I have ADSL from Zen Internet in the UK. While their website does have some advice on locking down machines, using virus checkers and so on the big problem I've encountered isn't that people don't "take advantage of it" - it's that they don't even *know* it is there.

Zen has contact addresses for every user - at least everyone gets a zen email address anyway. But how often have they sent out warnings to all subscribers, with links to the relevant information? To the best of my knowledge, they never have. Even at the height of Blaster, not a single global warning. People have to actually go and look at the support site, which is like asking water to run uphill most of the time. Maybe it is simply a case of their tech support team knowing how much their workload would increase if they actively encouraged subscribers to check their systems....

Demon, my previous ISP, used to run open relay checks on subscribers to reduce spam coming from the network. Surely an ADSL ISP could set up scripts to automatically check subscriber machines for known exploits, open machines or open proxies and relays and then notify the owner automatically, with instructions, and raising an abuse note if the problem isn't delt with?

Yes, it wouldn't solve the problem, but it would be a step to increasing user awareness of the need for security and it coould reduce the number of compromised machines out there (hey, I can hope..)

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/193/23378#23378