RE: The home user problem returns

["Paul Melson" <pmelson () gmail com>]

-----Original Message-----
Subject: Re: [fw-wiz] The home user problem returns

> I see my job as trying to provide as consistent and unencumbered an
experience as 
> possible for our customers.  Right now, spam, bots, and #!$%ing spyware
are getting in 
> my way of doing that.  I don't like the fact that at the onset of each new
worm, that I 
> still have to contact people and shut them down.  I don't like the fact
that customers 
> phone complaining that our service is slow and when they bring their
computer into our 
> shop we find a massive spyware infestation (the current record btw is
5300).  As a 
> result, we are willing to try anything that is likely to gain us some
ground.  Right 
> now one of the projects that we have that is working really well is having
customers 
> bring in their computer when they sign up.  We give the PC a thorough
enema and send it 
> back out with free antivirus and antispyware, windows updates turned on
and the XP 
> firewall enabled.  Twice a year we run a spring cleanup and a fall tune-up
which again 
> goes through the enema process for $29.  We're fairly confident that this
program is 
> making a big dent in the number of really vulnerable systems out there.
>
> Our goal is to severely reduce the number of infections on our network so
that our 
> customers can have a consistent and hassle free experience on the net.
I'd like to see 
> all ISPs adopt that stance.

You know what I find highly ironic in all of this -- and I don't mean to
pick on you or your ISP -- is that there is a single symptom, a common
thread that ties together all of these problems you're attempting to combat.
And that common thread is required or at least preferred by all of the major
ISPs, and that is Windows desktops.  In other words, ISPs everywhere are
complicit in their own security and performance headaches.

The bitter pill for the clueful is that those people that run a firewall
appliance or build their own Linux/BSD firewall for their home network
typically get no support from their ISP.  (If you have Comcast cable like I
do, you can't even register your cable modem without a Windows box.  That
was an unpleasant surprise when I moved recently.)

It is not lost on me that this is all due to market forces beyond the
control of even the largest ISPs.  But I think we can all agree that this is
and will continue to be the primary trade-off that those charged (saddled
with?) network security must live with, at least in the short-term.  Finding
an effective way for ISPs to deal with this that doesn't drive customers
away is certainly a noble goal, but I haven't seen a solution that has
scaled well yet.

At the same time, I don't want special treatment from my ISP (I mean, I
*do*, but I don't want it institutionalized).  I don't want the "secure
people here, insecure people there" mentality from what is essentially a
utility.  Nothing personal, but the likelihood that an ISP will properly be
able to correctly and continually analyze the security stance of anyone's
home network is slim enough that I'd prefer not to pay more per month for
them to try (and probably fail).  I can barely do it myself, and I am one of
2 users (that I know of) and I built it.


> Sorry.  Just realised this looks a whole lot like a sales pitch...

That's what makes you a security "professional."  :-)


PaulM

PS - Sorry for the Monday morning grouch.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards