On Sat, 12 Jun 2004, Paul Vixie wrote:
Send me your root passwords. Trust me.
you should offer this service. most of us would urge our parents' generation to sign up for it. (i hope you weren't joking.)
As you keep pointing out, a problem with current Internet security is its "opt-in" nature. Why should Paul be allowed to walk around the security checks, but Paul's grandmother needs to be searched? Both Paul and Paul's grandmother needs to go through security. Allowing some people to opt-out would defeat the very thing you are trying to achieve. Most major ISPs offer a variety of Internet security products, if the user signs up for them, pays for them, installs them and uses them. AOL charges about $14/month, Earthlink charges about $6/month, MSN charges about $8/month, SBC charges about $5/month, Bellsouth charges about $7/month, etc. For a while, some broadband providers were even offering a $99 rebate when people bought a hardware nat/firewall device. Why don't more people take advantage of the security that is already available? Some people pay hundreds of dollars every month for bottled water, and filters on their faucets because they aren't satisfied with the quality of the water delivered by the local water company. If we give some people an option to opt-out, most grandmothers will probably follow Paul's example and save the few bucks every month and not use the security features. Should ISPs charge for security like the Universial Service Fund fee on your telephone bill, everyone (not just grandmothers) has to pay it. The FCC (or your national equivalent) would sets the rate every quarter, and it appears on everyone's ISP bill. You have to pay it, even if you already have other security.