ISPs not interested in malware prevention

[nsane.forums]

Legal and contractual obligations mean no clean pipes

Internet service providers (ISP) are showing little interest in cleaning up their network traffic delegates at the RSA conference have been told.

While some countries are now insisting that ISPs clean up their data traffic, security firms are finding considerable resistance to the idea of taking them taking responsibility for their traffic. Part of the problem is that ISPs make good money from malware

I would pay for clean water out of a pipe, but I can't do that for the internet, said Raimund Genes, chief technology officer for Trend Micro.

We are one of the biggest security companies but we can't convince the ISPs, Facebook and others to clean up their internet pipes. It's up to the customers to request clean water out of the pipe.

He said that regulatory pressure in Japan and Germany had forced ISPs to introduce malware and phishing controls. In such cases a noticeably lower rate of malware infection was recorded.

Here in the US you have a deregulated market so there's no progress. ISPs will host malware because there is money in it.

However George Kurtz, chief technology officer for McAfee said that such deregulation actually suited some users.

There has to be an economic motivator to do this, he said.

If you have customers who like dirty water then so be it. If your habits are downloading porn and warez you're likely to be at risk.

Nevertheless security companies faced challenges in getting law enforcement to shut down malware generators. Genes said that the company faced major problems in trying to get law enforcement to take down malware command and control servers.

We identify a command and control server in Germany and then by the time we've got the police involved the hosting moves to Italy. Once we've got Interpol involved the server moves to South America.

He explained that with some Russian hacking groups making up to $20m a month from hacking, then criminal gangs could hire the best computer talent to circumvent government controls.

View: Original Article

[Ambrocious]

True and proper education needs to be the way to tackle this issue. The public needs to undergo computer security 101 from the get go in public schools with the option of either cheap classes or free classes to teach adults and others who want to learn how to be more safe and secure. Those who understand should offer to help teach...I'd offer free classes in my own personal opinion. I'm not a pro exactly but I am decent with knowing how to secure your system.