North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Quarantine your infected users spreading malware
On Thu 23 Feb 2006 (11:18 -0600), Michael Loftis wrote: > > > > --On February 23, 2006 8:02:31 AM -0600 Jack Bates <[email protected]> > wrote: > > >We allowed users back online to run Housecall at trendmicro for free so > >they could get cleaned up and save some money. However, the resuspend > >rate was so high, we quickly changed to offline cleanup only. It will > >remain until we perfect our auto defense system. > > > >Customers just want things to work. They don't care if they are infected. > >It's amazing how many customers swear they aren't scanning or sending > >email, and refuse to understand that their computer is capable of doing > >things without them knowing. > > > What doesn't help is the ISPs out there who are complete dolts and first > don't verify reports and second false alarm. They'll cut a user off on a > single complaint without any evidence or verification. Or worse they have > some automated system that false alarms without any way to verify you're > cleaned up. And if you can't get online you can't get cleaned up anyway. > Catch 22. www.quarantainenet.nl It puts them in a protected environment where they can get cleaned up on-line without serious risk of re-infection. They can pop their e-mail, reply via webmail, but they can't connect to anywhere except a list of update sites. It uses honeypots to avoid false positives. In short, it works. -- Jim Segrave [email protected]
|