Research appearing on silicon.com today suggests Europe is home to more zombie networks of compromised PCs than anywhere else in the world.
These computers, with 'open relays' which have been covertly created by Trojan or virus infection, are effectively controlled by virus writers, spammers and phishing scammers.
As revealed on silicon.com in the past fortnight, the sheer scale of this problem has already resulted in one consumer ISP in the UK being blacklisted for the amount of spam its customers have unwittingly been sending. That was Telewest but Wanadoo users also appear to be accounting for an unreasonable amount of email, according to Senderbase stats.
But beyond some 'tips for users' style education, little has been done to address this silent bandwidth killer living in suburbia - though surely action is long overdue and ignorance surely can no longer be a defence.
If you detract from others' quality of life because you play your music too loud, the council is empowered to come and seize your stereo and impose fines.
Should we ever consider a situation whereby persistent offenders, negligently contributing to the amount of spam and cyber crime in the world, see their PCs confiscated in a similar manner?
The levels of stress and inconvenience are at least comparable.
If a restaurant kitchen is sending out food infected with bacteria it will be closed down pretty sharpish. Ignorance of that fact is no defence. The restaurant must prove ahead of time that it complies with a series of health and safety guidelines.
So what about licensing? We rightly need a licence to drive a car because in the wrong hands it can be dangerous and a threat to others. But fraudulent emails can cause financial loss and personal injury, such as anxiety and extreme stress.
Arguably cyber crime and spam-related issues are far more costly to UK businesses than road traffic accidents. Surely physical harm can't be our only priority?
What about fitness tests - an MOT to establish roadworthiness? ISPs could refuse to provide a service to a PC which doesn't comply with stringent guidelines. Mark Sunner, CTO at MessageLabs, pointed out that while turning down customers might sound like commercial suicide, banks do it all the time - especially when those customers are likely to cost them money. ISPs no more want bandwidth-sapping insecure machines on their networks as banks want serial defaulters.
Owning a PC means running it responsibly. The nature of the internet means the maintenance of every connected machine is evidence of a need for shared social responsibility.
Comments
There are 3 comments. Join the discussion
1. Geoffrey Darnton
should we blame Microsoft? ... I believe this problem stems from the same source - Windows does not do memory management properly - that is why a PC can be taken over. In my mind it is completely unforgiveable for Microsoft to be sitting on billions of dollars and not spending part of that ensuring that Windows does memory management properly so a machine cannot be taken over .....maybe we should be putting the blame where it really lies ... compromised machines because the operating system is deficient, and archaic networking protocols .... it is a bit like blaming the police if standard house design left out door and window locks!
2. Pernille Rudlin
The blacklisting of wanadoo and also gmx in Germany that results from these ISPs letting so many subscribers spam or be used as zombies is having a serious business impact on me and I would imagine other self employed consultants who don't have corporate e-mail providers. My ISP ntlworld regularly seems to blacklist all mail servers of wanadoo.fr and gmx.de which means that e-mails I send my sub-contractors in France and Germany who use those ISPs never reach them or their responses never reach me. I'm wondering whether to change ISPs but would another ISP any better unless something is done to cull the suburban zombies?
3. Simon
Should we blame Microsoft ? Yes and No.
Yes, because (using the same analogy) they build houses without doors, let alone locks. OK, they've now started fitting doors as standard, but still leave it to buyers to fit a lock if they want to.
No, because ANY system is vulnerable - unless you don't have any users ! Just look at how cars have been made unstealable by better locks, immobilisers, and alarms - it hasn't stopped them being stolen, just changed the attacks to include other elements like stealing the keys or physically hi-jacking the driver.
I've been suggesting that ISPs could tackle this relatively easily if they wished, and I also believe that we should be considering something along the lines suggested by the article - perhaps not a Drivers Licence and MOT, but if not, what ?
Of course, if more people like Pernille started asking the ISPs about their policies on this then the ISPs might start taking note - eventually (but not yet it seems) such measures will become a selling point !