On Sat, 12 Jun 2004, John Curran wrote:
One could imagine changing the paradigm (never easy) so that the normal Internet service was proxied for common applications and NAT'ed for everything else... This wouldn't eliminate all the problems, but would dramatically cut down the incident rate.
In the BBS days, how did most viruses get on computers? Have things really changed that much? Take a look how computers are being compromised. Its amazing just how many compromised computers have NAT, firewalls, proxies, etc. 1) pre-infected, i.e. already compromised before connecting to your network (laptops are dangerous) 2) self-infected, i.e. compromised because the user installed the software containing the virus 3) network-infected, i.e. compromised solely by being connected without any action by the user Some broadband providers have been selling service that includes a NAT/firewall on the connection for several years. What is the difference in infection rate of those users? Is it just wishfull thinking by some people that NAT/firewalls/proxies will solve the problem? Or do they have hard data to back them up? Preventing users from compromising their computers is a lot like preventing users from accessing porn or music. Basically anything the user wants could be potentially harmful, and the miscreants know that. So how do you make sure users can only access "safe" content?