[88914] in North American Network Operators' Group
Re: Quarantine your infected users spreading malware
daemon@ATHENA.MIT.EDU (Michael Loftis)
Thu Feb 23 12:19:11 2006
Date: Thu, 23 Feb 2006 11:18:16 -0600
From: Michael Loftis <mloftis@wgops.com>
To: nanog@merit.edu
In-Reply-To: <43FDC077.7050706@brightok.net>
X-MailScanner-From: mloftis@wgops.com
Errors-To: owner-nanog@merit.edu
--On February 23, 2006 8:02:31 AM -0600 Jack Bates <jbates@brightok.net>
wrote:
> We allowed users back online to run Housecall at trendmicro for free so
> they could get cleaned up and save some money. However, the resuspend
> rate was so high, we quickly changed to offline cleanup only. It will
> remain until we perfect our auto defense system.
>
> Customers just want things to work. They don't care if they are infected.
> It's amazing how many customers swear they aren't scanning or sending
> email, and refuse to understand that their computer is capable of doing
> things without them knowing.
What doesn't help is the ISPs out there who are complete dolts and first
don't verify reports and second false alarm. They'll cut a user off on a
single complaint without any evidence or verification. Or worse they have
some automated system that false alarms without any way to verify you're
cleaned up. And if you can't get online you can't get cleaned up anyway.
Catch 22.
