The theory of software expiration is no more ridiculous than the theory of ISPs single-handedly securing their own networks. Time and time again, backlogs of infected machines on the networks of home and small business ISPs are showing the incompetence of these ISPs in understanding security, or their lack of motivation to remove insecure customers.

The bottom line in this story remains that ISPs are motivated by profit: cutting off service eliminates profit. Users should make a software purchase like they make any other purchase in life; expect to either maintain their purchased items, or be forced to replace them completely later on due to their own negligence.

This is one time where Mullen hits the nail right on the head. I have never had sympathy for users of outdated software, but the realization is becoming more serious. These users are costing actual customers money. It is time for this to stop. Plain and simple.

Perimeter security is unfortunately a largely outdated concept. Individual systems must be secured before an ISP network can be considered anywhere close to safe. Perimeters are a first line of defense, but not the only needed step.

Security must be taken to the individual user for success to be even a plausible thought, let alone an actual event. If this means automatically booting idiots who refuse to upgrade, so be it. At the point where a user simply refuses to follow a sane upgrade path, they are just as much a part of the threat to the internet as the attackers themselves.

Nice Article, Tim

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/217/24876#24876