Can ISPs Help Beat Botnets?

By John Wagley

If government proceeds with a rule, some warn it should not go for a one-size-fits-all approach. Many smaller and regional ISPs lack the resources to effectively monitor their networks or notify customers, says Brent Rowe, a senior economist in the Technology Economics and Policy Group at RTI International.

Larger ISPs are more capable of doing so. Some are already more proactive. Comcast, for instance, began notifying customers about botnet infections in October 2010 as part of its Constant Guard service, which is provided free to the company’s high-speed Internet subscribers. Customers are notified via e-mail or Web banner and given information about a Web site that offers guidance on cleaning their computer, according to the company.

Some larger ISPs also provide customers with some form of anti-virus assistance, which the ISPs frequently purchase from security companies and repackage for consumers.

But it’s not clear how much ISPs, especially smaller ones, can help consumers without busting their budgets, says Rowe. For example, consumers will need additional assistance, such as via telephone, in cleaning their computers, but it doesn’t appear that many ISPs can currently afford to provide that level of service.

Michael O’Reirdan, chairman of the Messaging Anti-Abuse Working Group, which represents numerous ISPs and other organizations, says one problem with any kind of government requirement is that it may be limited by the fast-changing nature of the bot threat. Today’s bot problem isn’t going to be tomorrow’s, he says.

Other countries are ahead of the United States in creating public-private partnerships and security standards to help ISPs fight botnets. In late 2010, for instance, the Australian government joined with the Australian Internet Industry Association and other groups to establish voluntary ISP security standards that would help curtail botnets. For example, the standards provide that ISPs who see indication of infections in customers’ accounts would notify those customers about the possible infections and then direct them to a site with instructions on how to clean their computers. More than 30 Australian ISPs participate in the program. Similar efforts have been launched in Germany and Japan.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.