Tuesday, 3 October 2006

ISPs Should Fix the Zombie Problem

Zombies are a big problem, but ISPs are in a unique position to fix the problem and should be motivated to do their part. ISPs can detect when one of its customers' PCs starts sending spam, either by outbound content control or by spotting an unusual spike in volume. ISPs may even be able to detect the earlier signs of infection, such as connection to an IRC channel used to control the bots.

When an ISP detects a zombie, it should immediately prevent that subscriber from sending email. It should make contact with affected subscribers and help them clean up their machines. If necessary, ISPs could cut off all Internet access for those subscribers, moving them into a Web "walled garden" -- this would force subscribers to see a web page alerting them to the problem and giving instructions on how to clean up their PC.

ISPs should be proactive in quickly fixing such problems. ISPs may need to modify their Terms Of Service, to contractually allow them to take these actions -- but take them they should, for the sake of their business.

If ISPs don't fix such problems, their reputation and the reputation of their customers may be damaged. The anti-spam industry has woken up to the fact that reputation is a good way to filter incoming SMTP connections, without the expense of content scanning. As this view becomes more prevalent, ISP customers won't want to be associated with an ISP that takes a cavalier attitude to their reputation and that of their customers.

2 comments:

Odd H. Sandvik said...

I totally agree with you. I cannot for the life of me understand why ISPs don't figure out that it's in their own best interest to take action against zombies.

Trimble said...

I also totally agree! The typical ISP is the one in the best position to fight this problem.

They have the knowledge, they have the tools, and they are the middleman between the zombie machine and it's target.

They just don't have the motivation.

It's been said that businesses don't typically respond to problems that don't have a direct monetary affect on them, so perhaps it will take a few ISP's getting sued before they all wake up and realize how easily they can resolve this.

Post a Comment