[LINK] Fwd: ISPs asked to censor malware-infected PCs

Wed Sep 16 14:23:57 AEST 2009

><http://www.itnews.com.au/News/155673,isps-asked-to-cut-off-malware-infected-pcs.aspx>http://www.itnews.com.au/News/155673,isps-asked-to-cut-off-malware-infected-pcs.aspx
>
>>By <http://www.itnews.com.au/Author/212686,ben-grubb.aspx>Ben Grubb
>>Sep 14, 2009 2:53 PM
>><http://www.itnews.com.au/Search/malware.aspx>
>>Voluntary code of conduct puts onus on service providers.
>>
>>The Internet Industry Association (IIA) has 
>><http://iia.net.au/index.php/section-blog/90-esecurity-code-for-isps/757-esecurity-code-to-protect-australians-online.html>drafted 
>>a new code of conduct that suggests Internet Service Providers 
>>(ISPs) contact, and in some cases disconnect, customers that have 
>>malware-infected computers.
>>
>>The drafted code, which will not be mandatory, suggested ISPs take 
>>a four-step approach to protecting customers.
>>    * Identification of compromised computers
>>    * Contact affected customer
>>    * Provision of information and advice to fix the compromised system; and
>>    * A reporting function for alerting about serious scale 
>> threats, such as those, that may threaten national security.
>>
>>"Once an ISP has detected a compromised computer or malicious 
>>activity on its network, it should take action to address the 
>>problem. ISPs should therefore attempt to identify the end user 
>>whose computer has been compromised, and contact them to educate 
>>them about the problem," the new code states.
>>
>>Chief regulatory officer of ISP iiNet, Steve Dalby, said he would 
>>adhere to the code if the process could be automated and 
>>development costs weren't prohibitive.
>>
>>"Potentially it's something that we would do. If there were some 
>>costs we might consider whether government funding was available, 
>>but again it's very hypothetical," Dalby said.
>>
>>IBRS analyst James Turner welcomed the move and said ISPs should be 
>>able to find a way to fund the initiative.
>>
>>"They'll find a way of commercialising it and making it, at the 
>>very least, cost neutral if not cost positive," he said.
>>
>>Turner said it was reasonable to expect a form of "quality control" 
>>for computers connected to the internet in a similar way cars need 
>>to be roadworthy.
>>
>>"The Government make laws and regulations about what you can drive 
>>on the roads. If you're in New South Wales, after your car gets 
>>over five years old ... you've got to take it over to the pits 
>>every year. A form of quality control for computers that are on the 
>>internet seems perfectly reasonable to me," said Turner.
>>
>>Communications Minister Senator Conroy has voiced his support for 
>>the new code. In May, he said the "code will provide a consistent 
>>approach for Australian ISPs to help inform, educate and protect 
>>their clients in relation to e-security issues."
>>
>>"It will contribute to the range of efforts being made by 
>>Government and industry to raise awareness of online security and 
>>to foster digital confidence," said Conroy at the time.
>>
>>However, an IIA spokesman said that if Stephen Conroy was serious 
>>about addressing eSecurity he would fund more education 
>>initiatives. Government initiatives, such as the once a year 
>>e-security campaign that told Australians to change their password, 
>>was not enough, he said.
>>
>>"The government has spent an awful lot of money on a single 
>>website," the spokesman told iTnews. "I think there's about two or 
>>three websites doing exactly the same thing and they all assume 
>>you've got to log on to the website. It's kind of like a web 1.0 
>>style approach," he said.
>>
>>Initiatives such as the recently announced Queensland Government 
>><http://www.itnews.com.au/News/150387,queensland-police-plans-wardriving-mission.aspx>war 
>>driving mission were praised by the spokesman.
>>
>>The code of conduct was initiated on 10 June when the IIA, in 
>>association with the Government, ISPs, security vendors and 
>>consumer representatives convened a meeting to explore the merits 
>>of a new voluntary eSecurity code.
>>
>>"The meeting agreed that A Draft Code Principles with 
>>representative from all stakeholders with a final version of the 
>>voluntary code envisaged by 1 December 2009," the IIA said.
>>
>>ISPs that adhere to the code would be able to display an IIA 
>>tortoise log on their website.
>>
>>
>>
>>Members of the public are asked to respond to the draft code by 
>>posting their comments and suggestions to 
>><mailto:securitycode at iia.net.au>securitycode at iia.net.au no later 
>>than Friday 30 October 2009.
>
>
>Melbourne, Victoria, Australia
>jwhit at janwhitaker.com
>blog: http://janwhitaker.com/jansblog/
>business: http://www.janwhitaker.com
>
>Our truest response to the irrationality of the world is to paint or 
>sing or write, for only in such response do we find truth.
>~Madeline L'Engle, writer
>
>_ __________________ _