason why is simple...the Linux driver subsystem is a load of ancient 70s garbage. If Windows still used .VXDs and .INIs you'd laugh, right? Well guess what? the UNIX subsystem being used by Torvalds is soooo fucking old that would be considered cutting edge technology!
You seem to be intelligent so you ought to be able to follow the most basic of math which will show quite clearly that the entire basis of Linus Torvalds "design" which just FYI NOBODY else, neither free nor non free, uses because...well they can do math and see how it doesn't calculate, is the "let the kernel devs handle drivers". Here is the GIANT FAIL with that line of reasoning...there is MAYBE 500 devs (more likely less than 100, I'm giving Torvalds a BIG benefit of the doubt to show that even with 5 times the manpower it will still not work) that are qualified to both write and troubleshoot low level drivers, following? Okay you have 500 devs and...100,000 drivers! And over 3000 NEW drivers released each month?? NOW do you see why it fails? Its because if you kept all 500 devs up 24/7 and the ONLY job they did was drivers (which they are kernel devs which means very little of their time is actually spent on drivers) they would spend maybe 5 minutes on each drivers every 4 years, with that number increasing every 5 years until we get to today where the majority of drivers are probably never looked at as these [osnews.com] posts [osnews.com] show quite clearly [narod.ru]. Please note the last one, which are clearly show stoppers and just FYI most of them? Can be traced back to the original link of that post which was put up in 2009...FIVE years ago and the majority still aren't fixed? I'm sorry but the Linux driver model just doesn't work and as long as Torvalds and his old boys club are in charge things won't be getting better.
BTW if I wanted to troll I wouldn't have bothered coming up with the Hairyfeet challenge or listing the results for 3 years (until the bandwidth overage charges and Linux fanboys calls of use distro X [tmrepository.com]) made it no longer worth my time. Just FYI I tried PCLOS and Ubuntu as late as 6 months ago...wireless failed on both by first update, sound on second for ubuntu, third on PCLOS, both OSes were unusable before they hit the year 3 mark.
No if I wanted to "troll" I would simply point out your post is a variation on the Ubuntu Plus One TM [tmrepository.com], that even though MSFT has released an OS as hated as Windows ME that Linux hasn't gained squat [wikimedia.org] but even gaining nothing would be spun at places like Linux Insider as a cause for a Linux party! [ytmnd.com] One takes a half hour, including making sure links are current, the other takes 3 minutes. ;-)
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 1) by yours truly on Thursday June 05 2014, @04:23PM
Over the years I have enjoyed your posts, from the trenches as it were, and hope this will be received in the spirit it is intended.
My native language is English and my German is extremely good. When I am not speaking English I do not think in English.
I have been using Linux for well over 15 years. I think in Linux, can't think in Windows and don't understand your challenge.
The last machine I got with Windows on it had something like 40 GB for Windows (if I remember correctly). I blew that away and made 3 partitions of about 12 GB and a swap partition. When a new version of Linux appears I don't "upgrade" or whatever, just install into the longest-unused partition and copy the home directory over. If there are problems it is easy to go back. Would that even be possible with Windows?
Obviously I'm not one of your run-of-the-mill users. And I doubt that they could do -- or even understand -- what I do. But that is what support is about and all "users" need support. As best as I can tell they just want "it to work".
(Score: 2) by Hairyfeet on Friday June 06 2014, @02:09AM
I always try to cut slack to non native speakers, i know what a bitch English can be. the challenge is VERY simple and is a pretty accurate simulation of what a typical user would go through if they had bought a system with Linux over one with Windows. this test was created show those that say "Linux is ready for the desktop!" or "You can replace WinXP with Linux!" that NO YOU CAN'T because it simply will fall apart.
Since the challenge was made first when Vista was released lets for the sake of argument use Vista as the base, okay? that means you download ANY mainstream distro (NOT LTS because Canonical says on their website DO NOT use LTS unless you are a business user) from the same quarter that Vista was released...if you were using Ubuntu that would be 6.04. You then get the whole system INCLUDING wireless working...in this part of the test you are the retailer so feel free to use CLI, Google for fixes, whatever it takes. Once you have everything working perfectly, including being able to use WiFi with WPA V2? You then simulate what the poor home user would experience by updating/upgrading using ONLY the GUI.
What this test shows, pretty conclusively I might add, is that when given the most basic of tasks, to update itself without trashing its own drivers, that Linux fails and fails badly. If YOU can make it work? I'm glad, i can run a 300 node server network but that doesn't make either you nor I a typical user. This challenge simulates what a REAL typical user would experience if they had bought an ubuntu laptop from the store instead of Windows and honestly their experience would NOT be a pleasant one. I can take a laptop or tower from 2003, install XP RTM and update it to EOL, that is a full 12 years of support and it will suffer NO driver breaks, NONE. Now THAT is what Linux is REALLY competing against and it just fails utterly. I wish it weren't so, nearly a third of my cost as a system builder is OEM copies of Windows but until Linux can update withoiut trashing one or more of its own drivers? then it just isn't a suitable replacement for Windows or OSX.
ironically all that is ever said about the hairyfeet challenge is that I'm either "trolling" or "being unfair" in expecting Linux to even have that most basic of functionality! I mean WTF, how low is the user's expectations of Linux when asking for working hardware is being an unfair troll? "ZOMFG he wants working sound? FUCKING MONSTER!". I even had one trying to claim he "beat" the challenge...when I asked him "Where is the sound and Wifi?" he said, I swear to fucking God, "Oh I left those out"...because users don't actually need networking or sound, nope, just bask in the freedom of a crippled system, that's enough...for fuck's sake, I'm not asking for miracles here, merely that Linux be able to do what Windows could a decade ago...is that REALLY too much to ask?
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by el_oscuro on Saturday June 07 2014, @01:25AM
The Hairyfeet Challenge would be hard for any O/S, especially Windows. Back in the day when Windows 95 was the new thing, I bought the upgrade CD and attempted to upgrade my Win 3.1 installation. The upgrade of course failed and Microsoft support suggested I do a clean install. The problem was, I had the upgrade CD and couldn't to a clean install. In order to workaround it, Microsoft support provided a solution to fool the CD into thinking it was an upgrade instead of a full install:
C:\> dir > NTLDR
Apparently, the Win95 installer just looked for certain files and creating a dummy "Windows NT" boot loader was sufficient.
The thought of actually trying to upgrade a WinXP machine to Vista or 7 and actually expecting anything to work is unimaginable.
Ironically, the machine I am writing this on did pass. It is a Dell Ubuntu that I purchased in 2007 with 7.04 running on it, and I am now running 13.04. All of the upgrades until about 10.04 have been in place, by going to Synaptic package manager, and clicking on the "Install distribution upgrade" button. No muss, no fuss. I am using wireless, and this has worked throughout every upgrade. The hardest part of configuring Wireless has been typing in my 27 character Verizon password.
After 10.04, my system had accumulated a lot of crud as any system would. It still worked fine but just needed to be cleaned up. I got a new hard drive and created a separate partition for $HOME, along with 2 partitions for the O/S. I installed the latest Ubuntu on new hard drive by booting into the live CD and clicking on "Install Ubuntu to hard drive". Now, my upgrade practice is to install the latest version onto the unused partition and test it, while keeping the old one active. I currently testing XUbuntu 14.04 which has all of the nice software center stuff while avoiding the crappy Unity interface.
I recently had to upgrade my video card, so I could play newer Steam games. Just a few days ago, I wanted to go old skool and play Half-Life. However it seemed to take a little longer to load then usual. Sound and frame rates were fine, no lag. Wondering why the load took longer, I realized I still had Portal 2 running.
The main difference between my experience and a lot of other peoples with Linux, is I bought my system with Linux pre-loaded. That way, I knew all of my shit would work.
SoylentNews is Bacon! [nueskes.com]
(Score: 2) by Hairyfeet on Saturday June 07 2014, @04:09AM
This ain't 1995 friend. I can do this with Win2K, I can do this with XP, and while Vista and Win 7 are STILL getting updates I can install Vista or Win 7 RTM and update to current with ZERO driver failures. In fact the system I'm typing this on? Had the RTM of Win 7 installed in aug 09, that is 5 years of support right there with NO reinstalls, in fact i have ripped out so many pieces over the years that frankly I was shocked at how well Win 7 dealt with the changes (replaced graphics twice, hdd 3 times, motherboard once) and it still runs perfectly....but come to think of it so does the box I have at the shop and it was actually upgraded from Vista X64 to Win 7 X64 in place and again NO DRIVERS FAILED, it simply used the included WinDrivers.
I'm sorry but you can move the goalposts and tapdance ALL you want, that doesn't change the fact that you are trying to defend an OS that can't even perform tasks Windows could do FOURTEEN YEARS AGO. Sorry there is NO way to spin your way out of that, its truly shameful. the sad part is its NOT the DEs, its NOT the software, it all comes down to Linus Torvalds refusing to accept that the same system that worked in 1993 (and which was based on 1973 era UNIX tech) just doesn't work in 2014. In 1993 Windows used .ini files, Apple used TSRs...but they grew up, Linux didn't.
So spin all you want, the fact is there is countless videos on YouTube showing Windows doing this just fine, Linux fails. I mean have you even asked yourself WTF you are defending? We are talking about the most basic functionality ANY OS should be able to accomplish, we're talking taking ITS OWN UPDATES without trashing itself...yet I'm the asshole for pointing out this "superior OS" can't even perform frankly what should be considered the absolute lowest baseline for even being CALLED an OS over a loose collection of programs? Really?
Until Linux can take its own updates without taking a giant shit all over itself then I'm afraid you have NO leg to stand on, your OS is in every way inferior to the competition. Honestly the bigger question you should be asking yourself is this...why am I willing to accept such piss poor functionality? After all if Windows or OSX did this it would be front page news, and when a third party AV manages to make Windows not boot for even a tiny subsection of users THAT makes the front page, yet you are willing to accept an OS that you yourself admit can't even update? Why? Why would you defend that, and in what world do you think such a pathetic showing is a worthy replacement for an OS that can go from RTM to EOL with zero failures? To use the previous site's car analogy you are trying to convince us with a straight face that a 1974 Pinto with two broken rods pissing oil everywhere is a worthwhile replacement for a 2014 Yukon with onStar and 24/7 roadside assistance...I'm sorry but that isn't believable.
The challenge is there. It is free, it is an accurate simulation, in fact if anything it tips things waaaay in Linux favor by not requiring such staples as USB printers,wireless dongles, or support for cellphone file transfers. If your OS can't even pass such a softball test then the community needs to quit calling me names and start actively calling the devs that keep handing you such a shitty performing package a few choice words.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 0) by Anonymous Coward on Thursday June 05 2014, @05:01PM
Now I wouldn't run Windows if you paid me as its all the same, lousy drivers, zero upgrades without serious breakage, its a fucking shame but that is what you get when you care more about, well, I can't quite figure out what a Windows users cares about. It certainly isn't a pleasant computing experience.
(Score: 2) by Reziac on Thursday June 05 2014, @02:52AM
Also, the moment they purport to be protecting everyone else from someone's virus, they leave themselves open to liability when they =fail= to block some future virus. So one hopes their lawyers will hop up and down screaming against getting sucked into that liability black hole.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 3, Insightful) by kaszz on Thursday June 05 2014, @01:40AM
The idea to restrict infected users to specific sites that deal with re-installation or fixes is good. The bad news is usually clueless bureaucracy and their implementation. Get the trigger patterns wrong and a clueless support. They better have a checkbox for unix users or suffer some serious LART.
(Score: 5, Insightful) by Angry Jesus on Thursday June 05 2014, @03:58AM
They also need to make sure they do the right thing when it isn't the user's browser that is infected. Like say a tivo box gets owned then they need to make sure that they intercept the browser too and give informative error messages or the user will spin his wheels trying to fix his computer when there is nothing wrong with it.
(Score: 0) by Anonymous Coward on Thursday June 05 2014, @02:04AM
As long as software companies are built to flip, the tax payers through law agencies, need to pay for test and support. Now this plan to get the ISPs involved to boost the economy but not the quality of the base product.
Invest the tax payers money in open source and let those who want viruses, get them, no?
(Score: 2) by Ken_g6 on Thursday June 05 2014, @02:16AM
Where? I live in relatively rural Colorado, and my car isn't subject to an annual check. I know some places are, but mostly I think that's for emissions, not safety.
(Score: 3, Informative) by Angry Jesus on Thursday June 05 2014, @03:55AM
Its totally a state thing, some do emissions, some do safety, some do neither, some do both.
(Score: 4, Informative) by Snotnose on Thursday June 05 2014, @04:34AM
I've got Win 8.1, it declares a certain file is a security risk several times a day. I know what this file is, it's not a risk. I went through the hoops a few times to specify this 1 file is not a risk, yet Win8.1 still says it's a risk.
The result? I have a constant warning I have a security risk on my computer. Is it my file? I have no idea, it's been months since I've perused the list Windows says is a problem. For all I know I've got 20 viruses Windows is trying to warn me against, but I'll never know as I assume I've got 5-6 warnings a day about my known, not-risky file.
As I'm a fairly sophisticated user (I write embedded device drivers for a living), I can only imagine how Ma and Pa Kettle handle security risk warnings.
When the dust settled America realized it was saved by a porn star.
(Score: 3, Interesting) by turonah on Thursday June 05 2014, @08:17AM
First off, definitely share the fear of some previous posters that this would be a horrible idea when implemented by ISPs who really don't have a clue what they're doing.
It's even worse when you consider the scams that were floating about last year ... you know, the phone calls from "Microsoft" claiming you had a virus (Like this one [malwarebytes.org])? Now imagine grandma getting a call from "her ISP" with the same line.
(Score: 0) by Anonymous Coward on Thursday June 05 2014, @11:45AM
so you're in a online converstation with a nice girl that likes you too.
you get ready to meet in RL.
unfortunately a government 3-letter stasi agent is also interested romantically in this
person ... don't be too surprised if you get dropped off-line by ISP for being infected, right? right?
(Score: 0) by Anonymous Coward on Thursday June 05 2014, @12:01PM
how can you know?
if th333y can intercept everything (all traffic) but might not be able to hack/plant a website (because it runs linux ^_^),
they could just intercept the server reply and implement a virus there?
this will look as if the virus came from the (web)server?
(Score: 0) by Anonymous Coward on Thursday June 05 2014, @12:38PM
oh i get it:
they cannot block a website because of some law that sayz you can say anything but they don't like what you say nevertheless. so they either hack the website and implement a virus (which will prompt the ISP to take it offline legally) or if the webserver is solid, intercept the server reply and and add a virus so as to seem infected to deter/punish the visitor from ever going to the "infect" website again. that's clever (and legal) : )