Oz gubmnt to disconnect zombie PC´s

[Argos]

How do you feel about it?

[Gillianren]

Huh.

Well, my immediate thought is, with new technology comes new crimes. My second thought is, I can be locked up for posing a danger to myself or others, so why not my computer?

Then again, the messed-up computer is now sitting in the hallway, waiting to be hauled off so it can be made all better. If it was doing horrible things on its own, it is now being punished. (Bad computer! No electricity!)

[Swift]

My serious answer is good for the Australian government. I hope they nail every one of these spammers.

My funny answer is imagining Mad Max killing all these un-dead computers. How does one kill a zombie computer; maybe you drive a stake through its CPU?

[LurchGS]

I would tend to agree, it's a cool thing. Too bad it's OZ and not China, Korea, or the US (the top 3 spam-launching sites). However, mayhap, if OZ shows it WORKS, the US of A might do something about it. I know we do now, for copyright violations. If a copy of Star Wars is found on a computer, being shared, the PC Owner's ISP is notified;. The ISP then notifies the customer - who can either rebut the initial claim, remove the offending file(s), or lose his connection.

Of course, I have no idea how prevalent zombies are here.. I wonder if it's not unlikely that most o' the spammers here are deliberate.

------------

Spam? but is it Kosher?

[GDwarf]

Zombies are fairly common, as sending individual e-mails by yourself, even if you have a program doing it, is rather slow. I love the idea, in fact, I think it should be adopted everywhere.

[LurchGS]

I think we're looking at different things...

bulk mailers as opposed to zombies.
If I'm sending out legitimate e-mail, I have absolutely no need to commandeer my neighbor's pc. Instead, I can use some application to automatically generate/send e-mail to everybody on my list.

Zombies, on the other hand, take over Joe Oblivious' computer to send out e-mail to HIS address book... and so on.

Ergo, big difference

------

[GDwarf]

I think we're looking at different things...

bulk mailers as opposed to zombies.
If I'm sending out legitimate e-mail, I have absolutely no need to commandeer my neighbor's pc. Instead, I can use some application to automatically generate/send e-mail to everybody on my list.

Zombies, on the other hand, take over Joe Oblivious' computer to send out e-mail to HIS address book... and so on.

Ergo, big difference

------

Replace 'individual e-mails' with 'individual spam e-mails', and I think my post will make much more sense.

[Argos]

I see everybody likes the idea. I personally think it´s an act of force with implications to individual freedom. They should work to pinpoint the original evil-doers instead.

[Gillianren]

Disconnect 'em and get 'em fixed, that's what I say. Sure, track evil-doers, too, but fixing the computer's an important step.

[Candy]

I personally think it´s an act of force with implications to individual freedom. They should work to pinpoint the original evil-doers instead.

The five ISPs signed up for the trial are Telstra BigPond, OptusNet, Westnet, Pacific Internet and West Australian Networks. Each will regularly receive a list of IP addresses that identify computers on their network demonstrating zombie-like behaviour. The ISPs will then be responsible for contacting their customers and helping them disinfect their computers.

According to a statement from the ACMA, if the owner of a computer contacted by an ISP is unwilling or unable to disinfect that machine, the ISP could remove its connection to the Internet: "if the computer remains a threat to other Internet users, the ISPs may take steps under their acceptable use policy to disconnect the computer until the problem is resolved".

Isn't that what they are attempting to do, Argos, or am I reading the article incorrectly?

[Van Rijn]

Well, the zombie PC owners are usually victims, not the ones who created the attacks. But I don't see a problem - this is a reasonable way to limit infection.

[Argos]

Isn't that what they are attempting to do, Argos, or am I reading the article incorrectly?

Yeah, maybe I´m over-sensitive regarding this. I frown to the mention of the "g" word.

[Jakenorrish]

As always, ignorance leads to a lot of this. If people knew how to use their PC properly, then they'd be able to ensure they had the right tools to prevent their PC being one of the undead.

People shouldn't expect to just be able to buy a PC and safely order stuff from the net without first understanding the mechanics. After all you know when you've got a flat tyre on your car, why should your computer be any different?

[GDwarf]

As always, ignorance leads to a lot of this. If people knew how to use their PC properly, then they'd be able to ensure they had the right tools to prevent their PC being one of the undead.

People shouldn't expect to just be able to buy a PC and safely order stuff from the net without first understanding the mechanics. After all you know when you've got a flat tyre on your car, why should your computer be any different?

I agree, as soon as a person connects to the internet they should know that they have essentially opened the door to anyone who wants to get into their computer, they need to buy locks and burgler alarms. Many people don't, and are simply content to browse while holding up a giant sign that says 'exploit my ignorance please'.

[Doodler]

Sounds reasonable, all they're doing is tapping your IP, contacting your ISP and saying, "Hey Mate, this bloke's infested, can ya ring him up and help him out?" (sorry, couldn't resist)

Its not like they're proactively doing anything to your connection or rifling through your files, just informing the victim that they've been jacked.

Yeah, your data on your machine is your business, once it LEAVES your machine, then it becomes the gummint's problem. You've got your right to privacy (which will be a HUGE issue if this system is exported to the States), but you don't have the right to be a knowing, but unwitting, partner in a zombie network.

[Argos]

It is reasonable if the computer has a single user. What if the machine is shared in a poor household? Who´s to blame? The kids are going to be deprived of their Interent content because daddy´s made a mistake? What if the user does not have the means (both material and intellectual) to fix the problem [Sticks has just paid 45 pounds to get his machine cleaned of adware - that´s a lot of money in many places]? This kind of measure is typical of the authoritarian tendencies we are witnessing these days. I don´t hear anybody talking bout educating the users (or going after the masterminds first]. That woudl be a first step.

I think society has already the tools to deal with those problems. My computer has harmed yours? Find me and sue me.

[Jakenorrish]

You don't have to pay all that money for Ad removing Spy removing or Anti Virus software, there's plenty of freeware out there which is more than capable of doing the job. You don't get in a car on your own without learning to drive, the same is true of the modern PC. If you don't know how to use one, take some advice first.

First bit of advice? Your computer is open to exploitation by nasty people.

[Doodler]

I'm thinking your average modestly responsible ISP that wants to keep paying customers on the rolls would take a few steps to offer some help in cleaning up the mess.

I can understand the Aussie goverment ordering the ISP to cut off access till the problem is fixed, but down computers = lost revenue, its in their best interest to proactively help.

[GDwarf]

It is reasonable if the computer has a single user. What if the machine is shared in a poor household? Who´s to blame? The kids are going to be deprived of their Interent content because daddy´s made a mistake? What if the user does not have the means (both material and intellectual) to fix the problem [Sticks has just paid 45 pounds to get his machine cleaned of adware - that´s a lot of money in many places]? This kind of measure is typical of the authoritarian tendencies we are witnessing these days. I don´t hear anybody talking bout educating the users (or going after the masterminds first]. That would be a first step.

I think society has already the tools to deal with those problems. My computer has harmed yours? Find me and sue me.

Mr. Jones buys a house. It's his first house so he doesn't know much about it. The doors come with locks (most home PCs now come with Firewall/Anti-virus software installed on them) but, not ever having had a house before, he doesn't bother to lock them. Some crooks realise this and proceed to use his house to manufacture firearms without him knowing about it. The police come along and close down the firearms factory in his house, to do so, unfortunately, they have to force all his doors and windows closed. Now, are you really going to say that the police should've simply not done anything and allowed the criminals to continue making firearms in Mr. Jones's house?

The above scenario is almost identical to the whole zombie computer thing, people are given protection, but don't use it, people exploit it and use their PC to annoy or even damage other people's, it hardly seems unfair to take them offline until they get it fixed, after all, it's not like they won't be able to use their PC, they just can't connect to the internet with it.

As for the 'sue me' line, that's silly, you might as well claim that there is no need for police, as anyone can simply sue criminals, so no arrests are needed. People who make zombie PCs are criminals, no matter how you look at it.

Finally, it is very hard to track down most of the people creating these zombie PCs, it's like trying to fight the common cold, you'll never get rid of it, but you can at least treat the symptoms.

[Argos]

Comparing computers with houses, cars, is not appropriate at all, sorry.

[LurchGS]

Edumacation is the big thing - but if you make refusing to clean up an infected computer cost something, things will improve rapidly.

Personally, as owner of an ISP, I am NOT all that interested in walking people through cleaning their systems. I don't have the time nor the staff to do it, especially when the instructions and tools are readily available on the internet (you'll find that most ISPs - from AOL on down, will only point you at the avaialble tools)

[GDwarf]

Comparing computers with houses, cars, is not appropriate at all, sorry.

How is it not appropriate? Zombie PCs work exactly like someone manufacturing firearms in your house, they give spammers/hackers weapons. Besides, being deprived of the internet until you can fix a problem that annoys/damages others that is on your computer due to your lack of caution doesn't seem that bad, I mean, it's just the Internet, and really, you've caused most of the damage yourself by simply not using a firewall/virus scanner.

I'll try another example then, a radio transmitter.
You recently bought a radio transmitter, set it up, etc. And are having a great time talking to other people with it. You keep it in a shed in your backyard, that has a door but no lock. One day someone walks into the shed and switches a few key components in your radio, now it sends out an incredibly powerful signal that causes all other radios in receiving range to be unable to transmit or receive anything but static. should you not, then, be forced to turn off your radio until the problem is fixed?

[Argos]

Straight to the point: will these measures solve the problem of Internet vandalism/crime? NO, most likely. It will only bring another headache to the day-to-day of the common citizen.

Cars, houses, radios are subjected to strict government regulation. If you want your analogy to be exact then you must concede that computer operation should be subjected to the same levels of control. How about a diploma of Certified Internet Navigator? That´s the limit of this whole idea.

[GDwarf]

Straight to the point: will these measures solve the problem of Internet vandalism/crime? NO, most likely. It will only bring another headache to the day-to-day of the common citizen.

True, it won't stop internet crime, but it will greatly reduce spam and various types of hacking. Thus greatly reducing the headache to the day-to-day common citizen.
Again, these people who are being taken offline, although not the source of the problem, are an extreme problem. Without them the amount of spam plummets, Ping-flooding attacks cease, etc. Please tell me how it's at all OK to allow those things to continue just so that people who left themselves open to being exploited aren't mildly inconvenienced. It's not like they'll be kicked offline forever, just until they get the problem fixed.

[Argos]

If you are going to demand such a level of responsibility in dealing with a computer, ít follows that those folks have to be officially certified somehow, like a car driver.

Right, they´re not going to be expelled off the Internet. They´ll be allowed back in a couple of days, after they have spent 50 bucks for a repair. I´ve seen statistics indicating that ~ 80% of computers are infected. Can you imagine the level of difficulty to implement such measures? Do you really think crackers and vandals can be stopped?

And why is the burden put on the citizen? Why not to disconnect the ISP´s instead? That would be more effective, IMO.

[GDwarf]

If you are going to demand such a level of responsibility in dealing with a computer, ít follows that those folks have to be officially certified somehow, like a car driver.

Right, they´re not going to be expelled off the Internet. They´ll be allowed back in a couple of days, after they have spent 50 bucks for a repair. I´ve seen statistics indicating that ~ 80% of computers are infected. Can you imagine the level of difficulty to implement such measures? Do you really think crackers and vandals can be stopped?

And why are the burden on the citizen? Why not to disconnect the ISP´s instead? That would be more effective, IMO.

It's hardly a huge level of responsibility to ask people to put up a firewall (even Windows firewall) and run a virus scan once a week. saying that people need to be certified to do that is akin to saying that you need a license to lock your door and clean your house, if you do neither bad things can happen to you, after all.

As for taking the ISPs offline, it's not their fault, they tend to follow security procedures, and it would inconvenience a heck of a lot more people that way, people who had done nothing wrong and had nothing on their computer.

Again, Of course it won't stop all internet crime or vandalism, but it will severely limit several types, just because a police force won't stop all crime doesn't mean you shouldn't have one.

Finally, it should cost these people very little to repair this problem, it's not like their computer won't work, that would defeat the whole purpose of making their PC a zombie, sure, they might have to go out and buy a security suite, which does cost money, but that will protect them from all sorts of nasties that otherwise would probably destroy components of their computer, making them have to spend much, much more. Better they get a warning on something that, to them, is so trivial so that they will be prepared to prevent something much worse from attacking their PCs.

[Argos]

It's hardly a huge level of responsibility to ask people to put up a firewall (even Windows firewall) and run a virus scan once a week. saying that people need to be certified to do that is akin to saying that you need a license to lock your door and clean your house, if you do neither bad things can happen to you, after all.

I´m free to leave my house open and dirty, but I got to have an authorization to build my house. Should we get an authorization to set up computers, registering serial numbers, declaring which programs are run on it? And getting a navigator´s license thereafter?

As for taking the ISPs offline, it's not their fault, they tend to follow security procedures, and it would inconvenience a heck of a lot more people that way, people who had done nothing wrong and had nothing on their computer.

My ISP charges for anti-spam protection. This means that they can easily track spams. Malware passes through their servers prior to finding the way into my machine. It´s up to them to take care of these affairs. And It´s not guaranteed that they follow strict security procedures. I´ve seen very inapt ISP´s.

Finally, it should cost these people very little to repair this problem, it's not like their computer won't work, that would defeat the whole purpose of making their PC a zombie, sure, they might have to go out and buy a security suite, which does cost money, but that will protect them from all sorts of nasties that otherwise would probably destroy components of their computer, making them have to spend much, much more. Better they get a warning on something that, to them, is so trivial so that they will be prepared to prevent something much worse from attacking their PCs.

The costs are significant, mainly if you are going to be penalized for your computer faults. Many families will have to hire permanent repair services (like the preemptive cleaning service my ISP offers). I can see a big industry in the making.

[sidmel]

I have to agree with GDwarf. It’s a mater of social responsibility that people take responsibility for their actions, in this case monitoring their computers and taking proactive and reasonable measures to protect themselves from virus and/or remove any that have been found. With the amount of media coverage regarding the danger of viruses and the fact that most ISPs, not to mention OSs provide antivirus software and/or firewalls, a computer user really has little excuse not to at least attempt self monitoring.

Another point, it’s a historical precedent that if an industry or group of individuals can’t self monitor their actions, the government tends to step in and provide regulation standards, not to gain more control, but in the interest of protecting other people and property. The annual costs to businesses and people in order to fix the damage caused by viruses is growing at an astounding rate, this regulation is an attempt to stem that tide and I personally believe is a step in a positive direction. The argument that other industries are already heavily regulated, seems to me, is a null point.

[GDwarf]

I´m free to leave my house open and dirty, but I got to have an authorization to build my house. Should we get an authorization to set up computers, registering serial numbers, declaring which programs are run on it? And getting a navigator´s license thereafter?

You've said it yourself, comparing it to a house is not a perfect analogy, but all the same, ALL THESE PEOPLE HAVE TO DO IS PUT UP A FIREWALL AND RUN A VIRUS SCAN ONCE A MONTH. Most computers sold in stores come with firewalls and anti-virus software installed on them, it is incredibly hard to be on the internet for even a week nd not know that you really should have a firewall and virus scanner, so the people have no-one to blame but themselves (And, of course, the person who sent them the virus, but had they run the software, he wouldn't be able to.)

My ISP charges for anti-spam protection. This means that they can easily track spams. Malware passes through their servers prior to finding the way into my machine. It´s up to them to take care of these affairs. And It´s not guaranteed that they follow strict security procedures.

Very well then, I'll also be sure to tell the police that they must monitor every car that passes them on the freeway to make sure that none of them have criminals. To search every incoming packet that the ISP gets would take an extremely long time, imaging having to run your virus scanner on every file you downloaded from the internet (that includes stuff on webpages, so all the images, the text, any animations etc.) that is what you claim every ISP should do, it's silly.

The costs are significant

A security suite, costs, at most, $100 CND, sure, that's not chicken feed, but it's probably far less then what you paid for your computer, and again, most computers now come with firewalls and virus scanner on them, meaning that there is no cost at all.

mainly if you are going to be penalized for your computer faults. Many families will have to hire permanent repair services (like the preemptive cleaning service my ISP offers).

I must admit, this line confuses me. Do you mean that they'd have to hire someone to run virus scans on their computer? Or to put up a firewall? As that is ALL YOU NEED TO STOP YOUR PC FROM BECOMING A ZOMBIE.

[Argos]

Govermnments must go after the ISP´s.

Nobody can keep up with Internet vandals. You know that AV software is prone to failure. You are talking bout a perfect world. I´m talking about reality.

Down here people are pretty dumb using computers (I think this holds true for the entire planet). They need a technician every month (or more) at home to fix malware damages. They pay 50 bucks an hour for that. Oh, most of them got AV up and running. The problem is that these wonderful pieces of software are failable. If this penalizing fashion spreads out (fortunately, no chance of being adopted here) they will need, as I said, permanent assistance.

Do you want people to be responsible? Regulation is the way to go. Demand that people register their machines and get a licence. This will ensure they are educated enough to navigate the Internet.

Look more deeply into this question, and you will find that things are not that simple.