Whose fault is it, anyway?
Still, the question remains whether the techniques broadband ISPs are implementing are enough. Some say the onus is on ISPs, which should play a role in protecting their networks for the greater good of their subscribers and the Internet at large. Critics say ISPs should manage their networks to ensure that all users are safe.
"I wouldn't expect to boil my own water; I expect it to treated upstream," said Mark Sunner, the chief technology officer at MessageLabs, which sells a virus-detection service for corporate networks. "The correct groundswell needs to be focused on the Internet level, where you can be proactive rather than reactive."
ISPs point out that excessive monitoring could have damaging consequences for their business. To stop viruses from spreading, they could take the extreme measure of scanning their subscriber inboxes and PC hard drives to make sure that users are not unknowingly harbouring malicious viruses. However, ISPs fear that taking this tack would jeopardise user privacy.
"It would be very unfriendly to scan customers' machines," said Mary Youngblood, the manager of the abuse team at ISP EarthLink. "It would be deemed by some people as a privacy violation."
America Online, the nation's largest dial-up ISP, has dealt with virus and spam issues for many years and has used different methods to battle the problem. AOL frequently suspends accounts that may have been infected and forces subscribers to call customer service to fix the problem. It also restricts the amount of outgoing mail each member can send, among other techniques.
"It should not be our responsibility, but AOL has been a good Netizen," said Nicholas Graham, an AOL spokesman. "It's a joint responsibility between providers and consumers."
Where the balance of that responsibility falls will continue to shift, as new variants of viruses continue to emerge and wreak havoc. Right now, it seems that virus writers have easily exploited a loophole substantial enough to keep everyone pointing fingers.
"You can't expect [ISPs] to take on the task of keeping everyone virus-free, because if they did that, their costs would skyrocket," Lurhq's Stewart said. "It really falls on each individual user to be responsible. But unfortunately, people aren't up to the task, technically."
CNET News.com's Robert Lemos contributed to this report.
Talkback
i object very strongly to the following statement within this report:-
"Nowadays, a person sending spam is Granny, and she has no idea she's doing it," said Joe Stewart, a senior security researcher at Lurhq, a corporate security company. "
while i agree that there are some elderly people,and not all female either, that havent a clue what they are doing, i am increasingly finding that the elderly want to and do learn as much as they can about what they can do with their pc's and how to protect them.i find the above remark both sexist and ageist.we are not the senile lot some of you younger people think nor are we women as stupid as that excerpt implies.i have however come across a lot of youngsters who think they know it all,who seem to think that having virus protection and firewalls is all they need to do.being vigilent with emails/and putting unknowns onto their messenger lists isnt neccessary as far as they are concerned,the attitude is,with the antivirus/firewall protection they have got there isn't a thing they can do otherwise to stop a virus/worm if it gets through.and, at the risk of being called sexist here myself,most of those sort are young men.so please,less of the sexist/ageist talk?anyone of any age/sex can be lax in these things and frequently are.oh btw....i am a 61yr old "granny" who constantly tries to keep herself and her friends upto date with av information/has recently completed 2 websites on yorkshire and her family tree/learnt about using graphics/making web pages/html etc in the last 5 months.and i am not on my own as there is a group of us from 45-80 doing the same things.
The ISPs need to assume full responsibility for network security, and not slough it off on their customers. They have the resources, and are ideally positioned to detect viruses, spammers, etc, and nip the problem in the bud.
So let's not hear any more about ISPs telling customers about safe practices. They should be providing the necessary software and services.
I think it is up to users at the end of the day - but many are just un aware and therefore ISP's should take the leading role...
I personally think that the answer to the issue is that security needs to become more of a partnership between users & ISPs. We've all seen the rise of consumerism throughout the 90s, and of ideas such as 'Rights with Responsibilities.' Net security, to my mind, is like security for our homes, cars, or PCs, come to that. The police can help us, but ultimately, we do have an input ourselves. No-one [I hope! :)] would expect to learn potholing or snorkelling skills, without learning anything about safety, and I think that there is a parallel, especially as a major reason for using the net is surely that of increasing one's 'bank' of information. Hopefully, the 21st Century will see great reductions in the impact of malware, as we each (myself included) assist the ISPs in our own little way.