North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: botnets: web servers, end-systems and Vint Cerf

  • From: michael.dillon
  • Date: Mon Feb 19 04:27:07 2007

> > It is regularly done with servers connected to the Internet.
> > There is no *COMPUTING* problem or technical problem.
> I beg to differ.  Yes, it is possible for tech-savvy users to secure  
> their machines pretty effectively.  But the level of technical  
> knowledge required to do so is completely out of line with, say, the  
> level of automotive knowledge required to safely operate an 
> automobile.

You need, at minimum, weeks of training in order to safely operate an
automobile. But to safely operate on the Internet, you simply open the
box, plug the DSL cable into the DSL port of the
NAT/firewall/switch/gateway box, plug the brand new unsecured computer
into the Ethernet port, and you can now safely operate on the Internet.
The technical problem has been solved for a long, long time. The same
factors which drive down the cost of computers, have also driven down
the cost of NAT/firewall devices to the point where they could actually
be integrated right into the PC's hardware.

> We know how -people with specialized knowledge- can secure them, not  
> ordinary people - and I submit that we in fact do not know how to  
> clean and validate compromised systems running modern 
> general-purpose  
> operating systems, that the only sane option is 
> re-installation of OS  
> and applications from scratch.

This is an entirely different issue. It's like trying to cure AIDS and
syphilis. Maybe prevention is an easier problem to tackle. Condoms are
also fairly simple technology that works.

--Michael Dillon