Intersections’ Consumer Security Adviser Neal O’Farrell writes today about current efforts by the FCC to improve Internet security. But, is it going too far? Read on!
In an effort to protect the broader internet from the carelessness of a few, the Federal Communications Commission (FCC), among others, is proposing a much broader adoption of something I've been encouraging for years — encouraging ISPs to take a greater role in protecting the Internet from the mistakes or carelessness of their own customers.
The idea is that ISPs would use a variety of tools to detect PCs that are infected with dangerous malware like bots, warn the owners of those computers about the infection, and help them clear it up. If the owner fails to clear up the infection, or becomes a repeat offender, the ultimate sanction could deny them access to the internet until they clear up their act.
It sounds draconian, and the FCC is not yet going that far. But it's already beginning to happen and may even be a good idea. As one commentator put it, when bad guys manage to infected thousands of personal computers and get them to work together, they have in effect a highly dangerous cyber weapon capable of causing significant damage to other computers and networks.
If you're not protecting your computer, it can easily be infected by all kinds of malware — malware that's becoming increasingly sophisticated. When criminals are able to infect enough computers to create a botnet, or network of bot-infected computers, they can then use that network to attack web sites, hide porn, and share stolen identities. Essentially use your personal computer to run their criminal enterprise.
Which is why the Federal Communications Commission is working even harder to encourage more IPSs to get tough on careless users. And some are paying attention. A couple of years ago Comcast announced the launch of Constant Guard, a free protection service for its customers that now includes bot detection — although so far it doesn't go as far as blocking Internet access for infected users.
But now the FCC wants all IPS to take part in this fight. In a recent speech, FCC Chairman Julius Genachowski commented that "ISPs can play a significant role in the battle against botnets. They can increase customer awareness so that users can look for signs that their computers are being used as bots, detect infections in customers' computers, notifying customers when their computers have become infected, and offer remediation support."
He added that ISPs can and must do this in a way that does not compromise consumers' privacy and that if other ISPs employed similar best practices, it could significantly reduce the botnet threat.
And while he didn't go as far as suggesting more draconian measures if consumer education doesn't work, many security experts, including myself, believe sanctions against the worst and deliberate offenders are only a matter of time.
The best way we can all avoid moving in such an extreme direction is to take greater responsibility for protecting our own little corner of cyberspace. Guard your computers well — it's actually quite easy and you have no excuse not to.
The easiest options are to use multiple layers of malware-protecting software and most of this is now free. Keep your computer constantly patched and updated — this is also free and automated so you have to do little. And make sure you update your browser. The latest browsers have lots of great security tools built in that can offer solid defense against most of the threats that want to take over your computer.
I've had the honor of being a member of the FCC's Cyber Security Working Group and I know how dedicated the FCC is to making the Internet safer for everyone. But they can't do it alone, and they shouldn't have to. Don't force your ISP to get tough with you. Protect your own corner of cyberspace and we all win
Learn more about identity theft protection.