Story: Be prepared to pay for security
Posted by: Arthur B. (Thursday 25 August 2005, 9:58 PM)
David. Good point.
Although I prefer solving causes I think that fighting long lasting symptoms is still better then doing nothing at all.
ISPs can make a difference I think. They could block well known attack ports (e.g.: 135 and 445) that are not common ports (e.g.: 80 and 443) of the Internet itself. They could install packet filters that drop packets with a DDoS signature. They could filter out obvious spam and infected e-mails (incoming and outgoing) as a mandatory service. They could block access to proven phishing web sites. They could block access to the Internet to those customers of theirs of which is determined that there PC is infected. They could offer support to those customers that need help in getting and keeping their PC's secure. They could do a whole lot but if they would only concentrate on, say, the Top 5 of problems it would make a difference. And yes, that will cost money. And yes, that will be billed somehow. On the other hand, customers who don't like getting billed for that might go looking for alternative solutions that won't get them billed for that. And if enough do then ISPs will create a new market for that. And if that happens enough then vendors who see their products banned or severely restricted by such ISPs because of security issues will be motivated to produce products that are secure enough. Why? Because it would cost them revenue and thus money if they don't. And that motivates the hell out of them.
How to motivate ISP's to favour secure solutions? Simply cut into their revenue if they don't. How to motivate suppliers to favour secure solutions? Simply cut into their revenue if they don't. How to motivate customers to favour secure solutions? Simply cut into their wallet if they don't. Not a nice thing to do but so far asking nicely hasn't resulted in anything concrete. As has severely punishing abusers and misusers of insecure products. In fact, it's getting worse so something different (or additional) needs to be done.
In short. Liability for all involved that can make (some or much) difference in appropiate amounts. If not directly then indirectly.
Not the best solution but for now the most achieveable one I can think of.
But you are right. Somehow, some way the vendors of insecure products need to be motivated to produce only secure products to achieve true desired results.
Full Talkback thread
Story: Be prepared to pay for security
-
What a load of rubbish! joe blake -
Paying for increased security (services) is one th... Arthur B.
-
So are you suggesting that those of us who *d... Chris Rankin -
Am I prepared to pay for security. Yes, with... Janet McCall
-
Don't agree 100%. I think the answer is to legall... M Dundas
-
Chris, good point.
One might think of the followin... Arthur B.
-
Why is it unrealistic to expect Microsoft to produ... David Hayes
-
They should just monitor outgoing traffic. If a PC... Ofer Hadas
-
David. Good point.
Although I prefer solving cause... Arthur B. -
Be prepared to pay for security Leader
Mr. AT Alis... A.T. Alishtari, POA and Founder EDI Secure LLLP
Back to: Be prepared to pay for security
