RE: [fw-wiz] The home user problem returns

From: Paul Melson (pmelson_at_gmail.com)
Date: 09/12/05

  • Next message: Chris Blask: "Re: [fw-wiz] The home user problem returns" 
    To: "'Mason Schmitt'" <mason@schmitt.ca>, "'Marcus J. Ranum'" <mjr@ranum.com>
Date: Mon, 12 Sep 2005 10:13:34 -0400

    -----Original Message-----
    Subject: Re: [fw-wiz] The home user problem returns

    > I see my job as trying to provide as consistent and unencumbered an
    experience as
    > possible for our customers. Right now, spam, bots, and #!$%ing spyware
    are getting in
    > my way of doing that. I don't like the fact that at the onset of each new
    worm, that I
    > still have to contact people and shut them down. I don't like the fact
    that customers
    > phone complaining that our service is slow and when they bring their
    computer into our
    > shop we find a massive spyware infestation (the current record btw is
    5300). As a
    > result, we are willing to try anything that is likely to gain us some
    ground. Right
    > now one of the projects that we have that is working really well is having
    customers
    > bring in their computer when they sign up. We give the PC a thorough
    enema and send it
    > back out with free antivirus and antispyware, windows updates turned on
    and the XP
    > firewall enabled. Twice a year we run a spring cleanup and a fall tune-up
    which again
    > goes through the enema process for $29. We're fairly confident that this
    program is
    > making a big dent in the number of really vulnerable systems out there.
    >
    > Our goal is to severely reduce the number of infections on our network so
    that our
    > customers can have a consistent and hassle free experience on the net.
    I'd like to see
    > all ISPs adopt that stance.

    You know what I find highly ironic in all of this -- and I don't mean to
    pick on you or your ISP -- is that there is a single symptom, a common
    thread that ties together all of these problems you're attempting to combat.
    And that common thread is required or at least preferred by all of the major
    ISPs, and that is Windows desktops. In other words, ISPs everywhere are
    complicit in their own security and performance headaches.

    The bitter pill for the clueful is that those people that run a firewall
    appliance or build their own Linux/BSD firewall for their home network
    typically get no support from their ISP. (If you have Comcast cable like I
    do, you can't even register your cable modem without a Windows box. That
    was an unpleasant surprise when I moved recently.)

    It is not lost on me that this is all due to market forces beyond the
    control of even the largest ISPs. But I think we can all agree that this is
    and will continue to be the primary trade-off that those charged (saddled
    with?) network security must live with, at least in the short-term. Finding
    an effective way for ISPs to deal with this that doesn't drive customers
    away is certainly a noble goal, but I haven't seen a solution that has
    scaled well yet.

    At the same time, I don't want special treatment from my ISP (I mean, I
    *do*, but I don't want it institutionalized). I don't want the "secure
    people here, insecure people there" mentality from what is essentially a
    utility. Nothing personal, but the likelihood that an ISP will properly be
    able to correctly and continually analyze the security stance of anyone's
    home network is slim enough that I'd prefer not to pay more per month for
    them to try (and probably fail). I can barely do it myself, and I am one of
    2 users (that I know of) and I built it.

    > Sorry. Just realised this looks a whole lot like a sales pitch...

    That's what makes you a security "professional." :-)

    PaulM

    PS - Sorry for the Monday morning grouch.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Chris Blask: "Re: [fw-wiz] The home user problem returns"

    Relevant Pages

    • Re: [fw-wiz] The home user problem returns
      ... > ISPs have a completely different place in the security stack - your ... > job is to carry goodness and badness; ... I agree that the ISP's place in the security stack is different than ... The fact that ISPs are now seeing enough pressure (from customers, RBLs, ...
      (Firewall-Wizards)
    • Re: cheap alternative to plusnet
      ... reasons for making this statement. ... I have seen a number of low end ISPs recommended at various times. ... that offer phone calls and internet access, ... customers, without spending as much as these "big boys" on TV ads. ...
      (uk.telecom.broadband)
    • Re: OT: Charging by the Byte
      ... ISPs used to meter data use and were always losing customers to competitors offering "unlimited" packages. ... That same week, Comcast said that it would expand on a strategy it uses to manage Internet traffic: slowing down the connections of the heaviest users, so-called bandwidth hogs, at peak times. ...
      (alt.smokers.pipes)
    • Re: Way OT - comparison of ISP email size limits?
      ... about get their heads around sticking an attachment onto an email but FTP ... We ourselves got snagged with this when we moved ISPs to ... >> recommendations to customers. ... > not recommend running your own mail server with no limit. ...
      (microsoft.public.windows.server.sbs)
    • Re: Interesting Apache logs
      ... > port 80 inbound to residential customers, ... > appropriate ISPs. ... Who'll then send back an anodyne recorded statement saying they've ... FYI our network provider tried nearly 500 different ways to get our ...
      (comp.security.unix)