On Saturday 12 May 2007 04:35, Fergie wrote:
Suresh is right -- if you don't think CPE compromises are an operational problem, then I'm not sure what is. :-)
[changing gears]
I'll even go a step further, and say that if ISPs keep punting on the whole botnet issue, and continue to think of themselves as 'common carriers' in some sense -- and continue to disengage on the issue -- then you may eventually forced to address those issues at some point in the not-so-distant future.
I understand the financial disincentives, etc., but if the problem continues to grow and fester, and consumer (and financial institutions) losses grow larger, things may take a really ugly turn.
$.02,
- ferg
I totally agree - the issue keeps getting delayed and nobody is adressing it like it should be, People keep talking about the issue but it NEVER gets solved. Here's my own two cents: Most end-users don't know and probably, don't care about what they subject their systems to, therefore, systems get infected constantly. There will be no resolution of these bandwidth-wasting botnets unless something is done about the end-users who don't know/care about what they're doing, Most end users just "want things to work" without knowing and probably without wanting to know what actually is going on "behind the screnes". Furthermore, as I posted on another list, Users depend too heavily on their "security software" and think if they have a firewall and antivirus, that they can do anything and won't be infected, But as we all (I hope) know, that's not true. It's true ISPs should be held in higher responsibility to security issues such as botnets, but the end-users who end up with bots/trojans on their systems should also be held accounable. Perhaps if users get the weight on their sholders of keeping clean, they will instead of how it currently is where the issue seems to get only talked about but really no collective enforcement anything as I stated earlier. And it's not just users and ISPs that should be dealing with this issue, Datacenters should as well, I can't count how many servers I've seen infected and being used in botnets. I say kudos to those who already combat botnets on their networks, However, To those who do nothing at the moment: I say it's time to start. Oh, one more thing to the first reply to this thread calling this a non-operational issue, Gadi's in the right here: It IS an operational issue that's getting reposted because it's NOT getting solved.