GENEVA — Head of Google’s anti-malvertising team Eric Davis wants Internet Service Providers (ISPs) to look beyond profits and take a more proactive approach to dealing with malware-infested computers on their networks.
During a keynote presentation at the Virus Bulletin conference here, Davis said competitors in the ISP space must look beyond profits and partner on new initiatives to deal with the “parasites” that have taken control of the Internet landscape.
[ ALSO FROM VB 2009 : From Gimmiv to Conficker: The lucrative MS08-067 flaw ]
“Technology is only one part of security,” Davis said, adding that the necessary countermeasures are currently undermined by structural issues. “We need to explore industry self-regulation, education and reputation systems, he argued.
Making it clear his statements were not necessarily the views of his employer, the Google executive chided ISPs for not doing enough to help users with infected machines.
“The ISPs are in the best position to detected infected machines. They’re in the best place to do something about malware. They already have monitoring systems that could be used to identify signs of malware and botnet activity. If they see abnormally high e-mail activity, that’s most likely spam from a botnet,” Davis said.
However, because ISPs have no monetary incentive to notify and help disinfect machines, the botnets live and thrive within ISP networks, he added.
[ SEE: Google: Cooperation Needed to Combat Malicious Ads ]
“Detection is expensive and tech support is expensive so they don’t do anything about it,” Davis said.
He recommended ISPs use the Australia Internet Security Initiative (AISI) as a model to fight malware. The AISI group mandates minimum customer security levels and isolate infected machines into “walled gardens” until the malicious software is removed.
“The computer has to meet certain [security] standards for that ISP to grant access to the internet, ” Davis said.
At the basic minimum, he recommends that ISPs mandate that all computers connecting to the Internet be fully-patched (operating system and third party software) and have active anti-malware software running.
“We need to restrict computers that are not in good condition and maybe offer carrots to consumers — maybe provide some additional services, more disk space or free tech support as incentives for users to be strict about security.”
