Re: Some Kudos for Dell
- From: "Kevin Childers" <wildthing123@xxxxxxxxxxx>
- Date: Sat, 13 Aug 2005 15:44:21 -0500
"Leythos" <void@xxxxxxxxxxx> wrote in message
news:MPG.1d67c0658533d164989b96@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> In article <aocLe.4548$F_7.712@xxxxxxxx>, wildthing123@xxxxxxxxxxx
> says...
> > "Leythos" <void@xxxxxxxxxxx> wrote in message
> > news:MPG.1d66d5255124a18f989b93@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > > In article <ML6Le.43708$vb3.42305@xxxxxxxx>, wildthing123@xxxxxxxxxxx
> > > says...
> > > > The ISP is responsible for ensuring the availability of said
> > services.
> > > > Most have established procedures to protect the network and it's
access.
> > > > Beyond that there is a limit to the protection they are willing to
offer
> > to
> > > > individual end user systems due to cost and liability. I've worked
at
> > a
> > > > number of ISPs, network services companies and computer shops. In
the
> > end
> > > > cost and liability trumps all else.
> > >
> > > Enabling NAT on the DSL/Cable modems that support it doesn't COST
> > > anything in actually increases the capacity of the network by
decreasing
> > > the number of newly compromised machines. It's hard to get that idea
> > > into the head of the managers and CFO's - if you provide NAT and free
> > > virus software for clients, that your network becomes cleaner and less
> > > used due to viruses not spamming outbound around the net from your
> > > network.
> > >
> > But as of last count that still leaves a large majority of internet
> > users on dial-up unprotected. Not all service providers have the
capacity
> > or the desire to provide free home networking services to residential
> > customers. These come at a cost that most providers would rather avoid.
>
> It does not involve "home networking" any more than their routers do
> now. In fact, some of the Cable and DSL modems are setup to provide a
> 192.168.x.y address by default in some locations I've been in. We just
> setup a SBC DSL connection for one small company where their SBC DSL
> router provided a 192.168.1.2 address to our hardware. Since we wanted
> to provide remote support we had to get SBC to allow us to use Bridge
> mode in order to get a public IP so that we could manage the NAT on our
> device.
You, for a small company? What about John Doe, computer user sittiing
at home with one or more PCs trying to set up on any connection? He
expects his ISP to support whatever hardware he has, but can he also expect
them to provide, install, configure and support additional hardware to
protect him? Also are these fixed addresses or dynamic?
> > Additionally there comes the question of liability. Surprisingly this
what
> > keeps many smaller service providers out of the antivirus/antispam
venue.
> > Ideally each end user machine should have it's own anti-virus protection
as
> > well as the network servers and the network it's self. In the USA the
legal
> > climate is such that were said services provided by the ISP and they
were to
> > fail in some way the potential for a law suit is quite high. We made a
tidy
> > profit helping to keep them clean. Add to this the total disregard of
any
> > possible virus/malware threat by many P2P users, it just becomes over
> > whelming.
>
> Many ISP's already provide free AV software and even Free Spyware
> detection/removal software - it's not a issue of Liability as it's
> perfectly clear that the ISP is not liable, the AV/ASW vendor could be,
> but the ISP is just providing a free service without any responsibility.
A matter of scale, the biggies can afford bulk licenses, but the little
guys are still out there. During my time as a tech at one small ISP, the
question came up about providing at cost Antivirus software. The only
problem was that the cost quoted by NAV & McA was close to retail and they
required that we provide hosting for the downloads. Not cost effective to
our operation nor the customer.
> > Not to mention that there are a number of commercial apps, and not
all
> > are in true legacy status, that do not work and play well with antivirus
> > programs. I know of several companies we supported that required their
> > agents/representatives to use said apps.
>
> And there will always be issues with some users systems, but, NAT would
> not be one of the problems with a system, only with communications, NAT
> is implemented outside of their home network (at the ISP's router), and
> if they choose to not use free AV software they can, the ISP should
> still provide / encourage its use.
But connections need to be robustly dynamic and support a plethora of
technologies. Cost of management becomes an issue. There is also an issue
of replacing hardware.
> > The filtering of Email becomes another nightmare due to the sheer
volume
> > of spam on top of viruses that an ISP must shift through. Then there is
the
> > risk of a false positive that delays or dumps some vital business
> > correspondence. The only way we were able to implement anti-spam and
> > antivirus on our Email servers was to first get a blanket best efforts,
etc.
> > waiver from the end users or the domain owner and then add a small
charge to
> > cover the additional resources required.
>
> Actually, we fight with this all the time. Since we setup our customers
> email systems we have/do find means to combat spam/attachments, and
> we're more aggressive than an ISP would be, but many ISP's also take the
> path of moving the email to another location and sending the user a link
> to a site where they can review it before downloading it. If ISP's
> filtered attachments based on file extension alone, it would block 90%
> of that crap - don't let .EXE through (yet, still let .EX_ through as
> .EX_ won't autorun on anyones machine), same with .SCR, .PIF, etc...
> This would not keep anyone from sending a .EXE to anyone, but it would,
> by renaming it, keep anyone from accidentally executing it.
A good plan, but not very functional in the real world due to the
diversity of interest one has to support. Believe it or not some people do
send legitimate attachments with those file extensions. You also mention
customers Email systems. Yes we did that , but the issue is with John Smith
Internet user, not corporate clients. With a corporate system you can
execute a much tighter control scheme.
One of the best and actually least expensive set-ups we implemented for
a customer on a budget was a series of old servers (zero hardware cost) they
already owned set up in three layers to handle their Email. Layer one was
antispam and consisted of two servers running Free BSD and Postfix, software
cost zero. The second layer had two servers running Linux and a modified
antivirus application that utilized NAV to scan all in inbound Email and
attachments, this included compressed files, software cost about $600.00.
The third layer was the actual mail server running NT and Imail software
cost $12,000 at the time(approx).
But again this is not a viable option on a public Email server.
> > So when you add the human, technical, and financial barriers most
ISPs
> > simply can't afford it. As a minimum we and most other ISPs I know of
> > did/do provide a rather extensive section on the company web site
warning
> > about the potential threats that exist on the web as well as best
practice
> > to protect networks and end users. The monthly hit count on those pages
> > though was never very high.
>
> A passive warning means nothing - I bet less than 20% of an ISP's users
> actually even know about the warning on their sites. As for the count,
> if it's part of the IE startup page, then it's only getting hits because
> the users open IE, not because they read what's there.
Active warnings don't seem to have much effect either. We produced a
monthly newsletter to our users an even with large red flashing letters
announcing a new threat and linked to the very item on the threats pages did
not do much to increase customer awareness. Though there would always be a
small bump in customer calls to tech support wanting help to deal with the
problem. People seem to want a tech support guided tutorial on fixing the
problem rather than taking a few minutes to read. All that being said maybe
there are just more ethnically inept people out there that we gave the
population at large, or at least the portion covered by our customer base,
credit for
> Implementing NAT on ISP's hardware at the home, if it's supported by the
> ISP's device, as a default installation method, costs the ISP nothing
> and provides a great first barrier protection method. Any user that
> needs a public IP should be able to get it just for the asking, as any
> user smart enough to know the difference is very likely to also know how
> to protect their system.
Broadband yes, and BTW with the FCCs new ruling on DSL the provider list
is about to get a lot smaller. Smart users yes, but there are any number of
illuminated idiots out there that only have half a clue and scream bloody
murder when they finally realize they are over their heads.
> Providing a Disk to the users on installation that gives them a FREE AV
> program and a free browser like FireFox, even if they don't install it,
> would be great - since many users would install it.
Mozilla is not perfect, but a good answer. All you would have to do is
change peoples habits a bit and get them to accept something that is not
exactly like what they are using now. For the early adopters and the
technically proficient, this is unnecessary as they don't need anyone disk,
just the basic settings and addresses for the servers and their off and
running. A 3x5 note card would suffice. For others no disk will ever cover
all they need to know should they ever take the time to fully utilize what
is offered. There is and always will be hardware (MAC, x86, ???) issues.
What works on a shiny new Dell et al, may or may not work on some ones
legacy machine. Then there is the issue of OS, what are you running, today?
At present I have a client that has one machine that just doesn't like
NAV '05. NAV tech support has yet to resolve the issue and looks to lose a
dedicated customer. He has several machines from a 486sx running Win95 to a
Gen 4 with XP, but one of his two older matching 550 MHz WIN Me machines
can't seem to get a good install. Surprisingly it's the one with a true
Intel chip (the other is a Celeron). Going to try AVG this after noon on
it. Sad part is the guy is a real straight arrow and actually own licensed
copies for every piece of software he's got on his machines. I think he
still has every machine (up and running) he's ever bought and they are his
extended families home network.
> Don't say cost is a factor, most ISP's oversell their services and user
> performance suffers due to it - if users were not compromised or not
> reachable to attack, the ISP would have greater capacity and not require
> additional investment to increase their users performance or to add more
> users to the clean system.
You have over simplified this a bit. For the big national/regional
providers, usually they are being hosted by a third party server farm that
is subject to limitations that vary from company to company. For the little
guy it is a balance between performance and cost to eak out a profit.
Speaking of cost, the install disk are cheap, but the licensed install
software is not unless it is home brewed and even then programmers aren't
that cheap even if you go overseas. That's why most offer dynamic IP
addressing and charge extra for fixed IP addresses. Though a good router
makes this a non-issue. Then to there is a side benefit from this in that
it reduces bandwidth hogs who want to set up servers and do low end
web/FTP/wares hosting, massive P2P file sharing, etc., on a residential
account. The original provisioning of the first residential broadband
providers did not for see this and got slammed by such inconsiderate types.
And this upped the cost as well for said services
> Dial-up users are in another situation, but, there are inexpensive means
> to protect them - you don't have to give them a public IP, and for
> $9.95/month they don't need a public IP. You could give two phone
> numbers - one for protected one for unprotected..... Sure, this might
> actually cost, as the initial change would require some effort, but, in
> the end they might actually get more customers by being able to
> advertise their security measures - and the fact that normal dial-up is
> no more secure than broadband.
Human nature isn't that savvy. Most folks will go with the cheapest
they can get for the minimum reliability they can stand. That's how the
>$10.00 ISPs get by. They also drop any service that does not show a
profit. Many don't even offer Usenet.
.
- References:
- Some Kudos for Dell
- From: Howard Nelson
- Re: Some Kudos for Dell
- From: BigJim
- Re: Some Kudos for Dell
- From: Jupiter Jones
- Re: Some Kudos for Dell
- From: Tom Scales
- Re: Some Kudos for Dell
- From: Tom Scales
- Re: Some Kudos for Dell
- From: NuTCrAcKeR
- Re: Some Kudos for Dell
- From: NuTCrAcKeR
- Re: Some Kudos for Dell
- From: Steve W.
- Re: Some Kudos for Dell
- From: Kevin Childers
- Re: Some Kudos for Dell
- From: Kevin Childers
- Some Kudos for Dell
- Prev by Date: Re: Dell replaced hard drive
- Next by Date: Re: Dell Inspiron 8500 - BSOD - bcmwl5.sys driver?
- Previous by thread: Re: Some Kudos for Dell
- Next by thread: Re: Some Kudos for Dell
- Index(es):
Relevant Pages
|
