[95100] in North American Network Operators' Group
Re: botnets: web servers, end-systems and Vint Cerf
daemon@ATHENA.MIT.EDU (Sean Donelan)
Tue Feb 27 04:03:51 2007
Date: Tue, 27 Feb 2007 04:02:56 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: Eric Gauthier <eric@roxanne.org>
Cc: nanog@merit.edu
In-Reply-To: <20070226155534.GC20186@roxanne.org>
Errors-To: owner-nanog@merit.edu
On Mon, 26 Feb 2007, Eric Gauthier wrote:
> Generally, we've found that most end users don't even know that their systems
> are infected - be it with spyware, bots, etc - and are happy when we can help
> them clear things up as they usually aren't in a position to fix things on their
> own. I know that the really bad analogy of driving a car has been used a few
> times in this thread, but I think part of the analogy is true. If someone owns
> and uses a car but the car has no indicator lights to say that something
> is wrong, its hard to believe that the driver will be able to fix the problem
> or even know to contact the repair shop. We've tried to give our users
> that "indicator" light and some help repairing it
You forgot a big difference. Universities usually don't give tuition
refunds, so you have a $40,000 "penalty" hanging over the student's head
which gives students an incentive to listen and want to respond to your
notices. It's similar to why public libraries have a much harder time
getting people to return books than university libraries.
Ask car repair shops about people driving their cars after that indicator
light turns on with smoke belching out of it until the car grinds to a
stop. While consumers might miss one notification method, after notifying
people by e-mail, telephone, snail mail, web redirects, and any other way
you can think of; consumers are very good at ignoring warnings until
their computer stops working.
Detection or notification isn't the problem. Getting people to want to
fix their computer is.
If there isn't a way to test if the computer is actually fixed, then you
just repeatedly cycle around the consumer saying its fixed/nothing is
wrong and the ISP claiming its broken.
What's the Turing test for a fixed computer?
