On Mon, 19 Apr 2004, Jeff Shultz, WIllamette Valley Internet wrote:
** Reply to message from Drew Weaver <drew.weaver@thenap.com> on Mon, 19 Apr 2004 13:42:53 -0400
However, awhile ago we tried an idea of sending out E-Mail alerts to our customers whenever a critical update of "Remote execution" or worse was released. We found that most of our users were annoyed by this, a different time we used a network sniffing tool to find a few dozen handfuls of your average home Dial-Up users who were infected with various malicious agents (I.e. Nimda, et cetera) and we actually contacted those users, to let them know and again we were met with more hostility. You definitely don't have our customers then. Our usually appreciate being told that their systems are screwed up.
He's right. Most customers get defensive/hostile when you tell them there's something wrong with their system. However I've encountered the same attitude with many NOCs when informing them they have open relays / smurf amps / owned servers. First they deny it - "you must be mistaken", then get defensive "what business is it of yours anyway?" or hostile "you can't possibly know that without having broken into our network, I'm calling the police" (yeah right, I need to break into your network in order to be smurfed by your broken routers.) So this isnt unique to end users. It seems most people would rather discover problems themselves, and go into a sort of panic mode when informed by a third party. Many (including NOCs) aren't emotionally prepared to handle anything beyond "hit ctrl-alt-del". I'm still looking for a good way to gently inform end users/nocs of problems without having them fly off the handle. -Dan