Re: mitigating botnet C&Cs has become useless

[Danny McPherson <danny () tcb net>]

On Aug 9, 2006, at 4:04 AM, Arjan Hulsebos wrote:

> Maybe so, but that argument doesn't buy me more helpdesk folks. The
> same holds true for the  bandwidth argument, especially now that
> bandwidth is dirt cheap.
>
> On the other hand, it shouldn't be too difficult to come up with a
> walled garden profile for subs that have infected PCs, basically
> allowing only access to a filtering proxy, so these subs can download
> their patches and antivirus updates through it.

In addition to "they still need to be able to download patches and
attempt to fix their system" you may not be able to shut off all  
services
for the subscriber regardless - e.g., they've got voice services and
you're killing their emergency dialing capabilities?

As importantly, broadband SPs are trying to move to triple (quad)
play services, how tolerant do you think your average subscriber is
to losing cable television services because their kid downloaded some
malware?

Minimizing subscriber churn and targeting profitable services are  
critical,
most of these solutions today only make the problem worse - when
something breaks with vanilla Internet access the first person the
subscriber calls is the SP, and the resources cost for fielding those  
calls
exceeds even that of the amortized capital costs for the service -  
tearing
deeper into losses.

I half believe that Net Neutrality itself wouldn't be an issue if  
operators
were able to run profitable businesses in broadband service markets.
Adding security to the mix only compounds the problem.

-danny