<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Oh, and I should have pointed out earlier.. This 'quarantining'
will still need to allow the customer to still use things like
remote desktop, teamveiwer, logmein, etc to contact their regular
remote support.. <br>
<br>
I don't know about the others here, but my parents' first point of
tech support is usually myself, not one of the 'hundreds' of local
computer stores (I've tried getting them to go to the local computer
store first.. But that just resulted in every issue becoming a
reinstall of windows. And was completely useless..). I can only
imagine the hell my mother would let lose on the poor fellow on the
Bigpond helpdesk (and about 5 minutes later, her local MP, who does
take her calls..) who tried to tell her 'Sorry, you have a virus, we
have disconnected you from the internet until you fix it. No, we
can't let you have enough internet access for your son to fix it
remotely'. <br>
<br>
For that matter, same would go for quite a few of our remote-support
customers as well - except then you're not dealing with a pensioner
on a rampage, you're dealing with a business owner screaming 'loss
of income!'. Or does this quarantining still allow the customer to
send/receive emails etc?<br>
<br>
Don't get me wrong, I appreciate the idea of trying to help
customers, and reduce the amount of infections, etc - it just seems
like it's going to cause more problems than it's worth..?<br>
<br>
--DG<br>
<br>
On 18/06/2012 9:51 PM, Roland Chan wrote:
<blockquote
cite="mid:CALxh8x9KgieY-U12wrRKYKDBK_02HfYAJsWeBAj3OjM4P37A1w@mail.gmail.com"
type="cite">
<p>I think you have to quarantine the entire connection, at least
until v6 becomes the default and you get to look behind the
gateway. </p>
<p>I'd like to talk about regular servicing meaning that tread
problems are predictable, whereas infection is not, but I think
that analogy has finally shuffled off to rhetorical device
heaven. </p>
<p>We could ask an AV Vendor to provide useful stats on AV
efficacy but I suspect it might undermine their marketing. In
the last year I've seen a nonrepresentative sample of people
get done while their security subscriptions are valid. (Hi mum!)
</p>
<p>Sorry for the top replies. Anything else is too hard on a
phone. </p>
<div class="gmail_quote">On Jun 18, 2012 8:27 AM, "Mark Andrews"
<<a moz-do-not-send="true" href="mailto:marka@isc.org">marka@isc.org</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
In message
<CALxh8x88V+KmZYayyNETKuwy977MFQcP=TqYz-rsaXRJKZuv=<a
moz-do-not-send="true" href="mailto:g@mail.gmail.com">g@mail.gmail.com</a>><br>
, Roland Chan writes:<br>
> I'd go further than that. The analogy is flawed in many
ways, but the<br>
> 2 most salient are:<br>
><br>
> - Roadworthiness is not an implicit part of owning a car
(at least not<br>
> one that's driven on public roads). It's an explicit
requirement of<br>
> operating a vehicle mandated by law. No such
corresponding thing<br>
> exists for computers, and given the current state of
technology I<br>
> believe it would impossible to define and enforce.<br>
> - Roadworthiness is the ability of the vehicle to perform
when<br>
> operated lawfully, and says nothing about the ability of
the vehicle<br>
> to perform when under attack or used as a weapon. Up to
date security<br>
> measures on a computer do not provide anywhere near as
much confidence<br>
> about the protection from compromise as a roadworthiness
certificate<br>
> does for mechanical reliability of a car.<br>
<br>
This is more like, you have been pulled over for bald tires.
There<br>
are obvious signs that you are infected and you are being
pulled<br>
off the net for everyone elses saftey.<br>
<br>
> I'll torture the analogy a bit further though: imagine
losing your<br>
> licence because your car was stolen and used in an armed
robbery.<br>
> Flawed again, but I couldn't help myself. I hate
analogies and<br>
> torturing them gives me pleasure. ;)<br>
<br>
And is pointless in this case because you are not being told
you<br>
can't use any computers. You are just being told you can't
use<br>
particular computers until you get them fixed.<br>
<br>
> I do agree with Damien that a service provider that does
not have<br>
> explicit T&Cs dealing with this scenario may well end
up in trouble,<br>
> and a provider that does have these T&Cs will have a
significant<br>
> customer service issues that will generate immense cost
to the<br>
> business, to say nothing of the reputational impact.<br>
<br>
You do it well you will get a positive reputation.<br>
<br>
> I don't agree that we're talking about a short term
support cost spike<br>
> either. Users will be repeatedly compromised, quarantined
and calling<br>
> in for support.<br>
<br>
> Quarantine is painful for the customer and the provider,
and does not<br>
> deliver sufficient long term benefit to the user, the
provider or the<br>
> Internet at large to balance the cost, at least in my
opinion.<br>
<br>
Tell that to those that are suffering DDoS and other attacks
from<br>
compromised machines.<br>
<br>
> If<br>
> there were cheap, reliable and easily deployable measures
a user could<br>
> take to secure their computers in the long term I would
probably think<br>
> differently. Until then, I'm happy with mucking about
with DNS to take<br>
> a chunk out of the problem (Disclosure: I used to lead
the group that<br>
> designed all the stuff in the BigPond network that
Barrie's been<br>
> talking about, including the Interpol filtering).<br>
<br>
This will always be a catchup game but if you get the systems<br>
upgraded to have the latest fixes you reduce the number of
machines<br>
that can get infected and be used to attack others before the
C&C<br>
machines are discovered.<br>
<br>
What percentage of these machines are infected via known and
fixed<br>
vulnerablities and what are infected by yet to be fixed
vulnerabilities.<br>
<br>
Mark<br>
--<br>
Mark Andrews, ISC<br>
1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
PHONE: <a moz-do-not-send="true"
href="tel:%2B61%202%209871%204742" value="+61298714742">+61
2 9871 4742</a> INTERNET: <a
moz-do-not-send="true" href="mailto:marka@isc.org">marka@isc.org</a><br>
</blockquote>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Damien Gardner Jnr
VK2TDG. Dip EE. GradIEAust
<a class="moz-txt-link-abbreviated" href="mailto:rendrag@rendrag.net">rendrag@rendrag.net</a> - <a class="moz-txt-link-freetext" href="http://www.rendrag.net/">http://www.rendrag.net/</a>
--
We rode on the winds of the rising storm,
We ran to the sounds of thunder.
We danced among the lightning bolts,
and tore the world asunder
</pre>
</body>
</html>