On Jun 28, 2004, at 6:24 PM, Iljitsch van Beijnum wrote:
On 28-jun-04, at 18:47, Paul Vixie wrote:
the root cause of network abuse is humans and human behaviour, not hardware or software or corporations or corporate behaviour. if most people weren't sheep-like, they would pay some attention to the results of their actions and inactions.
It's easy to blame the user, and usually they deserve it, even if they're innocent this time they're guilty of something else. But if software is created in such a way that regular users manage to screw up consistently, maybe the software can be improved rather than the user chastised?
Software definitely needs to improve. However, if you mailed out an attachment with the subject "this is a virus, do not click on it", encrypted it and put the password in the body, the virus would still spread like wildfire. Never underestimate the power of human stupidity. Which is why blacklists that depend on the ISP to continually train "lusers" or risk disconnectivity for non-stupid users may not be the right approach. People who run such ISPs CANNOT train all lusers all the time. And the alternative is to not have end-user ISPs (i.e. not an option). Or maybe that is the way to go. I really don't know at this point. But I do know if I were still running an ISP, I would instantly filter any user / host / netblock proven to be infected / C&C / phishing site / etc. And I would not subscribe to any blacklist which had entries for non "bad" IPs. As I Am Not An ISP, I can only vote with my dollars. Your network, your decision. My dollars, my decision. And I buy a lot of bandwidth.... :) -- TTFN, patrick