Broadband companies have said they routinely monitor customer accounts for signs of abuse and take action when it's appropriate. Although such policies have been in place for years, they're now being invoked more than ever, due to the spread of viruses that allow spammers to spew out millions of junk email messages under victims' noses.
The virulence of these virus attacks has sparked a fierce debate over countermeasures, security experts said. The problem has become so bad that broadband companies are considering whether it's time to substantially beef up policing on their networks -- something they've avoided in the past because of the cost and potential privacy concerns involved.
"Nowadays, a person sending spam is Granny, and she has no idea she's doing it," said Joe Stewart, a senior security researcher at Lurhq, a corporate security company. "[ISPs] can pull the plug, but it's hard and time-consuming to spend time on each user on tech support."
High-profile viruses such as Sobig, MyDoom and Bagle have preyed on available bandwidth, lax security and ignorance among ISPs and consumers alike to turn unknowing Net users into bulk emailers. The problem has prompted broadband ISPs, such as cable and Baby Bell phone companies, to step up network scanning and enforcement of security policies. These policies include the use of account suspensions to prod customers into using better security practices.
The debate touches on far-reaching questions about the direction of Internet security policy and about the roles of ISPs and individuals in maintaining safe networks. Should the primary responsibility for security fall to broadband ISPs or subscribers?
A sweeping report on Internet security the White House issued in September 2002 concluded that the best antidote for security lapses is to better educate and motivate people into adopting better security practices, such as installing firewalls and keeping antivirus software up-to-date.
Talkback
i object very strongly to the following statement within this report:-
"Nowadays, a person sending spam is Granny, and she has no idea she's doing it," said Joe Stewart, a senior security researcher at Lurhq, a corporate security company. "
while i agree that there are some elderly people,and not all female either, that havent a clue what they are doing, i am increasingly finding that the elderly want to and do learn as much as they can about what they can do with their pc's and how to protect them.i find the above remark both sexist and ageist.we are not the senile lot some of you younger people think nor are we women as stupid as that excerpt implies.i have however come across a lot of youngsters who think they know it all,who seem to think that having virus protection and firewalls is all they need to do.being vigilent with emails/and putting unknowns onto their messenger lists isnt neccessary as far as they are concerned,the attitude is,with the antivirus/firewall protection they have got there isn't a thing they can do otherwise to stop a virus/worm if it gets through.and, at the risk of being called sexist here myself,most of those sort are young men.so please,less of the sexist/ageist talk?anyone of any age/sex can be lax in these things and frequently are.oh btw....i am a 61yr old "granny" who constantly tries to keep herself and her friends upto date with av information/has recently completed 2 websites on yorkshire and her family tree/learnt about using graphics/making web pages/html etc in the last 5 months.and i am not on my own as there is a group of us from 45-80 doing the same things.
The ISPs need to assume full responsibility for network security, and not slough it off on their customers. They have the resources, and are ideally positioned to detect viruses, spammers, etc, and nip the problem in the bud.
So let's not hear any more about ISPs telling customers about safe practices. They should be providing the necessary software and services.
I think it is up to users at the end of the day - but many are just un aware and therefore ISP's should take the leading role...
I personally think that the answer to the issue is that security needs to become more of a partnership between users & ISPs. We've all seen the rise of consumerism throughout the 90s, and of ideas such as 'Rights with Responsibilities.' Net security, to my mind, is like security for our homes, cars, or PCs, come to that. The police can help us, but ultimately, we do have an input ourselves. No-one [I hope! :)] would expect to learn potholing or snorkelling skills, without learning anything about safety, and I think that there is a parallel, especially as a major reason for using the net is surely that of increasing one's 'bank' of information. Hopefully, the 21st Century will see great reductions in the impact of malware, as we each (myself included) assist the ISPs in our own little way.