IET Calls on UK ISPs to Restrict Internet Access of Virus Infected Computers

The Institution of Engineering and Technology (IEF) has called on broadband ISPs in the United Kingdom to help tackle malware (malicious software and viruses) by, for example, restricting Internet access to infected computers and devices (e.g. PCs, Tablets etc.).

According to the IET’s resident security expert, Hugh Boyes, a more “joined-up approach” of law enforcement working with the ISPs to reduce the number of infected computers would benefit everyone. But should we really go so far as to restrict a customer’s Internet access, especially without first considering what their circumstances might be? The IET thinks so.

Hugh Boyes told ISPreview.co.uk:

“Based on the latest statements from the National Crime Agency it would appear that their campaign to encourage computer users to scan for and remove GoZeus and CryptoLocker infections has been only partially successful.

The IET believes that more could be done to tackle existing infections. Internet Service Providers (ISPs), for example, could restrict internet access to infected machines or Internet Protocol addresses by redirecting users to a page with information on infection removal. They could also provide telephone technical support to customers to help them to remove the malware.”

Perhaps the campaign to encourage computer users to scan for and remove GoZeus and CryptoLocker was only “partially successful” (we’ll have to see what happens after the imminent deadline first) because the threat posed to the wider public was massively over-hyped by the media and those reports rarely included mention of how to identify and tackle the threat (installing the free Malwarebytes is one option).

Indeed according to the National Crime Agency, GOZeus alone is allegedly installed on over 15,500 computers across the UK, which in the grander scheme of things isn’t even a blip on the national scale of malware infections. Meanwhile when security reports surfaced earlier this year that hundreds of thousands of home broadband routers had suffered a DNS hijack very few in the mainstream media reported it. Funny old world.

Otherwise Boyes comments appear to mirror what the vice president of online security firm Trend Micro, Rik Ferguson, said earlier this month (here). But should ISPs be restricting Internet access to help customers who clearly aren’t able to do it themselves? Admittedly we like the idea of ISPs being more pro-active in this area and indeed some will already work to identify abuse activity on their networks and inform their customers.

However there are also some big risks, not least with the fact that many connections are now shared between multiple devices and users (e.g. office or family home). As a result it would be tricky to identify precisely which computer/device is infected and incredibly difficult to isolate that without affecting the service for everybody else, which could have all sorts of unintended consequences, or raising serious questions over the potential for an invasion of privacy and conflicts with other laws or freedoms.

Restrictions might also make it harder for the end-user to find a solution, especially if they have a clean system/device nearby. On the other hand a nag screen that calls on the customer to check their computer and provides useful data on the identified infection might not be a bad idea, although ISPs could perhaps do this for some but not all malware (some attack traffic leaves an obvious trace but others are more covert) and it would require money to develop.

Ultimately issues like this are matter of individual customer responsibility and the best defence is to ensure that all of your key software, anti-virus clients, firewalls and web browsers are kept up-to-date. A bit of common sense when using the Internet can also go a long way, such as never clicking an email attachment or link unless you’re 100% sure it’s legitimate (phishing attacks try to look like the real-deal).