The United States is ranked #1 for malicious activity by source and we are responsible for just over 21% of all of the malicious activity. Much of this has to do with my mother the innocent victim who doesn’t know any better and doesn’t even know there is a cyber war going on. She doesn’t know to patch her PC, nor not to download the toolbar of the week. She doesn’t even call her son when her Norton 360 subscription expires as he just happens to be a security professional and he works for the company. Enough about my mommy issues I pay good professionals to vent about her. Adding to the mom issue is the intuitions that feel status quo is ok and don’t patch until something breaks. Malware running around the organization salivating over that large pipe to the Internet just waiting for instructions. This isn’t just your mom and pop grocery I am referencing here, these are Fortune 100 companies whose patching strategy is just that wait and see. So what is the big deal that all these PCs are infected who is it hurting? There has been a ton of press lately about the largest of financial intuitions being hit with denial of service attacks of astronomical proportions. Astronomical in this case refers to 60+ GBPS, THAT’S ALOT OF TRAFFIC. In the physical world if there was a mob of people standing outside a physical branch of one of these financials not allowing anyone in the police would be called and the riot squad would clear the mod. Well that’s nice Joe but there is not riot squad for the Internet. OK, enough background information about the problem I am here to write about how to fix it. So what can be done about this and who should do it? The obvious choice in my mind is those providing the access to the Internet, the Telco Carriers. When you contract for Internet service you agree to certain terms of service and with that you can be cut off for certain actions. This does happen today under copyright violations today, DRMC notice anyone!!! So why not for being infected with malware? Someone needs to take action and filtering at the source is a logical conclusion. I understand they are just providing the transport and there is a freedom and openness that is expected but if you are causing damage or being controlled you should be cut off until the issue is corrected end of story. Symantec knows from the Global Intelligence Network where the majority of command and control servers are, this is an information service we offer our customers today. So why don’t the carriers act? The fact is majority of the “bad” traffic can be identified but I believe it more a political issue with the carriers where they do not want to become the police. With any luck the DDOS attacks of the past few months will open this discussion back up at a national level. Finally, yes I have corrected my mom’s issues and you will be happy to know I simplified and have given her an iPad. Please let me know your thoughts on the Telco’s taking responsibility and begin to filter users.
I think we need a internet service with two plans, One should have no (unconditional)restriction /block any sites even malicious or geniune and second one is with some restriction and security.