On Sat, 17 Feb 2007, Petri Helenius wrote:
After all these years, I'm still surprised a consortium of ISP's haven't figured out a way to do something a-la Packet Fence for their clients where - whenever an infected machine is detected after logging in, that machine is thrown into say a VLAN with instructions on how to clean their machines before they're allowed to go further and stay online. This has been commercially available for quite some time so it would be only up to the providers to implement it.
Public ISPs have been testing these types of systems for over 5 years. What sorts of differences can you think of that would explain why public ISPs have found them not very effective? Public ISPs have been using walled gardens for a long time for user registration and collecting credit card information. So they know how to implement walled gardens. But what happens when public ISPs use it for infected machines?