North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: FBI tells the public to call their ISP for help

  • From: Scott Weeks
  • Date: Fri Jun 15 16:18:19 2007



: Most ISPs recommend using Microsoft software or
: provide software for the Microsoft platform, and 
: require to turn on JavaScript


I've never heard of an ISP requiring this.  They might provide it for you if you want to use their branded Micro$loth-oriented software, but it's not a requirement.  Any ISP requiring folks to use a particular OS is doomed to fail.

scott




--- [email protected] wrote:

From: Florian Weimer <[email protected]>
To: Owen DeLong <[email protected]>
Cc: Sean Donelan <[email protected]>,	Jack Bates <[email protected]>, [email protected]
Subject: Re: FBI tells the public to call their ISP for help
Date: Fri, 15 Jun 2007 22:06:42 +0200


* Owen DeLong:

> Wrong... Most of them are subject to the problems they have because
> of their contractual relationship with Micr0$0ft.  Specifically,
> they made the unfortunate mistake of purchasing software from
> Micr0$0ft, agreeing to the Micr0$0ft End User License Agreement
> (contractual relationship) and then running the Micr0$0ft software,
> which lead directly to their system getting owned (or pwn3d if you
> prefer) due to the enormous number of design flaws, well known
> exploits, and other deficiencies in the code purchased from
> Micr0$0ft.

In most parts of the world, the Microsoft EULA is not enforceable.
Most users don't buy their software from Microsoft, either.  It's
preinstalled on their PC, and Microsoft disclaims any support.

> In what way, exactly, is this in any part the ISPs fault?  Why
> should their ISP bear the brunt of the costs for Micr0$0ft's poorly
> written code?

Most ISPs recommend using Microsoft software or provide software for
the Microsoft platform, and require to turn on JavaScript, which makes
browsers much more vulnerable.  (Obviously, this doesn't matter in
practice, but still.)  They don't exist in a vacuum.

But the whole thing underlines a very difficult problem compromised
end users face: they haven't got anyone to turn to.  Someone quoted
rates for some services, and these aren't acceptable (you can almost
get a newer, faster PC for that price).  Part of the problem is
piracy, which makes it difficult to reinstall everything from scratch.
Another one is the lack of an audit trail which would tell *why* the
customer got infected, so that you could get some learning effect.