Forgot your password?
typodupeerror
Security Your Rights Online

ISP Restrictions Based on Hardware/Software? 387

Posted by ScuttleMonkey
from the government-always-knows-what-is-best-for-me dept.
An anonymous reader writes "IT Architect magazine is reporting that ISPs are working towards a greater restriction of a customer's right to run what may be 'insecure' software. From the article: 'A greater threat is that ISPs may try to restrict the customer's side by denying access to machines based on their hardware or software configuration. [...] former head of cybersecurity, White House terrorism advisor Richard Clarke even said it should be made mandatory to quarantine malware.' Something that may also come as a surprise to some is that Microsoft is completely against this censorship of internet access. 'According to Chief Privacy Officer Peter Cullen, Microsoft is against ISPs doing anything that would restrict customers' choice of software. And he says this isn't just about the impracticability of demanding that data centers patch everything on the second Tuesday of the month. Laptop and home users also have the right to run an insecure PC.'"
This discussion has been archived. No new comments can be posted.

ISP Restrictions Based on Hardware/Software?

Comments Filter:
  • Depending on your definitions, banning malware could mean banning Windows!
    • by grub (11606) <slashdot@grub.net> on Tuesday December 27, 2005 @07:52PM (#14349080) Homepage Journal

      Depending on your definitions, banning malware could mean banning Windows!

      Or if the RIAA/MPAA have their way: P2P traffic. Be careful what you wish for.
      • by spongebill (941756) on Tuesday December 27, 2005 @09:39PM (#14349584)
        verizon wireless is already doing this over their unlimited broadband 500kbps wireless data plan for 60 bucks a month restricts the user from ANY large upload or downloads. here, this quoted from verizon's website.
        PROPER USES:
        "Unlimited NationalAccess/BroadbandAccess:
        Subject to VZAccess Acceptable Use Policy, available on www.verizonwireless.com. NationalAccess and BroadbandAccess data sessions may be used with wireless devices for the following purposes: (i) Internet browsing; (ii) email; and (iii) intranet access (including access to corporate intranets, email and individual productivity applications like customer relationship management, sales force and field service automation).

        SUCH USE DESCRIBED BELOW WOULD BE SUBJECT TO TERMINATION OF SERVICE CONTRACT
        Unlimited NationalAccess/BroadbandAccess services cannot be used (1) for uploading, downloading or streaming of movies, music or games, (2) with server devices or with host computer applications, including, but not limited to, Web camera posts or broadcasts, automatic data feeds, Voice over IP (VoIP), automated machine-to-machine connections, or peer-to-peer (P2P) file sharing, or (3) as a substitute or backup for private lines or dedicated data connections."
        • SUCH USE DESCRIBED BELOW WOULD BE SUBJECT TO TERMINATION OF SERVICE CONTRACT
          Unlimited NationalAccess/BroadbandAccess services cannot be used (1) for uploading, downloading or streaming of movies, music or games,


          So "emerge xbill" is right out

          (2) with server devices or with host computer applications, including, but not limited to, Web camera posts or broadcasts,
          automatic data feeds,


          No RSS for you !

          automated machine-to-machine connections,

          And your box will never have it's clock at the right time either, no nt
    • by N3Roaster (888781) <.nealw. .at. .acm.org.> on Tuesday December 27, 2005 @07:52PM (#14349082) Homepage Journal
      While true, I really doubt ISPs are going to start blocking Windows users from accessing the Internet. Not only because they'd be blocking somewhere between most and all of their customers (Why yes, we'll sell you Internet access, we just won't let you use it.), but I've also encountered a lot of ISPs that would get really freaked out (for no good reason) if they heard you planned on connecting with anything but a Windows PC.
      • by mikiN (75494) on Tuesday December 27, 2005 @09:49PM (#14349620)
        I remember one ISP which required every ADSL connection to be installed by a technician. The tech also would only sign the activation form if he had personally done and verified the configuration of a Windows PC. (This was well before the current malware flood.)
        One of my friends had to dig up a spare PC running Windows just for this purpose.
      • by Crudely_Indecent (739699) * on Wednesday December 28, 2005 @02:30AM (#14350507) Journal
        As an admin for an ISP, I can safely say that Microsoft Windows users are safe from descrimination by us. As the parent mentioned, 99.9% of our users are running Windows. The problem arises when customers want to run some super-wiz-bang email client and expect the ISP to support it.

        Spend an hour on the phone with someone trying to explain that you're not blocking their access to email but that you just don't know how to configure their software. This goes for almost any software that accesses the internet. I've been asked to troubleshoot problems with p2p apps, instant messaging clients, firewalls, spyware scanners, obscure Linux distros, outdated software (windows 3.1), and microwaves (yes, I've talked a customer through setting the time on their microwave...I was bored)

        I actually had a conversation with my brother tonight about this very topic. Technology is so easy to obtain, everyone thinks they're qualified to use it. My broadband customers frequently plug their gateway into the lan side of their router (at least two users per day.) Of course, it's my fault that they didn't (can't) follow the picture-book instructions. Personally, I'd like to see the good-old-days return, when computer users knew how to use their computers. The days when calling tech-support was a last resort are long gone....people now call tech support in order to turn their computer on.
        • Re:The Horses Mouth (Score:5, Interesting)

          by WebCrapper (667046) on Wednesday December 28, 2005 @03:13AM (#14350615)
          While working at a major ISP, we came up with a "Technical License". Just like a drivers license, but with technology. There where levels that you had to test for - Level A meant that you could turn your computer on, B meant you could use the mouse, keyboard and a few basic applications...

          But, I've supported all kinds of crap as well, so I really do feel your pain. My worst call was Windows NT Alpha - it looked like Windows 3.1 and we couldn't find half the settings to do anything dialup (this was 2000). The guy screamed and screamed. I transferred him back into the Q on his demand. Got a call from the tech that got the guy "Yea, I just let him go - he was still screaming when I hit the Wrap-up button." I don't know why people expect the ISP to support anything they come up with.

          My best support experience is a tie between blind users (they listen better than anyone else) and a 10 year old that was helping his mom fix the internet.
          • I know exactly what you mean about the 10 year olds. There was one kid that called at least once a week to do some nifty thing with his pda (some kid version of a PDA that was actually pretty cool)

            Every time he called, he had read about something and wanted to try setting it up between his router and his pda....he was patient, took notes, followed instructions and was generally cool to talk to....on top of it all - he thanked us for our time and assistance. A rare individual.
    • Hmm... I was going to say something clever about "malware" and "Sony BMG's rootkit", but never mind.
    • Actually, when I was reading the summary, I was thinking something along the lines of this: ISPs are legislatively mandated to have a set of software that protects customers and that customers have to run to connect. ISPs then make said software available -- only for Windows. This, of course, indirectly bans any other operating systems from connecting, even when they (almost certainly) are better protected.
      • by Todd Knarr (15451) on Tuesday December 27, 2005 @08:04PM (#14349158) Homepage

        That'll actually not work for most ISPs. If you call my ISP (Cox Cable) for a new installation these days, the installer will show up with a home router/firewall along with the modem. You have to ask to get a direct computer-modem hookup, or do the installation yourself. Windows-only access agents don't play well with that setup. Cox went with it, BTW, because it's cheaper and easier for them to manage the firewall and router than it is to keep dealing with malware/virus-related support calls from clueless Windows users.

        • Unfortunately, Adelphia is exactly the opposite. I had a wireless router and the "tech" insisted on hooking the connection straight up to my laptop - insisting that it would not work through the router. After he left, I had to call their office and get the people *there* to set up my connection to use the router.

          Moving was stressful enough in the first place and the fact that the "tech" they sent was less than competent did not improve my mood. I had to restrain myself from pointing out that I'd probably
    • Even if... (Score:5, Insightful)

      by jd (1658) <{moc.oohay} {ta} {kapimi}> on Tuesday December 27, 2005 @08:09PM (#14349193) Homepage Journal
      ...you are generous and don't define Windows as malware, you can reasonably define it as insecure, so it would certainly be bannable under the proposal. Especially early versions of Windows. And that's important, as a very large number of Windows users haven't upgraded and won't upgrade. (Windows 98 is still a very common OS and Windows 95 is still far from dead.)


      The other concern Microsoft may well have is that if you can only run "approved" OS' on the Internet, it will kill their beta programs and may well make it harder to roll out service packs. After all, it changes the version ID, so won't be an "approved" OS any more. If nobody patches their system, for fear of being disconnected from the Internet, it will be Microsoft that suffers.


      What about Linux users? Well, there's always the IP Personality patch. This disguises your OS, so that common methods of fingerprinting your computer will return the OS identity that you choose. You can always make a Linux box look like Windows XP or whatever.


      That's probably another concern of Microsoft. Linux distributions can be easily modified to fool such restrictions and existing Linux users will likely install the necessary patches. This could make Linux more attractive to the Walmarts of the world (fewer customer complaints) and also to corporations (no risk of unexpected downtime, due to ISPs not keeping up).


      I'm all for these restrictions, because they don't apply to Open Source software - masquerading as other software is already quite standard. Only closed-source vendors and closed-minded customers have anything to be scared of, and I've no problem with them being scared silly by Homeland Security.

      • Re:Even if... (Score:4, Insightful)

        by Stripe7 (571267) on Tuesday December 27, 2005 @08:22PM (#14349262)
        They will probably pass a law to make it illegal for you to mask your linux OS as windows.
      • Re:Even if... (Score:3, Informative)

        by Kjella (173770)
        What about Linux users? Well, there's always the IP Personality patch. This disguises your OS, so that common methods of fingerprinting your computer will return the OS identity that you choose. You can always make a Linux box look like Windows XP or whatever.

        That's probably another concern of Microsoft. Linux distributions can be easily modified to fool such restrictions and existing Linux users will likely install the necessary patches. (...) I'm all for these restrictions, because they don't apply to Ope
    • by Anonymous Coward
      This is what happens when the internet gets too big. Too many people try to control it for "the greater good". This is not a good thing. Let users be stupid. Let them have to hire someone to fix their mistakes and let them make choice whether to use microsoftCrapware or Linux. Government regulation is always a bad thing.
    • You're absolutely right!

      Totally obvious why MS is against it - they're the freakin' cause of the problem in the first place!

      While users have the "right" to run an insecure PC, they certainly don't have any "right" to communicate with an ISP if their systems introduce malware or spam into the ISP's network. That should be obvious to anybody with a brain.

      Does anybody think any corporation would deliberately allow their users to run insecure machines (leaving out simple incompetence - such as running Windows i
  • by Raul654 (453029) on Tuesday December 27, 2005 @07:45PM (#14349031) Homepage
    At the risk of pointing out the obvious, but - does it surprise anyone that the maker of the #1 target for malware writers is actively campagining against ISPs downthrottling infected users' PCs? I mean, if customers found out that Microsoft Windows = your ISP cuts down your rate, are people more or less likely to buy Windows? Their actions seems like obvious good buisness practice to me.
    • by cbreaker (561297) on Tuesday December 27, 2005 @08:03PM (#14349153) Journal
      Unless you install a client piece on the customer computers, it would be pretty easy to thwart such bandwidth limiting, service limiting restrictions. You can cloak the client PC's with a linux box, and chances are good that there would be little linksys-like routers available to do the same for the less technically savvy. I wouldn't be surprised if it became a check-box on common for-home devices, and that it would be enabled by default.

      Of course, they could also monitor traffice in and out of an IP and watch to see if there's spy/malware type things going on, which a cloak wouldn't mask. In which case, they should notify the end-users, not restrict them without doing so.

      We'll see how this plays out. The trend is toward more speed, more speed, and I don't see that changing anytime soon. If a malware infected PC's user doesn't know he/she has it, and internet service becomes slower because the cable company reduces the speed, the user will just think the service sucks and switch to DSL or whatever else.
    • > At the risk of pointing out the obvious, but - does it surprise anyone that the maker of the #1 target for malware writers is actively campagining against ISPs downthrottling infected users' PCs?

      Of course, our idiotic "security" bureaucracy would probably put Windows on the short list of approved systems, since it's a Legitimate Product (tm) from a Legitimate Business (tm).
    • That's a bit kneejerk isn't it?

      R'ing TFA, and a vague FA it was, the whole system would work by running a client agent that spies on the user and reports to the ISP, allowing the ISP to determine how to manage traffic (based presumably on draconian laws that further US govt ends).

      Now, Microsoft will, realistically, be opposed to this simply because they don't control it. Absolutely they have every right to tell the govt they're not interested in them bundling software onto every Windows distribution. Only
    • At the risk of pointing out the obvious, but - does it surprise anyone that the maker of the #1 target for malware writers is actively campagining against ISPs downthrottling infected users' PCs? I mean, if customers found out that Microsoft Windows = your ISP cuts down your rate, are people more or less likely to buy Windows? Their actions seems like obvious good buisness practice to me.

      What percentage of all Internet users are on Windows versus everything else?

      Okay, so this is NOT a good business pra
  • Err.... (Score:3, Insightful)

    by Anonymous Coward on Tuesday December 27, 2005 @07:45PM (#14349033)
    What if the user is behind a SOHO router? It will be hard to figure out what the client's OS/version is. Try using www.grc.com and their ShieldsUp.

    Anyways, this being the US, such practice will be considered discriminatory especially if poorer families cannot afford the latest M$ tax.
    • Re:Err.... (Score:3, Informative)

      by AndroidCat (229562)
      Check the FA. The fools want people to run client-side software to verify that all your software and hardware are on the approved list. ("Gee, does your client run on PC/104 ARM9 hardware?")
      • Re: Err.... (Score:3, Insightful)

        by Black Parrot (19622) *
        > Check the FA. The fools want people to run client-side software to verify that all your software and hardware are on the approved list. ("Gee, does your client run on PC/104 ARM9 hardware?")

        I wonder how many minutes it would take for someone to write an emulator to send back the "A-OK" signal.

        I can't imagine the system working even if people didn't try to jack with it. It would require regular automatic updates as new products came out, and a simple bug could result in shutting down most their customer
        • Re: Err.... (Score:5, Interesting)

          by Alsee (515537) on Tuesday December 27, 2005 @11:54PM (#14350105) Homepage
          I wonder how many minutes it would take for someone to write an emulator to send back the "A-OK" signal.

          You CAN'T.

          Not just working with software anyway. This is the Trusted Computing Group's Trusted Network Connect system. I'm been posting on Slashdot about it for over a year now. Thesystem is based on everyone having a Trust chip in their computer (which will come standard in all PCs as a hardware requirement for Windows Vista). The Trust chip spys on and locks down your computer - locks it down against you. Each chip has a unique master key locked inside the silicon... a key that the owner is forbidden to know. In fact the chip is boobytrapped to self destruct if you attempt to open the chip to get at your key. This key is cryptographically signed by the manufacturer, and the manufacturer's key is cryptographically signed by the Trusted Computing Group.

          What happens is that the chip can lock files on your computer. If you attempt to make any "unauthorized" modification to your hardware or software, the chip denies you any ability to read or modify your files (you can always delete/destry files, but you can't alter them).

          When you try to log on to your ISP, the ISP asks the chip for a "Remote Attestation". The chip then sends a spy report listing exactly what hardware you have and exactly what software you are running. This list gets cryptographically signed and authenticated by the chip. You are forbidden any control over this spy report. The ISP then checks whether they like the hardware and software on the list. If they don't, they refuse you any internet access. They then check the signature authenticating the list, if that fails, you are again denied internet access. Then they check the manufacturer's signature authenticating it as a genine Trust chip. Again, failure means no internet for you. They then check that there is a valid Trusted Computing Group signature on the manufactuer's key, proving that the manufacturer and all chips made by them are properly compliant to deny you control over the master key in the chip and to securely lock down your computer against you and to enforce DRM systems.

          Without a genuine key and all of the proper signatures on that key, it is cryptographically impossible to fake the "A-OK signal".

          The only way to "fake" the system is to buy a genuine compliant PC and to physically rip a genuine key out of the genuine chip - the boobytrapped self destructing chip.

          Oh, and if you do buy one compliant PC and you actually HAVE a sophisticated laboratory and you manage to bypass/disable the boobytraps and selfdestruct mechanism rip one key... that is only good for liberating ONE machine. If you attempt to give that ONE key out to your friends to use in software to fake the system, it will immediately be spotted that that key is in multiple use and has been replicated. As I said, each chip has a unique key. If any key is seen in multiple use then it no longer a legitimate and properly secured key and it immediately goes on a revokation list. All machines attempting to use that key then drop dead.

          So for each machine you want to "liberate", you must PURCHASE one GENUINE compliant computer and physically rip the chips one by one. And even then you need to be insanely careful never to leak the fact that your machine is liberated and capable of doing things that you are not permitted to be able to do, or again that key is revoked and drops dead and your REAL MONEY PURACHASE gets flushed down the toilet and you need to pay for another compliant PC to rip another key.

          And if the do roll this out, does anyone really dobt that is will be highly criminal to forge the signature and to lie to your ISP every time you log on? Not only is it a contract violation, but it will be computer crime. It is illegally hacking to obtain unauthorized access to a computer network. In fact the way the law is written the already draconian prison terms for that almost inherently carry two or three "special aggravating circumstances" to multiply
  • Wow (Score:2, Interesting)

    I think this is the only article on slashdot, that had anything positive to say about microsoft. This is the problem when you try to protect people. ISP regulating what I put on my computer and run online is not what we need. People should be allowed to run whatever they want to on their computers.
    • Re:Wow (Score:2, Insightful)

      by syzler (748241)
      It is not a matter of the ISP trying to protect the individual, but a matter of the ISP trying to protect the ability to provide service to others. I work at an ISP in Alaska. We are having to take preventive measures to ensure that our entire network is not black listed by larger ISPs such as AOL.

      We may be inconveniencing a small minority of our users, but we trying to maintain access for the majority of users. If we allowed our network to be in a perpetual blacklist, we would eventually not have any
  • Hah (Score:2, Interesting)

    by matr0x_x (919985)
    The real question is, is the open source community against it?
    • Re:Hah (Score:3, Insightful)

      by Ruff_ilb (769396)
      Answer: Does it really make any difference?

      How much power does MS wield? How much power does the OS community wield?
    • Re:Hah (Score:3, Insightful)

      by grcumb (781340)

      "The real question is, is the open source community against it?"

      Actually, I think the real question is 'How could everyone miss the point so completely?'

      Look, I think that government does have a place in enforcing standards, especially with regards to safety and security, but those have to be standards of behaviour. The difference between saying 'nobody is allowed to run software that does X' and 'nobody is allowed to run software X' is critical.

      Taken to its logical extreme, it's the difference between

  • by Todd Knarr (15451) on Tuesday December 27, 2005 @07:48PM (#14349053) Homepage

    Of course Microsoft would object to this proposal. Any objective analysis (which the ISPs are certain to do) would put Windows high on the list of vulnerable systems. No matter how much Microsoft tries, it's always hard to configure a Windows system to be both secure and capable of easily running the software most users want to run without glitches. Putting a hardware firewall in front of it's just as bad from Microsoft's point of view: you're still telling users they have to spend more money and do more work to use Windows on the Internet. By contrast, many of the competing systems (Max OSX, *nix) are at low risk and would pass most security checks easily out of the box. No way does Microsoft want ISPs making it easier to put a Mac or a Linux box on the Internet than a Windows box.

    • Boy, if this isn't a complete load of bullshit. I run Windows XP SP2, Outlook 2003, Access, IIS (HTTP, FTP, and SMTP), IE, MS AntiSpyware, and Windows Firewall and I also have an MN-700 Router/Firewall (Microsoft -sadly discontinued) and I've only ever had one "intrusion" on my system. I forgot to close off anonymous FTP and someone decided to use the open server to dump their warez and moviez. I am not a techie by any stretch of the imagination, I'm a graphic designer who likes to have a little more con
    • Any objective analysis (which the ISPs are certain to do) would put Windows high on the list of vulnerable systems.

      So what? With at least 90% of their customers running Windows, there would be absolutely no chance whatsoever of refusing access to PCs running Windows. At the very, very most they could refuse access to sufficiently old versions, but even that would risk them losing customers.

      No matter how much Microsoft tries, it's always hard to configure a Windows system to be both secure and capable of eas
    • Of course, if you RTFA, the article stipulates that ISPs would be required by law to only allow boxes with mandatory government spyware running connect to the internet.

      The government is unlikely to be interested in producing a spyware module compatible with your favourite flavour linux distro, although industry uproar might make a Mac version available. Many linux and BSD clients under this system would be completely blocked from using the net.

      Writing spyware for MS is quite easy however and therefore, Win
  • by ChowRiit (939581) on Tuesday December 27, 2005 @07:48PM (#14349054)
    Personally I don't care why Microsoft is against it - I'm sure they have their own agenda, but the enemy of my enemy is still my friend. If Microsoft are against it, it almost certainly won't happen - they have enough clout.

    Anyway, such a law would be pandemonian, it would require international standards etc etc - it would never work...
    • The "enemy of my enemy ..." comment is really stupid. I mean, it isn't even transitive.

      For example, A, B, AND C are all pair-wise enemies. According to the "enemy of my enemy" theory, A and B are friends, because they are both enemies of C, A and C are friends because both are enemies of B, and B and C are friends because they are both enemies of A. So everyone is both friends and enemies.

      A better statement is: "The enemy of my enemy is helping me so long as he causes my enemy to expend resources, which
  • Problems with this (Score:4, Insightful)

    by Ruff_ilb (769396) on Tuesday December 27, 2005 @07:48PM (#14349055) Homepage
    1. It's impractical -
    I can see how the White House might deal with this sort of restriction, but an ISP dealing with thousands of customers that don't WANT to cooperate - not to mention, there would be an absurd number of software and hardware iiterations, hacks, etc, all of which they'd have to deal with.

    2. It's unfair -
    I should be able to run the software I want on the hardware I want, as long as I'm not producing malware. A restriction on rights for security is inconsistent with democractic ideals, especially with the qualifier that the security doesn't necessarily protect rights.
  • Sign me up. (Score:5, Funny)

    by grub (11606) <slashdot@grub.net> on Tuesday December 27, 2005 @07:49PM (#14349058) Homepage Journal

    I want on the OpenBSD-only ISP.
  • by xoip (920266) on Tuesday December 27, 2005 @07:49PM (#14349061) Homepage
    It is becoming increasingly obvious that the large ISPs are out to put a strangle hold on the "Services" they deliver. There will be problems with VOIP caused by port restrictions, Others will stop offering basic services like nntp access. They have taken the view that the network is theirs and that they will dictate what is run over them with consumers being and endless cash cow that can be milked for access to "Premium" applications.
    • Taken the view that the network is theirs?

      It is.

      Like it or not, an ISP does own the part of the network you traverse to get to "the rest" of the Internet. So it should be no surprise that they wish to control it, and consider it their right to do so.

      And I cannot say I entirely disagree. Vote with your wallet. Where a large enough market exists (i.e. people who want no restrictions placed on their access), there will be an ISP to fill that need.

      And besides, I doubt that all ISP's are heading in this direc

      • And I cannot say I entirely disagree. Vote with your wallet. Where a large enough market exists (i.e. people who want no restrictions placed on their access), there will be an ISP to fill that need.

        Problem is, most places have 1, possibly 2 isps for broadband. Not really a choice, is it? I say, either open up your lines or accept some restrictions in what you can do to what is, effectively, a captive audience.

        That said, I've been shocked at how hands off Comcast has been with me.

      • I think the thing that makes this concerning to many of us is that those of us who would be severely hurt by charging extra for things standard today like NNTP or VOIP do not seem to be enough of a force to be of any consequence.

        Suppose a provider like Time Warner decided that they want to increase profits a bit so they make the privilege of using specific ports a five dollar premium fee. Essentially they've created profit where it didn't exist before. Some people will simply have to pay (it's a good deal o
        • I wonder what would happen if people simply moved back to BBS connectivity. Slow, but hands off for providers. Don't create content on the Internet. I am sure that the _majority_ of us can live with unlimited dialup. Hell, it might actually be better to move back to a trusted network world, where you actually know the administrators of the systems you are connecting to.
  • by ltbarcly (398259) on Tuesday December 27, 2005 @07:50PM (#14349066)
    that Microsoft would want to prevent people from being punished for using an insecure OS...

    It's because they're for choice right? I mean, every time I turn around I hear about a new Red-Hat exploit which has allowed a worm to spread into millions of computers around the world, causing massive amounts of bogus traffic and driving up costs for ISPs.
  • Terms of Service (Score:5, Insightful)

    by saikatguha266 (688325) on Tuesday December 27, 2005 @07:51PM (#14349074) Homepage
    > Laptop and home users also have the right to run an insecure PC

    Absolutely. But do they have the right to abuse the ISP's network by sending spam/DDoS attacks etc?

    Run what you may on your PC, but if you are using the network infrastructure owned and maintained by your ISP, you have to adhere to their Terms of Service, and they should have the right to enforce those terms of service.

    If you don't like your ISP's TOS, find a different one. But don't confuse you right to run an insure PC with your right to abuse your ISP's network -- you do not have the latter.
  • by rewt66 (738525) on Tuesday December 27, 2005 @07:51PM (#14349078)
    Laptop and home users also have the right to run an insecure PC.

    Yes, but do they have the right to run an insecure PC connected to the Internet? When their insecure PC, if it gets 0wned, is going to have adverse consequences for others on the Internet?

    An analogy: I have the right to drive a car that fails safety inspection - on my own land. I do not have the right to drive it on the public roads, where it can endanger others. (Of course, this analogy breaks down, because the government mandates the safety inspection, and the government owns the roads, and in the Internet case, it's not the government that mandates the safe PC, but rather the ISP... and the ISP owns the "road" that I'm putting the unsafe PC on, or at least the road I use to access it... hmm, maybe the analogy isn't that bad.)

  • by SlashdotOgre (739181) on Tuesday December 27, 2005 @07:53PM (#14349093) Journal
    I can see why ISP's would want this (less zombies, etc.), but I don't believe they'd all be able to sit down and agree on standards. Likewise, if my current provider makes say running Windows XP SP2 a requirement, there's no doubt I can go elsewhere and find some other provider that would let me run Linux. Now when we reach the point where there's only a handful of ISP's (esp. if they're regional), we will have a problem.
    • Now when we reach the point where there's only a handful of ISP's (esp. if they're regional), we will have a problem.

      This may in fact be the case. Now that the FCC has defined DSL as an "information service", this may give the ILEC the right to boot other DSL ISPs off the ILEC's copper. Then you end up with a duopoly, and in that case, "go[ing] elsewhere and find[ing] some other provider" would involve expensive real estate transactions.

  • Rights? Huh? (Score:3, Insightful)

    by dada21 (163177) * <adam.dada@gmail.com> on Tuesday December 27, 2005 @07:57PM (#14349114) Homepage Journal
    There is no right to do anything with anyone else's property or for them to provide a service they don't want to.

    On the other hand, an openly competitive market generally won't see companies trying to reduce services or increase fees -- competition is what gives consumers what they want at the price they're willing to pay.

    If we allow our government to regulate the Internet, you better believe the market will be disturbed by enough regulations that we WILL see restrictions such as these -- regulations always serve the interests of the now mandated monopolies instead of the end consumers.

    If a few big ISPs decide they want to restrict services for certain users -- let them! The little ISPs will gain enough business to give them a nice profit. Seems like a win-win to me.
    • There is no right to do anything with anyone else's property or for them to provide a service they don't want to.

      Hmmm, on the surface your comment sounds reasonable and very patriotic. Underneath though, most everything seen as having some kind of national interest is, one way or another, eventually usurped by the gov't. The recent 911 service for VOIP providers requirement is one example of how they start. Regulation is their controlling mechanism.

      On the other hand, an openly competitive market general
    • Either that or the little ISP's will take this as a cue to add restrictions of their own. The smaller ones generally make less profit, so anything they can do to reduce your cost to them, they'll do it.
  • As Libertarian types are fond of pointing out, "your rights end where my rights begin". By definition, your "rights" cannot involve the unconsented participation of others, nor can your "rights" tread upon mine.

    You have every right in the world to run an insecure PC. But as soon as you plug that insecure PC into the Internet and it starts spewing spam and viruses to my computer (and my neighbor's, and my company's, and my ISP's...), you've just crossed a line. You've infringed upon everyone else's right
    • > You have every right in the world to run an insecure PC. But as soon as you plug that insecure PC into the Internet and it starts spewing spam and viruses to my computer (and my neighbor's, and my company's, and my ISP's...), you've just crossed a line. You've infringed upon everyone else's right to not pay bandwidth fees for your viruses and spam

      If ISPs could charge individuals for the bandwidth they use, those who own spew hosts would either fix them or drop off the net due to inability to afford the
  • by Anonymous Coward
    Look, make a mesh. Decentralise. No-one should consider themselves part of the internet unless they've got at least 3 independent paths to neighbours with at least 3 independent paths etc.

    ISPs, Telcos, are symptoms of antiquated centralist thinking.

    • How the fuck am I going to connect to the "MESH"??? Run wires under the street to my illiterate neighbor's house?

      What happens when my dipshit neighbors decide to run p2p apps with idiotic setups? For example, gnutella is about the most worthless, bandwidth wasting app you can imagine.

      And who is going to stop people from blocking traffic randomly, or randomly corrupting packets, just to be an asshole? OR doing wget www.bigassiso.org >> /dev/null, just to get a 6th month running average of their band
  • by Caspian (99221) on Tuesday December 27, 2005 @08:00PM (#14349139)
    In the real world, restrictions like this will be used to keep people from running Linux (or *BSD, or anything but Windows).

    Mod me down, but you know it's true. They'll say that GNU/Linux systems are not "trusted" (as in "Trusted Computing"), and that will be that. Only niche geek-friendly ISPs like Speakeasy will continue welcome *nix users.
  • I would hope that the ISP would set the policy, and not mandate mechanisms.

    E.g. don't send spam, but run whatever you want to run.

    In any case, I would think that if you want to run stuff badly enough, you'll find a way to spoof.

    Until we get DRM, trusted boot and Palladium-like technologies everywhere --- then you won't be able to spoof your OS or software.
  • "And he says this isn't just about the impracticability of demanding that data centers patch everything on the second Tuesday of the month."

    But yet that's what they demand... And we're stuck doing it every Tuesday night in a maintance window between mid-night and six am...

    In retrospect we have to patch our FreeBSD boxen like 2 times a year.
  • by crazyphilman (609923) on Tuesday December 27, 2005 @08:05PM (#14349166) Journal
    Side #1: Microsoft is terrified of this because it will set a precedent whereby an ISP will be able to cut people off based on the ISP's view of their software configuration. So, ISPs will be able to threaten to kick Microsoft in the balls unless they get favorable treatment (RE: cheaper prices), and home users will be able to demand that tainted machines get knocked off the web until they're fixed (which will mostly affect MICROSOFT). Microsoft, God bless 'em, is naturally against the whole thing.

    Side #2: The TRUE result of this will be that lazy ISPs (read: most ISPs) will just lock out anything that doesn't match some piece of shit filter they put in place. So, a fully patched Microsoft or Apple box will probably be able to connect, but my Slackware box will NOT. And when I call tech support, the retard who takes my call will say "SlackWHAT? You can't run that on our network, for, uh... SECURITY reasons. Why don'cha run Winders like everyone else?" And I will be forced to resort to cruel, mocking language, upsetting his supervisor and getting me absolutely NOWHERE.

    So, naturally, I'm against this bullshit too. ;)

  • by blair1q (305137) on Tuesday December 27, 2005 @08:05PM (#14349169) Journal
    I've said it before, I'm saying it now, I'll say it every time someone tries to enforce security on The Internet:

    THE INTERNET IS NOT SECURE

    By connecting to it you must expect to be probed, attacked, sniffed, decrypted, spammed, hacked, and denied service. In order to avoid these things either you must not connect to it, or you must take measures that degrade its performance in order to eliminate some of these possibilities. But you will never make it secure, because it is not secure.

    If you want a secure network, you will have to start over from scratch.
  • blah blah blah (Score:5, Insightful)

    by Transcendent (204992) on Tuesday December 27, 2005 @08:10PM (#14349196)
    ...blah blah blah, of course Microsoft is against it blah blah blah...

    But this IS a horrible practice? Restricting people's internet access based on their computer? Does anyone see what is wrong with this or are you all going to complain about MS?
  • ...why I pay Speakeasy [speakeasy.net] almost $100 per month for an Internet connection. It's exactly for stuff like this. Speakeasy has made an entire business around giving people a completely open pipe with no restrictions, and it's the ISPs like this that I will patronize. Sure, $14.95 as a teaser rate sounds wonderful, but not to me when I consider the PPPoE travesty, port blocking, draconian ToS and the returning attitude of "we're the phone company; we don't have to care."
  • by ottffssent (18387)
    Well, Microsoft is no doubt concerned about ISPs who include branded browsers as part of their install kit restricting or blocking access to the 'net from IE (which is 98% insecure [scanit.be]). A wholesale switch to either Moz or Opera isn't the answer (but abandoning IE can't hurt), but both could use somewhat increased market share. A 3-way race with no eventual winner is probably the best possible outcome.
  • by srk (49331)
    This idea can be a potential danger to Linux users. Yes, Linux is much less susceptible to malware than Windows. However, Windows will be always defended by Microsoft but there is no body to protect Linux users. Any minor public doubt in Linux safety for ISPs has a chance to result in a major action to ban access from Linux boxes.
  • by AndroidCat (229562) on Tuesday December 27, 2005 @08:25PM (#14349272) Homepage
    Vendors call them by different names, but all use an agent on the client to verify its configuration. If the agent reports software (or in more advanced versions, hardware) that isn't on a white list, access is denied.

    Access control agents have two big practical problems on a private network, both of which are more serious on the wider Internet: Not all clients can run the agents, and new programs not yet certified malware-free won't be on the white list. Worse, ISPs might base their lists on commercial considerations. So while custom enterprise applications are locked out, Sony's rootkit gets through.

    Okay, it's not quite spyware, but it does raise a few questions, doesn't it? The above misses a few like: (a) What if you develop software? (Software which isn't on anyone's list?) (b) And what's this about hardware? Are haxors leaving trojan hardware on people's doorsteps now? (Hmm...) (c) Lastly, I'm not going to open my security to let their untrusted agent software phone home to tell my ISP that everything is okay. Sorry. If need be, I'll haul out an old box to run their agent to tell that that everything is fine--but it'll be isolated as much as possible from everything else on my LAN.
  • What's bound to happen is some morons at an ISP will declare that you can't run a computer unless you run their prescribed antivirus and firewall software. Since Linux and Mac users can't run it, they'll be disqualified.
  • ... that the ISPs have been unable to secure their side.

    It can't p[ossibly have anything to do with the customers side seeing how the truth of the third user interface is being so well kept from the consumer.

    That user interface is the ports, the doorway to integrating software components.

    Its been called many things, but its essence is the same. That of being the access point of integration.

    Of course all the wrong intent users know about... the virus, worm, spyware, malware, etc...writter make use of ports t
  • by havardi (122062)
    Microsoft is against ISPs doing anything that would restrict customers' choice of software
    Bullcrap!
    Microsoft's ISP screws a lot of people. Case in point: I helped a little ole' lady move from win98 to a mac mini. She had been a qwest user since the uswest days but then one day qwest decided to switch her to MSN because Microsoft pays them off... they migrate her pop account to an msn account and send her the msn client which totally craps her computer out...

    Anyway, the MSN client isn't available for Ma
  • Not a bad idea... (Score:3, Interesting)

    by arikb (106153) * on Tuesday December 27, 2005 @09:01PM (#14349450) Homepage
    How about having two levels of "Internet access":

    • The default level, where every newbie can connect, where port 25 is screened, software is monitored and rate limits are in place, and the user has no liability for whatever malware that their computer runs and the ISP does its best to stop it from running even if it means restricting the services the user gets, and
    • The advanced level, where you have to sign a document making you liable for whatever traffic emanates from your node, and the ISP can't do anything to your access without you asking for it. No port blocking, no transparent proxying, nothing. They can however hold you liable for malware running on your setup, provided you neglected to promptly and properly patch your system.

    Thoughts?

  • by man_ls (248470) on Tuesday December 27, 2005 @10:54PM (#14349886)
    Quarantined connections are a very, very good thing. Corporate networks already do this -- there is, if I recall, a Cisco client which enforces router rules based on the security software installed on the PC. Windows RRAS can enforce a quarantine network based on whether or not the connecting machines are patched up-to-date. Captive portal software allows only authenticated users to connect to the greater network -- same with VPN tunnels.

    All of these things work in a very good, and non-censoring way: they require the user connecting to the network, to take certain "safe computing" steps. Requiring virus/spyware protection is overkill (I for one have never run spyware or virus protection, and have only had one spyware infection that required a reformat and two viruses -- in 11 years of being connected to networks unprotected. All of those infections were 3+ years ago.) but requiring that computer users, say, don't broadcast worm packets and don't have unpatched security holes, is a very good thing.

    It's one thing for the ISP to shut off people for downloading certain types of content, it's another if the user is abusing the network resources. Similar to, a phone company won't cut your line for calling people they might not agree with the opinions of -- but if you, say, wardial your entire neighborhood on a daily basis, they have some recourse against you.

    Overall, the ISP restricting access to its network to people who aren't infected and are secure, is only a good thing -- on every possible front. And, from the stand point that Windows updates generally are denied to people using pirate copies, it will reduce software piracy rates as well. There's no excuse for people to still be broadcasting the Sasser worm, other than the fact that it isn't worth their time to fix it. This will make it worth their time, to no longer be a deliberate nuisance to everyone else.
    • by Agent Green (231202) * on Wednesday December 28, 2005 @03:22AM (#14350638)
      That's all well and good...but you're forgetting something critically important.

      On a corporate network, they most likely own every single device on the LAN, and have an IT staff that maintains what the "standard" images are. In fact, one place I worked would block the port within 30 seconds of a link-up condition if the device connecting to it wasn't running an approved image.

      ISPs don't own the users' devices at the edge...and they should _not_ be just given some kind of backdoor to "check on things." Once that exploit gets into the wild, the info could be used to make a much, much more efficient and easy to hide botnet.

      Nobody seems to remember that the road to hell is paved with good intentions, such as this.
    • by dodobh (65811) on Wednesday December 28, 2005 @04:45AM (#14350844) Homepage
      The problem is that the Internet is _not_ a quarantined corporate network, with a single global policy. If I want to develop a new protocol with a bunch of people all over the world, restricting what I can do is a bad thing.

      The rules change on the open Internet.
    • by twitter (104583) on Wednesday December 28, 2005 @09:43AM (#14351666) Homepage Journal
      Overall, the ISP restricting access to its network to people who aren't infected and are secure, is only a good thing -- on every possible front.

      That depends entirely on how you can tell. If the method is your silly Cisco router which checks for this or that piece of Windoze shit, it sucks. If the method is detecting obvious spam and worm broadcasting signatures, great. Detecting spammbots is getting tricker all the time because the spammers are smart enough to not want damage the user's performance enough for the user to want to fix the computer. ISPs have been turning off blatantly broken computers for a while and it is a very good thing.

      Windows updates generally are denied to people using pirate copies, it will reduce software piracy rates as well.

      How do you equate the two without advocating some really stupid and lazy method of punishing people for not having whatever Bill Gates wants you to have right now? A check which provides that kind of solution will outlaw all the software that's actually secure.

    • I for one have never run spyware or virus protection, and have only had one spyware infection that required a reformat and two viruses -- in 11 years of being connected to networks unprotected. All of those infections were 3+ years ago.

      I've seen people make this claim before. If you do not run spyware/virus protection, how do you know that you're not infected? I mean you would notice if your computer started opening popup ads every 5 minutes for a spyware infection, but a lot of malware works in the bac

  • by Animats (122034) on Wednesday December 28, 2005 @12:08AM (#14350152) Homepage
    Users with a LAN aren't really examinable by the ISP anyway. And by now, most users need a LAN, just so the home PC, the game console, and the TV can coexist.

    The ISP's first responsibility is IP egress filtering. The ISP must validate the outgoing source IP address of each packet. This at least prevents the most annoying types of denial of service attacks. Most competent ISPs do this now, although some of the cable guys are weak in this area.

    The ISP's second responsibility is outgoing mail rate limiting. That's enough to slow down zombie-based spam. If the outgoing mail rate exceeds some reasonable threshold, the user should get a phone call, even if the phone call is automatically generated.

    The ISP's third responsibility is incoming mail spam filtering. This should include virus filtering.

    Incidentally, ISPs which block outgoing TCP ports should return an ICMP message (type Destination Unreachable, code Communication Administratively Prohibited). At least then you know what's going on, and who's doing the filtering.

  • AUP Violations (Score:3, Insightful)

    by nuintari (47926) on Wednesday December 28, 2005 @09:37AM (#14351634) Homepage
    Laptop and home users also have the right to run an insecure PC.

    Sure, you do have the right to run an insecure PC, run an adware ridden piece of crap to your heart's content, most people seem to think those fifty billion popups and 14 minute boot times are normal. Doesn't mean you should do it....

    Its when I start getting spamcop complaints, and reports of intrusion attempts on other people's pc's that we start to have a problem. Then I have to cut you off from the internet (I work for an ISP), acceptable use policy says nothing in it about infesting the internet just because you aren't smart enough to keep your pc a little more secure.

    If you owned a house next to mine, and you let it fall into disrepair, and become a huge fire hazard, sure, I guess that is your right to do so. If it actually catches fire, and spreads to my house, then we have a problem, because now, your neglect has caused damage to somone else's property. Same on the internet, if you become a threat to your neighbors, I will simply isolate you until you are no longer a problem.

Per buck you get more computing action with the small computer. -- R.W. Hamming

Working...