North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Are ISP's responsible for worms and viruses

  • From: Owen DeLong
  • Date: Thu Oct 20 15:17:46 2005

> Mind you, it would help if some of the anti-abuse groups
> would band together under some umbrella organization that
> ISPs could join. Botnet researchers, SPAM fighters, etc.
> That way there could be some sort of good housekeeping
> seal of approval that ISPs can use to competitive advantage
> in the marketplace. At that point, money starts to talk
> and there is an economic incentive to clean up your act
> and get that "seal".

What would help more would be if people realized that
worms and viruses aren't like crack, they're more like
biological WMD.  As such, it is unlikely to be a
productive solution holding the city where the WMD
are being delivered liable.  That becomes a game
of legal whack-a-mole.  What is needed, instead, is
to hold the companies selling the technology used to
build these WMD liable.  If companies that made
vulnerable OSs were held liable for the damage caused
by those vulnerabilities, you would rapidly see $$
make a BIG difference in the security quality of
OS Software.

Why do we have seat belts in every car manufactured
today?  Because auto makers started getting held
responsible for injuries caused by the failure to
install them.  As much as I think product liability
law, especially in the US, has become insane, the
software industry (where it so far hasn't really
been applied) is one area SCREAMING for this to

Eliminate (or even significantly reduce) the number
of systems being sold with virus friendly toolkits
and features enabled by default, and, you will go
a long way towards reducing the spam and virus/worm


If it wasn't crypto-signed, it probably didn't come from me.

Attachment: pgp00043.pgp
Description: PGP signature