[89079] in North American Network Operators' Group
Re: Quarantine your infected users spreading malware
daemon@ATHENA.MIT.EDU (Jim Segrave)
Thu Mar 2 06:10:43 2006
Date: Thu, 2 Mar 2006 12:04:27 +0100
From: Jim Segrave <jes@nl.demon.net>
To: Jack Bates <jbates@brightok.net>
Cc: "Christopher L. Morrow" <christopher.morrow@verizonbusiness.com>,
nanog@merit.edu
Reply-To: jes@nl.demon.net
Mail-Followup-To: Jim Segrave <jes@nl.demon.net>,
Jack Bates <jbates@brightok.net>,
"Christopher L. Morrow" <christopher.morrow@verizonbusiness.com>,
nanog@merit.edu
In-Reply-To: <4405DCE9.4050205@brightok.net>
Errors-To: owner-nanog@merit.edu
On Wed 01 Mar 2006 (11:42 -0600), Jack Bates wrote:
>
> Christopher L. Morrow wrote:
> <snip>
> >agreed, punting this problem to the helpdesk makes the helpdesk manager
> >grab his gun(s) and find the security wonk that put a hurtin' on his
> >numbers :) Also, it costs lots of money, which isn't generally a good
> >plan.
>
> Do you find that web redirection actually stems the flow of calls to the
> helpdesk? We find that anything out of the normal usually results in a
> customer calling the helpdesk just because they weren't expecting it. We
> found this to be true of email notifications as well. The other issue
> is, of course, differing what we are doing with those thousands of
> annoying ads that make users believe they are infected.
Yes, it reduces, but does not stop the number of calls. More
importantly, because the customer can still access sites such as MS
update, Norton, McAfee, Housecall etc, even while quarantined, those
people who call the helpdesk can get directed to the "how to fix it
page" rapidly, so the calls stay shorter.
--
Jim Segrave jes@nl.demon.net
