Frank Bulk wrote:
The Billy Goat product only seems to detect and notify nefarious activity, but it does nothing for the owned clients.
I want something that restricts my owned subscribers to downloading updates and tools while preventing them from spewing forth more spam and the like.
A Billy Goat will nicely quarantine the host that is infected, that is the whole goal of the system. What access is still allowed when the host is in that quarantine is of course a matter of policy. Allowing them to access things like Windows Update and providing at least a good virusscanner + SpyBot Search&Destroy etc is most likely a good thing to do for these situations. IMHO ISPs should per default simply feed port 25 outbound through their own SMTP relays. BUT always have a very easy way (eg a Control Panel behind a user/pass on a website) to disable this kind of filtering. This is what XS4all does and it seems to have a lot of effect but still allows anybody who doesn't 'want' this protection to use the Internet the way they want it, and not the way that is prescribed before them. Of course, when they disable the filter it becomes very easy when something does go wrong to laugh at them and not allow them to turn the filter off unless they pay a fine or something similar ;) For that matter, why don't ISPs start doing that: Introduce a fine. When somebody gets infected, and thus doesn't take good care of his/her/it's computer fine them. Let them pay say $25 to get fully back on the Internet and only allow a very slow rate of traffic in the mean time. Of course, the argument most likely goes then that they will swap ISPs, but they will quickly run out of those and of course ISPs don't want to lose clients over it, as the ignorant are the ones that provide the simple cash.
Mirage Networks is the closest to it, from my limited knowledge.
As mentioned, there are most very likely different products in this area which can resolve your problem. Also one can always run your own(tm). Greets, Jeroen