Forgot your password?
typodupeerror
Privacy Government Security United States Worms

US Shows Interest In Zombie Quarantine Code 195

Posted by timothy
from the aussies-please-weigh-in dept.
bennyboy64 writes "Barack Obama's cyber-security coordinator has shown interest in an e-security code of practice developed in Australia that aims to quarantine Internet users infected by malware, also known as zombie computers. He reportedly said it would be a useful role model for the US to adopt. One suggestion within the code is to put infected users into a 'walled garden,' which limits Internet access to prevent further security problems until quarantined. Another is to throttle the speed of an infected users' Internet connection until their computer fixed. The code is also being considered by other Asia-Pacific countries, ZDNet reports."
This discussion has been archived. No new comments can be posted.

US Shows Interest In Zombie Quarantine Code

Comments Filter:
  • by retech (1228598) on Saturday June 26, 2010 @01:03AM (#32700324)
    This is so NOT the story I was hoping it was going to be.

    Like a baby Harp seal on the open ice, my dream has just been dashed.
  • Seems reasonable (Score:5, Interesting)

    by Rijnzael (1294596) on Saturday June 26, 2010 @01:13AM (#32700354)
    In contrasting this with the president's ability to declare a cyber attack and disable internet access in the United States, I'd say this seems like a reasoned approach that would hopefully be considered an alternative to the former where applicable.

    My only real concern is that of privacy. How exactly do they go about telling you're a zombie? Well written malware isn't exactly going to advertise infection, and even hosts which may be participating in a denial of service attack can't definitively be proven to be infected unless they're obvious (like sending a TCP packet with an invalid combination of flags, for instance). Scarier would be using the 'zombie' excuse to monitor net traffic on a connection for 'investigative' purposes. So it may just turn out pointless or it may be a ruse for a different kind of control. Anyone have any articles as to the effects of this or some cases where it was actually used in AU?
    • by elucido (870205) * on Saturday June 26, 2010 @01:42AM (#32700450)

      In contrasting this with the president's ability to declare a cyber attack and disable internet access in the United States, I'd say this seems like a reasoned approach that would hopefully be considered an alternative to the former where applicable.

      My only real concern is that of privacy. How exactly do they go about telling you're a zombie? Well written malware isn't exactly going to advertise infection, and even hosts which may be participating in a denial of service attack can't definitively be proven to be infected unless they're obvious (like sending a TCP packet with an invalid combination of flags, for instance). Scarier would be using the 'zombie' excuse to monitor net traffic on a connection for 'investigative' purposes. So it may just turn out pointless or it may be a ruse for a different kind of control. Anyone have any articles as to the effects of this or some cases where it was actually used in AU?

      It's not reasonable for the government to do anything more than monitor the internet. To start telling people how to run their nodes, what websites they can and can't visit, how they can or can't surf the web and at what speeds, is authoritarianism on the web. The internet was not designed for authoritarianism, it was designed to be an anti-authoritarian technology, it was designed to be decentralized, it was designed in this way because authoritarian centralized systems usually have a single point of failure. These overly centralized systems are more likely to fall or collapse.

      The internet as it is designed now is already more advanced than the design of most other systems. To centralize and control it down to the byte flowing through each wire, inspecting every package, analyzing every bit, and controlling which bits to quarantine and which bits not, is just a stealth mechanism which can be used either to destroy the internet or weaponize it. This along with the new behavioral advertising schemes allows for specific centralized entities to feed specific information to specific computers, and now they want to be able to quarantine specific computers to block them from receiving specific information from other computers.

      How can this be good for the internet as a whole? How can this be good for the flow of information from a mathematics/physics point of view? How can it be ethical if the objective is to reduce ignorance and preserve freedom of speech? It can only be ethical if the objective is to control, weaponize, and win at any cost.

      • by reiisi (1211052)

        This "icode" thing is voluntary, to be implemented by the providers.

        I see one problem already ("... is novel or not previously seen by the ISP" should be listed under things to keep an eye on, not under things to report.)

        But the concept here is much better than some of the alternatives which have been talked about, and the ISPs should do good things voluntarily, I think, rather than postpone it all until it becomes mandated by laws that will most likely go way overboard.

        • I'm not convinced. (Score:4, Interesting)

          by elucido (870205) * on Saturday June 26, 2010 @02:58AM (#32700712)

          This "voluntary" icode just happens to discussed under the backdrop of the government trying to build an internet kill switch. I'm supposed to believe it's going to remain "voluntary" when the US Government is involved?

          When it's voluntary then all the government influenced ISP's or ISP's with big government contracts will be pressured behind the scenes to adopt it. I'm not convinced that it will be voluntary if its not in the ISP's economic best interest.

          If corporations want to do this they already can. So to make it "voluntary" when it already is an option, it looks more like an agenda.

          • Re: (Score:2, Informative)

            Also you have to remember "voluntary" doesn't mean the same to us and to Rahm Emmanuel. I have a video where he is discussing a Fairness Doctrine for the Net, where popups would appear on foxnews.com to encourage people to go read a liberal website instead, and he talks about "voluntary compliance" by the internet company.

            But then he immediately followed it up with, "And if they don't do it voluntarily we can compel them with laws. Sometimes you have to MAKE people do the right thing." - So for him t

            • >>>.....then he'll use the force of government (law) to compel you to "volunteer".

              Similar to how I am being forced to buy Hospitalization insurance that I don't want. (I'll get it when I'm old but for now I'm still young and healthy.) (Plus paying cash is cheaper.)

        • by Feyshtey (1523799)

          But the concept here is much better than some of the alternatives which have been talked about, and the ISPs should do good things voluntarily, I think, rather than postpone it all until it becomes mandated by laws that will most likely go way overboard.

          What 'good things' exactly?

          There's only 2 ways they can tell if you have code on your system that is potentially harmful:
          1) Scan you system/network by actively running code on it.
          2) Capture and examine the packets leaving your network.

          I'm not a tinfoil hat kinda guy, but neither of those makes me feel warm and fuzzy in the slightest. In the most forgiving light this is a case of "the best defense is a good offense". But in anything but the most forgiving light...

          Unless there's suspicion that I'

          • by smash (1351)

            There's only 2 ways they can tell if you have code on your system that is potentially harmful: 1) Scan you system/network by actively running code on it. 2) Capture and examine the packets leaving your network.

            You're wrong. You can count concurrent connections. Malware infected machines typically have FAR more active network connections than normal. Once you've identified likely infected machines then yes you can inspect traffic for matches against known malware signatures.

            If you think your traffic i

      • by Hognoxious (631665) on Saturday June 26, 2010 @02:31AM (#32700614) Homepage Journal

        The internet was not designed for authoritarianism, it was designed to be an anti-authoritarian technology,

        It was designed for the military. You don't get much more authoritarian than that.

        it was designed to be decentralized, it was designed in this way because authoritarian centralized systems usually have a single point of failure.

        It was also designed on the assumption that those using it would know what they were doing.

        Why do you keep using a political description as if it were a technical one?

        • by elucido (870205) * on Saturday June 26, 2010 @03:17AM (#32700790)

          It was designed for the military. You don't get much more authoritarian than that.

          http://en.wikipedia.org/wiki/ARPANET [wikipedia.org] Arpanet was designed for the military. The Internet/World Wide Web was designed for civilians. The Arpanet even though it was designed for the military it was not designed to be an authoritarian tool or an information weapon. I also disagree with your opinion of the military being authoritarian. The military is only as authoritarian as the Constitution says it is. If the military fights to defend the Constitution, even if the ends justify the means the ends (the Constitution) are still just. We only have a problem when we have civilian leadership that subjectively interprets the Constitution so that free speech doesn't really mean completely free and that there are exceptions here and there. This muddles the waters and authoritarianism can rise up during the confusion but the Constitution itself is not an authoritarian document.

          It was also designed on the assumption that those using it would know what they were doing.

          The military's role is to protect and defend the Constitution with their lives if necessary. They all swear to protect that. So the soldiers actually use authoritarian means to protect the anti authoritarian interpretation of the Constitution. The problems arise when the Constitution is interpreted as authoritarian. Now gun control is acceptable, and now the Constitution can even be suspended. This is the source of the confusion, individuals no longer have a clear answer as to what they are fighting for or what the laws are, only the lawyers and judges know, only the President knows.

          I'd like it to be a technical situation but it's as political as it is technical. When you have one group who says gun control is Constitutional and another group saying they can spy on everybody, and another group saying gay marriage should be banned as a Constitutional amendment, and another group saying free speech isn't free, you have a fundamental disconnect between factions.

          You have the faction that believes the way to win the war is to control and micromanage every living thing on the planet. They believe that power is the most important principle because absolute power wins all wars. This point of view makes perfect sense when fighting for your existence such as during World War 3 or something like that. The enemy is going to exterminate you if you lose so you fight to win, I get it.

          I also understand that if we have to give up all liberty to win the war then after the war is won it's very unlikely that we'd ever get liberty back. Quality of life will be diminished and most people aren't living to protect the Constitution or living to defeat an enemy, most people are living to achieve quality of life/the American dream/pursuit of happiness. So this basically is a situation where the American populace has to sacrifice happiness for security. After a certain point it becomes a prison without walls, what is the point?

          So you have the consequentalist warrior argument from the far right military industrial complex. They want to win the war even if they have to sacrifice themselves to do it. Then you have the majority of civilians (especially the young) who haven't lived life yet and don't like the idea of sacrificing happiness and the American dream to achieve victory in a war they have nothing to do with.

          To the youth having liberty/happiness is more important than anything else. The reason is the youth will have to live in this miserable society for the next 40-50 years with no rights and no liberty, living in a prison without walls to fight wars to maintain US superpower status.

          I understand both sides. It requires sacrifice to maintain US national security and US superpower status. What I don't like is the misinformation about the US fighting to spread freedom and democracy, or pretending to care about human rights. The youth don't know an

          • You make the laws according to the constitution. If it is important enough then people can break the rules and take the legal consequences. If you need to torture a terrorist, spy on someone, then break the law and do so. If you get the information you need great. You probably won't get a jury to convict. If you don't then you do the time. If you are not prepared to do that then what you did probably was not necessary. This only works when there is transparency and accountability. I think that once u
          • The Arpanet even though it was designed for the military it was not designed to be an authoritarian tool or an information weapon.

            I never claimed it was designed as a weapon.

            I also disagree with your opinion of the military being authoritarian.

            Perhaps you'd struggle less if you knew what the word meant?

            1. Characterized by or favoring absolute obedience to authority, as against individual freedom: an authoritarian regime.
            2. Of, relating to, or expecting unquestioning obedience.

            Do you understand what absol

            • The Arpanet even though it was designed for the military it was not designed to be an authoritarian tool or an information weapon.

              I never claimed it was designed as a weapon.

              I also disagree with your opinion of the military being authoritarian.

              Perhaps you'd struggle less if you knew what the word meant?

              1. Characterized by or favoring absolute obedience to authority, as against individual freedom: an authoritarian regime.
              2. Of, relating to, or expecting unquestioning obedience.

              Do you understand what absolute obedience means? When a general tells a captain to do it, the captain better do it or else. Likewise when a captain gives orders to a private?

              Yes, there are times when it's permitted to disobey an order, but they're edge cases. They don't sit down and debate everything so that, you know, like everybody's viewpoint is respected and then sing Kumbaya.

              It was also designed on the assumption that those using it would know what they were doing.

              The military's role is to protect and defend the Constitution with their lives if necessary. They all swear to protect that. So the soldiers actually use authoritarian means to protect the anti authoritarian interpretation of the Constitution.

              Total non sequitur.

              What the hell has the constitution got to do with the competence of miltary communication technicians (as compared to dizzy teens and grannies), or the internal organization of the army?

              My original point was that virtual inanimate objects don't have political opinions. If you can show how they do, then I'm all ears. Saying the internet is anti-authoritarian is like saying usenet is a communist.

              P.S. I think you need to up your comprehension skills. It seems to me you see a word or two and just go on a rambling and largely offtopic rant.

              The problem isn't the military. If you are fighting a war and in the military you agree to accept the authoritarianism to win the war and survive. This is not the same as the expectations of civilians. Authoritarianism in a military is necessary to maintain a chain of command. Nobody is disagreeing with the need to have a chain of command.

              Where we disagree is on whether authoritarianism is a means to an end, or an end in itself. Some individuals and entities seek power for the sake of becoming powerful with

        • by TheRaven64 (641858) on Saturday June 26, 2010 @03:37AM (#32700852) Journal

          It was designed for the military. You don't get much more authoritarian than that.

          It may have been designed for the military, but it was designed by a bunch of hippies at Berkeley (and elsewhere)...

          • Re: (Score:3, Funny)

            by Zarf (5735)

            Two things came out of Berkely in the 60's: LSD and BSD.

          • So what? It doesn't have like a soul and stuff, man!

            The decentralization aspect isn't there to keep everyone's kumbaya mp3s flowing freely. It's there to keep it working if part of it gets nuked by them thar godless commie bastards.

      • by r00t (33219) on Saturday June 26, 2010 @02:34AM (#32700624) Journal

        It's not reasonable for the government to do anything more than monitor the internet. To start telling people how to run their nodes

        In a competitive world, businesses WILL NOT prepare for disaster unless the executives see that it affects the stock price. Preparing for disaster is expensive, and it seldom pays off. (see also: car industry, banking industry, airlines, BP, failure to protect against natural disasters...)

        If we want the internet to keep running, without collapsing during a cyberwar, then we do need to insist on some things. It's like requiring that banks keep some reserve, requiring that oil companies have a means to stop a leak, or requiring that an airline not skimp on maintenance when the competition gets fierce.

        • by elucido (870205) *

          It's not reasonable for the government to do anything more than monitor the internet. To start telling people how to run their nodes

          In a competitive world, businesses WILL NOT prepare for disaster unless the executives see that it affects the stock price. Preparing for disaster is expensive, and it seldom pays off. (see also: car industry, banking industry, airlines, BP, failure to protect against natural disasters...)

          If we want the internet to keep running, without collapsing during a cyberwar, then we do need to insist on some things. It's like requiring that banks keep some reserve, requiring that oil companies have a means to stop a leak, or requiring that an airline not skimp on maintenance when the competition gets fierce.

          The internet is never going to collapse. That is a strawman. Industries could lose profits however and this is a legit argument. If American industries lose profit this endangers national security. Endangering national security reduces US military might and overall power. This endangers US superpower status. So all policies are designed to maintain government power and superpower status.

          The problem with these policies is they make the civilian population miserable. We can't find a job. The laws all seem to

      • by vtcodger (957785) on Saturday June 26, 2010 @03:01AM (#32700716)

        I'm supposed to believe that Comcast, Verison, et. al. can accurately identify machines that are infected by malware then wall them off? And somehow inform their owners? Then unwall them when the infection is cleared? And that there will be no or very few false determinations of infection? On what planet is this going to occur?

        Comcast on my planet -- it's called Earth -- can't even manage to set the audio on all it's cable broadcasts to the same level. To say that it lacks the technical skills to detect and quarantine user malware infections and the administrative skills to manage a quarantine effort seems to understate the situation.

        I do not think it is unusual and that other ISPs will do better.

      • Re: (Score:3, Insightful)

        by hedwards (940851)
        And for the first years of the automobile, the government didn't issue licenses for that either. Then the number of vehicles increased as did their top speed and the government stepped in. This isn't that much different, sure you're not going to be killed or maimed, but the vast majority of people on the net have demonstrated themselves to be unable or unwilling to stop clicking the shinies long enough to get even a reasonable level of security in place on their machines.

        If the government doesn't, who wi
      • by smash (1351)

        It's not reasonable for the government to do anything more than monitor the internet. To start telling people how to run their nodes,

        When these "nodes" are attempting to break the law via unauthorized access to other people's devices, then maybe the admin/user needs telling. When their node is spewing out 90% malicious traffic, maybe they need telling.

        It is possible to do this in a mostly automated manner WITHOUT infringing on people's freedom to use their connection for legal purposes.

    • Re:Seems reasonable (Score:4, Informative)

      by bmo (77928) on Saturday June 26, 2010 @02:50AM (#32700682)

      "My only real concern is that of privacy. How exactly do they go about telling you're a zombie? Well written malware isn't exactly going to advertise infection, "

      Yes it does.

      It does every time it broadcasts. This is not to stop the criminals from stealing your CC, this is to stop the DDoS attacks and other silliness.

      There is software that analyses DDoS attacks at the victim's end. We've seen videos of it referenced here, with 3D graphs in almost a Neuromancer display. I believe the video in question was a government network being DDoS attacked at the time. The feds know when the botnets are active and when they're quiet. When the botnet wakes from its slumber, grab the IPs and issue the quarantine orders.

      This is far better than the insane "kill switch" that Lieberman likes so much. The twat.

      --
      BMO

      • by erroneus (253617)

        I would like to see compromised PCs neutered or otherwise stopped. I would like my rights and freedoms not to be tampered with. These are two opposing wants in a sense, but I'm not sure how I would go about implementing all of this in policy.

        But if the government would like to improve cyber security for its own sake, it should take measures like... oh... creating a new internet and not putting it out in the public? How about they protect themselves by unplugging? Sure public interaction sites can live o

        • by bmo (77928) on Saturday June 26, 2010 @03:07AM (#32700746)

          "I would like to see compromised PCs neutered or otherwise stopped. I would like my rights and freedoms not to be tampered with"

          You do not have the right to shit in my yard.

          And that's what the botnets do. They shit in *everyone's* yard.

          --
          BMO

          • by erroneus (253617)

            Can't have a law restricting what others can do without that same law potentially being used against you. Have you not been paying attention to the world? And every time I hear things like "but that law is not for _______ and will not be used to abuse people or anything like that" I just say "DMCA." When law is proposed and you can imagine that it will be used to abuse people unfairly, then I guarantee you that it will happen.

            • by bmo (77928) on Saturday June 26, 2010 @03:58AM (#32700922)

              Take off the tinfoil.

              This should have been done years ago when the botnets really started going full bore.

              You think you're the sole victim if you're running an infected machine? You're not. I have no sympathy at all. Getting ISPs to boot compromised machines has been impossible when done from the private sector. I know. I've tried. You know how many machines I know that I've gotten shut down?

              One. That's right, one machine, and that took writing email personally to someone higher in the chain of command than the help desk.

              ISPs don't want to quarantine customers. Customers give them money. Whether they are good neighbors or not doesn't matter. What it says in the TOS doesn't matter. All that does is simply cover the ISP's butt legally if the ISP has a case of elbow syndrome.

              This is not installing secret software on your computer to send out to the Three Letter Agencies to spy on you and take away your rights. This is so people can be stopped from being bad neitzens. Your computer is part of a botnet that is blackmailing a .com or attacking a .gov site like the IRS? Sorry, but you're disconnected until it's cleaned up.

              So don't give me your "help help I'm being repressed" BS.

              If you're going to shit on my lawn, I'm going to call a cop.

              --
              BMO

              • by erroneus (253617) on Saturday June 26, 2010 @08:11AM (#32701830) Homepage

                I think you misunderstand. I have never had a compromised machine. Not once in the 25+ years I've owned machines.

                What I am concerned about is what is required to support such actions. In order to support a law that requires machines get cut off the net perhaps only an IP address would need to be listed and issue to an ISP. What if that IP address was spoofed? What if something had changed? What if that IP address was hosted by a wireless network that was either compromised or on the network of someone trying to diagnose a problem before it was realized that it was infected? There are too many ways something could be mistaken in that regard. And what of the requirements for "proof"? Does the ISP receive more than the request or will complete forensic details be presented to the ISP? Will the user(s) ever see the complaint?

                I do have some personal experience with how government actions can be made too easily and in error at the same time. I was once about to have my pay garnished for child support by the State of California while I was living in Texas. There was something wrong with that though... *I* had the children, not the mother! She filed false reports to welfare agencies. So based on those false reports, she collected money and my pay was to have my pay garnished? And what proof was offered? None! Just a letter ordering the State of Texas to do so. And while I insisted that I had the children with me, Texas wouldn't stop the action. I asked them to check the local school where I had them enrolled. They didn't want to bother. I ended up pulling them out of school with a copy of their enrolment and attendance records in hand and brought the children to the office in Texas personally as PROOF that I have the children with me and that the garnishment order was in error. In the end my pay was not garnished but it did require the loss of a day's pay to prevent it.

                So in summary, this story shows that false reports/data/information can be part of a government order for some action and that report may have little or no proof supporting it. But the victim of such mistakes, the falsely accused, may have to go through ALL MANNER of trouble to prove they were innocent or otherwise not responsible.

                Take for example that in my home, I run mostly Linux with occasional Mac OSX usage and an occasional Windows guest. If something were to happen resulting in my network getting limited in some way, what would be required of me to have it restored? Will the asshats at the government agency be required to inspect my home network and its inventory?! Will they understand that I run Linux or what to do with it?

                I think you are not thinking this through. This is not fear of the unknown. I know quite personally how government can be when it comes to applying process and procedures for laws like these. I used the DMCA example because there is a fairly low cost of starting a claim under the DMCA and little if no evidence it required in making a claim. What's more, there are no punitive actions required in the event of a false claim. Meanwhile, the person who was claimed against suffers down time, emotional stress from dealing with the false claim and required to do a lot of work in order to restore things once removed. The burden is too often placed on the victim under laws like the DMCA.

                • Not going to happen - the inspection logistics would be ludicrous. I think what is meant in this proposal is more or less legal protection for ISPs to cut the line to nodes involved in DDoS attacks, without having to stand trial for any unforseen consequences?
                  • by erroneus (253617)

                    And something as simple as THAT wouldn't be used to censor dissidents now would it? Of course not. Not in the U.S. If you can imagine a law being abused, it will most certainly happen because other people thought of it too.

                  • by bmo (77928)

                    Your AUP and TOS covers your ISP quarantining your computer/home network.

                    They could do it today if they really wanted. Go ahead, read it. You're essentially supposed to be a good neighbor/netizen.

                    The thing is that it is rarely, if ever, enforced except under extreme circumstances (someone like me makes a stink).

                    This is more along the lines of "OK guys, we really need to get serious about this and we need a systematic way of doing it, not just ad-hoc." Which is what should have happened back when the botne

                • by bmo (77928)

                  1. I don't think you know how botnets work.

                  2. Sorry about Texas.

                  3. Quarantining a home IP adress is *not* the same thing as the state taking your kids or garnishing your pay. Come on, really. Do you equate being pulled over for speeding as the same as the state garnishing your pay?

                  Ridiculous hyperbole does not make a good argument.

                  4. The ISPs already have the authority to do this.

                  5. If you still don't believe #4 reread you AUP/TOS until you do.

                  6. This is about an organized way of having a policy to

                • What's more, there are no punitive actions required in the event of a false [OCILLA] claim.

                  The notice under 17 USC 512(c) and counter-notice under 17 USC 512(g) are made under penalty of perjury. Are you claiming that the DOJ is not required to prosecute allegations of perjury?

                  • by erroneus (253617)

                    To date, I have heard of exactly ZERO prosecutions for perjury under the DMCA perjury clause. I have, on the other hand, heard of countless assertions of baseless copyright claims under the DMCA that were later found to be baseless.

                    And yes, the DOJ decides to pursue any case it wants and ignore any case it wants. An awesome case in point was where the criminal activities that have been going on in Wall Street since its inception by a particular family as referenced in Richard Ley's book published in the 1

                • by smash (1351)

                  I think you misunderstand. I have never had a compromised machine. Not once in the 25+ years I've owned machines.

                  oh, well in that case we'll ignore the 150 million odd dickheads out there connected to the internet who have no fucking clue and are regularly infected, and write the laws with you in particular in mind.

                  How will they know to restore service? When your network connection stops hammering whatever firewall they put up and racking up blocked connection counts? Easy. Knowing when to reactivate

        • by rtb61 (674572)

          Well here is the code of practice http://www.iia.net.au/index.php/section-blog/90-esecurity-code-for-isps/757-esecurity-code-to-protect-australians-online.html [iia.net.au]

          Monitoring is fairly simple, rather than your ISP monitoring your traffic going out in can monitor incoming traffic much the same as your fire wall does and report traffic that you fire wall would reject. Mail server can simply be monitored for the number of email sent per minute/hour/day for spam suspects on residential services.

          Typically you wo

          • by bmo (77928)

            If the large ISPs had been enforcing their service policies, this wouldn't even be a discussion today.

            You're right. It's all about penny pinching.

            --
            BMO

    • by Lehk228 (705449)
      How exactly do they go about telling you're a zombie?

      When you start dining on brains
    • by smash (1351)
      When you see 50,000 (or whatever threshold figure) concurrent tcp connections from one machine, you know something is wrong. its either a server, or running malware. You can tell which by checking to see if the traffic matches known malware signatures. If it does, firewall the box and inform the user.
  • by MichaelSmith (789609) on Saturday June 26, 2010 @01:13AM (#32700358) Homepage Journal

    Currently my network looks like a single netbsd box from the perspective of my ISP. The original Australian proposal could have been interpreted to mean I would have to tell the ISP what OSs I was running and what software they had installed.

    So if I had windows here they would want to know how it was firewalled, etc. So yeah I can tell them three ubuntu laptops, one mac laptop with windows running inside vmware. Two servers running netbsd and the ISP are going to get dollar signs lighting up in their eyes. They will want me to pay for a "business" connection now, because of the nodes I have running. Not good for me.

    • by Inda (580031)
      I don't think your setup is that unusual these days. NetBSD is obviously not the norm but...

      Take my average family setup: Two laptops, one desktop, xbox, and Wii. All connected to the internet through a router. Not really so different to yours? No ISP would care about five machines; all they see is the cable modem; all they care about is a monthly payment and no abuse.
      • Yeah probably. On the subject of abuse I had a problem like this at work. Developers use suse workstations and many of us have given ourselves root accounts. One day I was tailing the logs and I noticed that a node had been trying buffer overflows on sshd. So I pasted the good bits into an email to IT who went meh then I forwarded to the IT contract manager who actually knows what a buffer overflow is and he had the offending windows box re-imaged quick smart.

    • by reiisi (1211052)

      My ISPs are cool with my internal network, as long as I maintain it myself and don't push my connection to max all day long 168 hours a week and stuff. I've asked, and they say they just aren't willing to give me multiple IP addresses unless I'm willing to pay for them. Which is actually sort of reasonable in the IPv4 world.

      I do wish they would pick up IPv6, but that's a different issue.

      This policy statement goes a little overboard, and it could be better named, but the ISPs need to take more steps in maint

    • Again, the information logistics would swamp any attempt at doing this through actual inspection, and a private company can't really search your property. I understand the US has a grotesque telecom monopoly situation but in the worst case scenario you could just lie.
  • by mccalli (323026) on Saturday June 26, 2010 @01:28AM (#32700398) Homepage
    I like this idea in principle, but concerned about the details. The article says it's "formalising an existing code of practice" so perhaps Australians here can let us know how it currently works?

    I'm thinking mostly about false positives - I've had a Mac identified as running some Windows virus, at the time I presumed due to NAT somewhere at the ISP level. Getting that sorted out was a matter of waiting half an hour or so, but I can imagine that becoming a more serious issue if this is 'by law'.

    The other thing worrying would be forced steps to remove things. I could go with an "ensure you're clean rule", but would be against a "ensure you're running this particular security measure" rule.

    Cheers,
    Ian
    • by elucido (870205) * on Saturday June 26, 2010 @01:47AM (#32700468)

      So if you run bit torrent and they decide it's malware, now they can throttle your internet speed and quarantine you. Or if you download legal but tasteless pornography this could be determined to be malware and your speed can be throttled.

      This idea is as bad as the kill switch idea.

      • Re: (Score:3, Insightful)

        by AHuxley (892839)
        Exactly, first it starts as an infected Windows, Mac hunt.
        Then your ISP is given the 'option' to inspect packets to cut down on false positives.
        Next they have to report anything suspicious in plain text that they might notice - just the really bad stuff.
        Then its all p2p use of interest under Anti-Counterfeiting Trade Agreement (ACTA) and the "voluntary" for ISPs to adopt is dropped.
        • by smash (1351)
          Check your terms of service. ISPs can typically already do this. Your packets are already inspected to determine where to route them and how to prioritise them.
      • Many ISP's already throttle P2P at their routers, stop being so paranoid. Most ISP's realize that high capacity uses like P2P is the only reason they can sell expensive plans.

        • by tepples (727027)

          Most ISP's realize that high capacity uses like P2P is the only reason they can sell expensive plans.

          That and customers want to avoid tying up the land-line while connected to the Internet.

      • by MrShaggy (683273)

        Don't forget that simply by running programs dose not make it malware.

        I think that an isp might be able to separate the traffic issue.

        If the provider thinks that your machine has a bot net infection, they would try to get a hold of you first. I don't see them throwing the kill switch for no reason.

        And if they do disconnect you, you would be on the phone to them to find out why.

        Then after doing a system scan then you can get back online.

        Mal-ware generally has nothing to do with, any other programs.

        If you

        • If you are running zone alarm, and a calculator program asks for internet access that is mal-ware.

          A more sophisticated "calculator program" might have legit reasons for connecting to the Internet:

          • Because MSI packaging on Windows has no concept of a repository, apps have to have their own updaters. Is calc-updater.exe legit or malware?
          • Microsoft Office Excel updates its help files every time you search for help while connected. Is excel-help.exe legit or malware?
          • A symbolic calculator like Maple or Mathematica or Maxima might have a feature to query a web service such as Online Encyclopedia of Integer Se [att.com]
      • by Yvanhoe (564877)
        This can also be simply an excuse to bury net neutrality very deep.
      • Re: (Score:3, Insightful)

        by smash (1351)
        They already can and many already do. Next...
    • by the_raptor (652941) on Saturday June 26, 2010 @04:39AM (#32701094)

      I am an Australian on Exetel. I have had the quarantine kick in twice due to my house mates getting infected. Both times it was a spam relay, so it was presumably easy to detect the massive jump in port 25 traffic. Once you are quarantined all ports but 80 are blocked and port 80 only serves up a page telling you that you are quarantined, what you need to do to remove the quarantine (clean your system then click a link to tell the automated system to check your outgoing traffic), and links to ISP mirrors of malware removal tools. Both times it took about 15-30 minutes to clean the infections and get the quarantine removed.

      I think schemes like this are best practice and the only way the Internet is going to be usable with the rise in online crime. Even if you have a secure local OS nothing stops users downloading trojans.

      • I am an Australian on Exetel. I have had the quarantine kick in twice due to my house mates getting infected. Both times it was a spam relay, so it was presumably easy to detect the massive jump in port 25 traffic. Once you are quarantined all ports but 80 are blocked and port 80 only serves up a page telling you that you are quarantined, what you need to do to remove the quarantine (clean your system then click a link to tell the automated system to check your outgoing traffic), and links to ISP mirrors of malware removal tools. Both times it took about 15-30 minutes to clean the infections and get the quarantine removed.

        I think schemes like this are best practice and the only way the Internet is going to be usable with the rise in online crime. Even if you have a secure local OS nothing stops users downloading trojans.

        I like most of what you said but then you use an incredibly broad general statement like it lowers online "crime." Which crimes? Be specific.

        That being said trojans, viruses and child pornography are a problem.

    • by anarche (1525323)

      The other thing worrying would be forced steps to remove things. I could go with an "ensure you're clean rule", but would be against a "ensure you're running this particular security measure" rule.

      I like this until it becomes a "ensure you're running Nortons, as recommended by the Australian Government/your ISP". And no, it doesn't come as part of your connection deal..

  • Monitoring... (Score:3, Insightful)

    by Anonymous Coward on Saturday June 26, 2010 @01:31AM (#32700410)

    Some are forgetting the obvious that this would require the monitoring of traffic.

  • by elucido (870205) * on Saturday June 26, 2010 @01:33AM (#32700418)

    I'm guessing that the new paradigm the government is following in regard to the internet is total information control. It started with total information awareness. The original goal was to monitor all the information on the internet to see and prevent terrorism. Most of us agreed with that idea, and now that the internet is fully monitored the next step is to gain complete control over it. This way if a powerful person doesn't like what is being said on a specific website or by a specific computer, they can quarantine it. This word "quarantine" gives an indication about how the government sees unfavorable information. They see it as a "virus", or "mind virus", which is otherwise known as a meme. The only way to stop the spread of a meme is by quarantining it.

    Once again this is about information control, not security. If it's about stopping zombie infectious malware as the article claims they could use many technical solutions to do this and put the control in the hands of the user. The user could set up their system to handle it and the government has no reason to get involved. Or the government could promote corporations such as Google to develop an improved version of Linux or the Linux kernel to have a feature to allow this much in the same way the NSA developed SELinux. To make it a political issue and to use Australia of all places as the example is exactly the wrong way to go about it. We all know that Australia has a completely censored internet with a list of sites people cannot go to because the government does not like the information on these sites.

    This might fool individuals who don't understand technology. Saying it's to secure the internet while you throttle their broadband speed might make sense to the 16 year old kid downloading mp3s or using bit torrent. It might make sense to the adult who works in an unrelated industry with little to no knowledge about network neutrality or what is at stake when internet speeds and information is regulated in a centralized manner. To individuals who understand the technology and how to use the internet the idea of controlling the information flowing through the pipes defeats the purpose of the internet itself. I cannot imagine any programmer, hacker, script kiddie, gamer, or serious user supporting this idea. Most of us would rather risk being infected by malware than have our broadband speed throttled.

    And let's be honest, child pornography is probably the worst kind of virus you can be infected with. And the only reason it's so horrible is because the laws related to possession of it are unreasonable. So before we go and fundamentally try to alter the code of the internet and create millions of unintended consequences we should debate what we want the internet to be and what it's purpose is. Does the internet exist as a weapon of war or is it something more fundamental? Should the government control the internet or should the market control the internet?

    If the government wants to have this much control over it, maybe they should make it free. That's my opinion. But to bait and switch like this is unfair to individuals who have paid for internet access for over a decade, who have created most of the content on the WWW, who have made the internet what it is.

    • by anarche (1525323)

      To make it a political issue and to use Australia of all places as the example is exactly the wrong way to go about it. We all know that Australia has a completely censored internet with a list of sites people cannot go to because the government does not like the information on these sites.

      We can't let this come true! I would miss my paranoid rantings by the ill-informed!

      Australia does not have censorship of the 'net. It was trialled, it was scrapped, and the Prime Minister championing it has been axed (more because he's a tool, but anyway).

      The only censorship in Australia's 'net is the shit service provision.

  • Bad editors! (Score:5, Insightful)

    by GuruBuckaroo (833982) on Saturday June 26, 2010 @01:44AM (#32700460) Homepage
    This Headline wrote a check that the story couldn't cash. Bad editors, no cookie.
  • They call this icode [iia.net.au]?

    I mean, sure, I know the fad, but? [wikipedia.org] ... but [wikipedia.org] ... but [wikipedia.org] ...

    Well, we used to call intermediate or interpreted codes i-codes in school. I guess I was living in a different branch of reality or something. I mean byte code is so, well, architecture specific.

    BASIC09 [wikipedia.org]. Wow. Blast from the past. First loves. [wikipedia.org] Things that might/should have been.

  • by reiisi (1211052) on Saturday June 26, 2010 @02:48AM (#32700672) Homepage

    Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.

    I mean, something has to be done. We are well over 50% of the internet's capacity being used to send people junk mail, most of it both offensive and fraudulent, far too much of it containing executable payloads that harm the internet itself, etc.

    If the ISPs don't take voluntary action at a level of minimum intrusion, some excited parents' group is going to hold a referendum and hand their government the right to intrude in every living room.

    Sure, this proposal goes too far in places, misses the boat technically in others. It's not perfect. But it's better than legalizing deep inspection to be adminitered and performed by the agency of the UN/international courts.

    If we want better than this, we need to come up with counter-proposals of our own, get out, educate people. (And get ourselves off the OS that is the primary medium of abuse.)

    • by waferhead (557795)

      Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.

      I mean, something has to be done. We are well over 50% of the internet's capacity being used to send people junk mail, most of it both offensive and fraudulent, far too much of it containing executable payloads that harm the internet itself, etc.

      If the ISPs don't take voluntary action at a level of minimum intrusion, some excited parents' group is going to hold a referendum and hand their government the right to intrude in every living room.

      Sure, this proposal goes too far in places, misses the boat technically in others. It's not perfect. But it's better than legalizing deep inspection to be adminitered and performed by the agency of the UN/international courts.

      If we want better than this, we need to come up with counter-proposals of our own, get out, educate people. (And get ourselves off the OS that is the primary medium of abuse.)

      Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.

      I mean, something has to be done. We are well over 50% of the internet's capacity being used to send people junk mail, most of it both offensive and fraudulent, far too much of it containing executable payloads that harm the internet itself, etc.

      If the ISPs don't take voluntary action at a level of minimum intrusion, some excited parents' group is going to hold a referendum and hand their government the right to intrude in every living room.

      Sure, this proposal goes too far in places, misses the boat technically in others. It's not perfect. But it's better than legalizing deep inspection to be adminitered and performed by the agency of the UN/international courts.

      If we want better than this, we need to come up with counter-proposals of our own, get out, educate people. (And get ourselves off the OS that is the primary medium of abuse.)

      I think ~everyone has thought of doing something like this at least for a moment.
      It makes perfect sense until you actually... think it through.

      The problem most folks have with this has two parts:

      As an unusually insightful AC above noted, the ability to tell a machine is really a zombie ~requires deep packet monitoring/logging.
      This is where
      A) We don't want them to go, as it's none of their business, and..
      B) The ISPs don't want to go, as it's not their problem, and they get to pay for the privilege.

      Add the le

      • by waferhead (557795)

        As an addition:

        For every complex problem there is an answer that is clear, simple, and wrong.
        H. L. Mencken

    • Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.

      I mean, something has to be done. We are well over 50% of the internet's capacity being used to send people junk mail, most of it both offensive and fraudulent, far too much of it containing executable payloads that harm the internet itself, etc.

      If the ISPs don't take voluntary action at a level of minimum intrusion, some excited pare

    • I mean, something has to be done. We are well over 50% of the internet's capacity being used to send people junk mail

      This has been true of physical mail for decades. Why has nothing been done?! Since their inception newspapers, magazines, and TV have filled with harmful and fraudulent advertising Why has nothing been done?!

    • by khallow (566160)

      Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.

      It's a healthy reaction to the facts as they are presented. While I can see a valid reason for the federal government to assist in dealing with junk email, we do have to remember that the federal government, especially in its powerful current form, is a greater danger, globally to our freedom, than spam.

  • I suddenly realized that I live in a world where a headline like this makes perfect sense. Is it just me, or does anyone else find this scary?

  • I think HObama should stick to what hes good at like fixing the health care system, fixing the unemployment, and fixing the deficit, oh and getting us out of Afghanistan.... what a loser
  • For example they could scan all incoming mail being sent to the ISPs mail-servers for viruses (my ISP does this and all I see is a little "we blocked x viruses" notice in my inbox periodically)

    Also they can block outgoing port 25 (i.e. prevent spam zombies from sending their spam outside of the ISPs network directly) and limit the amount of mail going out of the ISPs mail server (better yet mandate one of the "secure SMTP" options so that the spam zombie cant relay through the ISPs mail server at all)

    And IS

  • by moxley (895517) on Saturday June 26, 2010 @05:36AM (#32701304)

    The bottom line is that these oligarchs want total control over information, they're threatened by the openness of the internet, the ability for people to bypass mainstream media outlets, the ability for people to share news and information worldwide without censorship or government/corporations (almost the same thing now in the US) putting everything into their own context, the dislike the ability for people to organize.....One way or they other they are going to try to destroy all that is good about the internet.

    Malware is a problem, and people who don't patch or have proper security are stupid, but he model we have, where everyone takes responsibility for their own systems works fine, despite the rhetoric, and giving the corporate/government empire more control for any reason is a bad, bad idea.

  • by McGiraf (196030)

    That is very nice, how long before computer running bitorrent, ftp, ssh are classified as zombies?

     

The more cordial the buyer's secretary, the greater the odds that the competition already has the order.

Working...