back to article IETF forges botnet clean-up standard

The IETF is developing a standard for how ISPs should go about cleaning up subscriber botnet infections. A draft standard from the net standards body covers techniques for identifying compromised machines, how to notify affected customers and what advice to give them on the best way to clean-up infections - a sometimes tricky …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Stop

    Not a standard and not IETF's position

    it says "Intended status: Informational" - means it's not a standard, or even a BCP ("Best current practices") recommendation - it's just a memo written up by some individuals. Just about anyone can get their blatherings published as an informational RFC.

  2. Anonymous Coward
    Unhappy

    Why is it so hard?

    If a client PC is known to be a drone, the ISP should just block it. The customer can then be told to get their act together when they complain they can't find out what Tiddles is up to on MyFaceTwit.

    If the ISP fails to block a known drone in a timely manner 9say, 24 hours) then that entire ISP should be blocked.

    As for costs...customer pays. It is 100% their responsibility to ensure they protect their PCs. If they don't know how to do that, then why are they on-line?

  3. Anonymous Coward
    Badgers

    'You have to shoot them in the head'

    As a paid up and proud member of the UKPP I'm fundamentally opposed to the authorities or ISP's invading our online privacy or trying to control our online behaviour, however, there are a few obvious and important exceptions... and this is one of them.

    IMO owners / users of zombified machines should be notified and then ringfenced if they do not respond fairly promptly, (i.e. their ISP should place them in a 'walled garden' with all traffic filtered and all non http ports blocked), until they clean up their act.

    As for cost, this should fall to the user as it's invariably their (or more likely their teenage children's) surfing habits that have lead to their system being enslaved.

    Of course there would be a cost to the ISP to implement such meassures, but this should at least be partially off-set by savings in bandwidth and administration related to huge loads of spam etc.

  4. Anonymous Coward
    Joke

    Back in my day...

    There was only one way to deal with zombies... you have to shoot them in the head.

  5. DrewHew
    Stop

    @AC 13:43 - Rubbish!!!

    It CANNOT be 100% the customer's fault if they are not responsible for the myriad vulnerabilities foisted upon them under the guise of 'complete' software which happen to be rife with bugs and potential attack points.

    Think before you speak.

    Software and OS developers need to be held to a higher standard - sadly they get away with putting anything out there as a finished product, or as we see in the Google age, everything is in constant BETA.

  6. Anonymous Coward
    Anonymous Coward

    @ AC 13.43

    .. very generous of you, cut off their net access despite that being about the only way they can get updated virus defs and patches to stop them getting immediately re-infected.

  7. Anonymous Coward
    Anonymous Coward

    @AC

    As for costs...customer pays. It is 100% their responsibility to ensure they protect their PCs. If they don't know how to do that, then why are they on-line?

    Some people legally operate cars and clearly they have no idea how to but that doesnt mean they should have to pay for the privilidge.

    What about people on shared networks, pepole plugging USB's drives in and getting infected without their knowledge.

    Should people pay again after Sony installed a rootkit? Or adobe users? You dont see them advertising that their crappy software has more holes than swiss cheese.

    No, the industry should tighten up their weak poorly coded crud and actually do some beta testing, and computers should have ALL autoupdates turned on and only be turned off when they (users) have proven they are competant in using AV/Anti malware software.

    And a panic button for the internet that users press when they are unsure of an error message like..

    "Warning hard drive fucker is about to trash your data, do you want this to happen, press YES for YES and NO for YES". Fortunately, i know how to use task manager to close the offending process, my parents dont and shouldn't have to pay for that lack of experience. A big "I DONT KNOW" button which forcibly closes the active window/program is a better idea.

  8. Anonymous Coward
    Anonymous Coward

    Who's fault?

    If people buy a car, or a TV, or a washing machine, they expect the manufacturer to provide a certain level of safety, and indeed products will be recalled and rectified if they don't meet them.

    So who should cough for the mess of insecurity which has blighted the online world...??

  9. Hugh_Pym

    Who pays?

    Give 'em some time to get it sorted, a week or so should do, them cut 'em off. It would make my life a lot easier. I'm sick of friends and relatives calling me when they reinfect their PC but somehow 'forget' to get decent anti-virus or stop their bad habits, Sod the lot of 'em.

  10. Usko Kyykka

    EULAs ...

    ...

    >So who should cough for the mess of insecurity which has blighted the online world...??

    Indeed. This would also seem to create an incentive (the only kind that commercial entities take seriously ?) for producing quality products in the first place. Come to think of it, this is one more reason to do something about EULAs by which (among other things) the manufactures (try to) weasel out of any responsibility. This would seem to need some reasonable precedents or specific legislation. I'd say we have been waiting for the former long enough ... ?

  11. Fazal Majid

    IETF should stick to technical standards, not policy

    Policy issues are a minefield, just witness all the posturing that goes on with ICANN.

    ISPs are between a rock and a hard place. They bear the costs of botnets (bandwidth, staff, beefed up resources in mail servers, customer support staff), but they have no control over the root cause of the problem and risk damaging their relationship with their customers when they break the bad news. The immunity OS vendors have been able to get away with is properly scandalous.

  12. william henderson 1

    re: who pays? by Hugj Pym

    how about the malware authors, they are the ones that make this shit happen.

  13. Robert Moore
    Flame

    @cornz 1

    > Some people legally operate cars and clearly they have no idea how to but that doesnt mean they should have to pay for the privilidge.

    Of course it does. My mother knows nothing about cars, and about once a year something goes wrong with her car. Guess what, she has to pay someone to fix it. So if something goes wrong with her computer why shouldn't she be forced to pay someone to fix it.

  14. Anonymous Coward
    FAIL

    IETF ?

    this is just a draft RFC with some interesting ideas put down for general discussion and comments - not an IETF standard or anything,

    its version 4 - so they [ the individuals who wrote this] obviously keen on getting something adopted by the internet community - but anyone is feel to write up their own local way of dealing with infected people and put it up for adoption by the net - thats the joy of RFC system :-)

  15. The Original Steve
    Go

    @DrewHew, @Usko Kyykka and @ AC 1500

    Take it none of you are developers..

    Cars break and have recalls, batteries explode and software has bugs. Fraid that's the way life is. Yes developers should focus quality, but at the same time users want a polished product at the lowest possible cost. Open source isn't perfect, bespoke has holes and closed-source also has bugs.

    The difference is that I wouldn't remove the "DO NOT REMOVE" sticker on part of my car just because a mate says so or because I can download pirate films. I take my car to get serviced on a regular basis and should a recall come up I would take up the offer ASAP.

    A lot of users don't really care about the concequences of installing free screensavers and smilies on their IM client as there is rarely any impact on them - the same cannot be said about the car example. (It's worth more than £400, I need it for my job and I can kill someone/myself if it's not well looked after.)

    By introducing internet restricitions at the ISP level, such as blocking all outbound ports other than port 80 and 443, COMBINED with OEM's providing a PAPER guide to things such as setting up admin rights only to the parent (users for the rest), where to get an AV and how to check it's updated and in big letters warning admins NOT to install anything that's not trusted.

    Otherwise, keep the education bit from OEM's AND ISP's but by default consumer internet packages should only allow ports 80 and 443 outbound to be opened. Anything else can be done via a control panel online.

    With the above restrictions by ISP's, education by OEM's and ISP's plus the security improvements in Windows Vista and Windows 7 I reckon Internet hygiene in general will improve a fair amount.

    I thank you.

  16. Goat Jam
    Big Brother

    Lots of people simply don't care

    More than once I've advised someone that their PC is infected and appears to be part of a botnet and it's amazing how often their response is to shrug and reply "oh well, it seems to still work ok though"

    Those people should be barred from the internet.

  17. Mothballs
    Welcome

    Licensed To Kill

    In the real world, before anyone's allowed to drive a car they must take a competence test in order to acquire a licence. Then, if they screw up, the licence attracts penalty points until it's eventually taken away and they're prevented from driving for a while.

    So why not send first-time computer users and their thumbprints off to web-wisdom school?

    An ISP should then be required to see a user's licence before letting them loose on the web. Consequently, if the user gets a dose and doesn't clean up their act, they should be issued a warning and some idiot points - too many points and they lose their connection. In that way the dangerously stupid can be prevented from arsing things up for their peers.

    Call me a control freak, but I've suddenly gone all Biometric. Let's not put the government in charge of such a scheme though, eh?

  18. Usko Kyykka

    @The Original Steve

    > Take it none of you are developers..

    I've been working as a software engineer since the late 1980s :-)

    (Consequently :-) I don't think the problem typically lies with the actual developers (software engineers). Rather I'd say it is a management problem, more precisely a priority question where the issue of software quality is nowhere near the top of the list of important issues. This is where product liability and the resulting incentive come in. (Then again, even defining "software quality" in a practically relevant (measureable) way is a tricky issue ;-)

  19. SImon Hobson Bronze badge

    What - I have to fill this in ?

    I'm with those calling for ISPs to be responsible, and that the end user is responsible for the costs.

    Taking the car analogy again - as someone points out, if you don't know how to maintain your car, you take it to someone who does and pay them to do it. The reason we have an MoT test is (again as someone points out) too many people just don't care - without the test too many people will just drive around in a car that's getting worse and worse until it won't go any more. Take a damaged car out on the road and sooner or later a copper will spot you and stop you - so why is it seen as so bad for your ISP to see you have a 'dangerous' PC and force you to take it off the internet highway.

    A while ago I started getting blocked malware messages from a relative the other side of the world - it took some time to persuade here that she had a problem, and even longer for her to fix it.

  20. TeeCee Gold badge
    Happy

    @The Original Steve

    I'd be quite happy to pull the "DO NOT REMOVE" stickers off my car. I've never seen any in all my years of fiddling with automotive componentry though. In my experience it's the computers that tend to come with warranty invalidating stickers containing threats of doom liberally applied to all the important bits.

    Incidently, you should save yourself some cash and give it a go. Cars are easier and more therapeutic to fix/service yourself than computers. For a start, many of the important bits won't break if you get pissed off and wallop them with a hammer....

  21. Alan Brown 1

    The "don't cares"

    Should be prosecuted.

    Once warned that they're part of a botnet they're liable for damages if they don't take steps to fix the machine - or at the very least any liability cover they may have is voided.

    Seriously though: The problem will pretty much solve itself if infected users face the full costs they end up inflicting on the outside world - contractual penalties in ISP agreements would be a good starting point.

This topic is closed for new posts.

Other stories you might like