Hax0r!

[andrewducker]

A study was released today which shows that 25% of all zombie drone PCs on the internet are based in the UK.

This is quite obviously because people _don't look after their PCs_ (and, of course, insist on using vulnerable Operating Systems).  The answer, it seems to me, is to prevent these people from inadvertently spewing email to the four corners of the earth.  The answer, it seems to me, is remarkably obvious.

Firewalls.

And not the firewalls you install on your PC, get in the way of things and are so much trouble that they frequently get turned off by frustrated users (although I recommend those too) - I mean a _managed_ firewall.  This sits at the ISP end and blocks all incoming traffic that you haven't specifically asked for.  So if you're confident that you want port 80 open, then you use a webform to open that port up - and if you're not technical to manage that much, then you're perfectly safe from incoming nastiness.

It's not a perfect solution, but it'd save an awful lot of heartache, solve the problems that vast numbers of people have with their PCs being insta-hacked and make the internet that much safer for mankind.

The only problem is that it would undoubtably break some people's applications when it was first switched on, which would mean that more helpdesk calls occurred.  And nobody wants to pay for that, especially if their competitors aren't.  Which means the only way to make it happen is through regulation - imposing a minimum level of service on broadband in the same way that we do for any other utility we want to make safe for the public good.

Comments

[sbisson.livejournal.com]

I have to disagree. Or rather, I agree that it would be nice, but from bitter experience I can only say: dream on...

Having actually run an ISP, I just can't see it happening. The resources that ISPs have are limited, and firewall management tools too brokencomplex (have you ever tried managing a whole collection of PIXes, let alone several Nokias?). Now, if the firewall manufacturers actually produced tools that worked, and could be easily scripted, then your idea might fly.

Until then, I just tell people to buy Zyxel DSL routers and to run them in SUA mode with the base firewall rule set active.

[poisonduk.livejournal.com]

It'd never work! It's bad enough getting technical assistance from an ISP when you do know what you're talking about, and the ISP's would wipe their hands about giving technical advice - Lets be honest a lot of these drone PCs are probably people running kazaa, because they think it's the only P2P software around.

You'll never educate people - it would just become a drain on the more proficient of us because our family and friends would constantly be asking us to be fortune tellers and answer firewall questions without actually being at the PC.

I agree regarding Firewalls though, considering I'm currently running four silmultaneously on one PC(No-one makes me a drone) - as you know it took me three nights to configure them all correctly to allow me to get P2P working, a lesser mortal would have given up on day 1, uninstalled and disabled them all whilst sitting happily thinking windows firewall would protect them from everything since Mr Gates is such a nice secure guy who would never produce inefficient or unsecure software!

[albanach.livejournal.com]

Most the malware is designed to deliver spam. If ISPs would jsut stop outbound SMTP traffic other than authenticated stuff going through the ISPs mail server that would solve a lot of it. There really is no reason for someone on a home internet account to need theur own mail server.

Given some ISPs already do this, it's not a technical problem.