Home » ISPreview UK News Archives »
EU Warns ISPs to Block Infected Customer PCs or Else..
By: MarkJ - 02 July, 2008 (10:04 AM)

The European Union (EU) is to consider a proposal that could force ISPs to block customers from accessing the Internet if it can be determined that their PC's are infected with malicious software (malware), such as SPAM spewing viruses and Trojans.

The proposal is just one of several being outlined in a new paper, 'Security Economics and European Policy' (.PDF format), which itself is a response to EU calls for ISPs to speed up the pace at which they share information and respond to government data requests:

We recommend that ENISA collect and publish data about the quantity of spam and other bad traffic emitted by European ISPs.

4: People who leave infected machines attached to the network, so that they can send spam, host phishing websites and distribute illegal content, are polluting the digital environment, and the options available are broadly similar to those with which governments fight environmental pollution (a tax on pollution, a cap-and-trade system, or private action). Rather than a heavyweight central scheme, we think that civil liability might be tried first, and suggest..

We recommend that the European Union introduce a statutory scale of damages against ISPs that do not respond promptly to requests for the removal of compromised machines, coupled with a right for users to have disconnected machines reconnected if they assume full liability.

5: A contentious political issue is liability for defective software. The software industry has historically disclaimed liability for defects, as did the motor industry for the first sixty years of its existence. There have been many calls for governments to make software vendors liable for the harm done by shoddy products and, as our civilisation comes to depend more and more on software, we will have to tackle the Ďculture of impunityí among software developers.

We take the pragmatic view that software liability is too large an issue to be dealt with in a single Directive, because of the large and growing variety of goods and services in which software plays a critical role. Our suggested strategy is that the Commission take a patient and staged approach. There are already some laws that impose liability regardless of contract terms (for example, for personal injury), and it seems prudent for the time being to leave standalone embedded products to be dealt with by regulations on safety, product liability and consumer rights. Networked systems, however, can cause harm to others, and the Commission should start to tackle this. A good starting point would be to require vendors to certify that their products are secure by default.

It's an understandable idea and some UK ISP's, such as the pre-Virgin Telewest, have in the past suspended customer accounts where they have been identified as being infected with junk e-mail propagating malware. However, being able to physically identify such users is not an exact science and the paper appears to make a generalisation without considering the technical feasibility.

Similarly the paper also appears to blame software developers for flaws in their code that could allow such abuse/attacks, which is a somewhat ridiculous notion since it is impossible to predict how applications might be abused or broken by hackers. Itís probably easier to invent an H.G.Wells style time machine.

Ultimately the most immediate responsibility must rest with the consumer, whom should make sure that adequate anti-virus, firewalls and or other related security measures are in operation on their computer. Just because you canít see an infection on your computer, doesnít mean to say there isnít one.

History - [News Archives]


Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy Policy, Links (.), Website Rules).