Australian Cybercrime Enquiry Report Released 81
An anonymous reader writes "The Australian Government Standing Committee on Communications has released the results of a year long enquiry into cybercrime in a report titled Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime. This report includes a recommendation that Internet Service Provider customers should be forced to install anti-virus and firewall software on their computers as part of their contractual obligations. The Australian Communications and Media Authority receive further powers and responsibilities under the recommendations with respect to shutting down websites hosting malicious content and ensuring that infected consumer devices are disconnected from the Internet."
Quarantine (Score:2, Interesting)
Advantage: Boxed software. (Score:3, Interesting)
ISPs would have to: require all subscribers to install anti-virus software and firewalls before the Internet connection is activated
It seems to me like this is a strange requirement. I couldn't tell you the last time I actually went to a brick-and-mortar store and bought an antivirus product. And what about lesser-known or free antivirus solutions? Unless you're going to find someone with an internet connection and download them onto USB/an external drive, it seems like this requirement would negatively impact their marketshare (which, if they're lesser-known, would admittedly be small).
Infected websites? (Score:3, Interesting)
I am beginning to think... (Score:2, Interesting)
That Conroy et al are not so much interested in controlling what we do as much as they are shills for internet security software.
Actually remembering the last time I was involved with a government technology program and who was involved that wouldn't surprise me in the least.
Anti-Virus and Firewall software.. UGH (Score:4, Interesting)
Firewall software? Maybe because it was because I am a UNIX guy and the kernel of these operating systems had control of the IP stack without needing third party programs. Or because a true firewall is a hardened hardware router that can withstand attacks not just coming from the outside in, but prevents items from coming from the inside out (such as E-mail from any box other than the designated mail servers.) A software firewall that is not built into the OS proper is pointless [1], as the OS should protect against incoming attacks, and if a malicious application is installed, the game is over anyway, so protecting against outbound stuff is pointless.
As for anti-virus, maybe on Windows, but I have yet to see malware on a serious UNIX system unless it is a Trojan (and no A/V system can protect against that.) However, I just find it almost laughable when I have to install McAfee on a pSeries box with some script to show it is running for audit reasons.
Instead, maybe the law should be worded as "proper security measures shall be taken to protect against malicious software and remote attacks." This way, an OS that has a decent IPS built in doesn't need to have third party stuff tacked onto it to make it compliant.
[1]: An exception is the DroidWall app on rooted Android phones. It provides good security because a lot of apps ask for network communication privs which shouldn't have it, and a user otherwise wouldn't have control of what can and what can't communicate out.
Re:Just wait for insitutional stupidity ... (Score:3, Interesting)