Re: Quarantine your infected users spreading malware

[Michael Loftis <mloftis () wgops com>]

--On February 23, 2006 8:02:31 AM -0600 Jack Bates <jbates () brightok net> 
wrote:

> We allowed users back online to run Housecall at trendmicro for free so
> they could get cleaned up and save some money. However, the resuspend
> rate was so high, we quickly changed to offline cleanup only. It will
> remain until we perfect our auto defense system.
>
> Customers just want things to work. They don't care if they are infected.
> It's amazing how many customers swear they aren't scanning or sending
> email, and refuse to understand that their computer is capable of doing
> things without them knowing.


What doesn't help is the ISPs out there who are complete dolts and first 
don't verify reports and second false alarm.  They'll cut a user off on a 
single complaint without any evidence or verification.  Or worse they have 
some automated system that false alarms without any way to verify you're 
cleaned up.  And if you can't get online you can't get cleaned up anyway. 
Catch 22.