ISPs should get a block list of IPs from certified sources (not Joe Public) to kick off their network.

If they do not comply (say within 48 hours), then the ISP should get blocked.

This will be tough for the first few months while they get their act together and begin to kick off the infected machines. You can bet that the low-rent ISPs will be hit hardest.

When the owner of an drone PC phones up to complain that they can no longer waste their lives in "2nd Life" or whatever, they can be told exactly why and exactly what they need to do about it to be allowed on-line again.

This is not difficult (neither is eradicating SPAM), all it takes is the will to implement it. ISPs simply do not have the will; there's too much money in it for them.

Checked one of our filters today, 1.2M spams last month compared to an average of 1.6M per month over the last 6 months. So if your drowning in 16 feet of water, it makes no odds if someone lets 4ft out of the pool, you're still drowning!

spud@myezdial.com

What's the incentive for ISPs to secure their servers? None. Security doesn't sell to the overwhelming majority of folks who want to put up a Web site; the only three things they care about are price, price, and price. An ISP can be pwn3d sixteen ways from Sunday, with thousands of sites hosted on their servers penetrated daily, and they'll still make money.

What's the financial incentive for ISPs to disconnect compromised, malicious, or spammy customers? Again, none. They lose revenue, but what do they have to show for it, besides kudos from a handful of folks who care about security?

What's the financial incentive for ISPs to educate their customers about security? None. It's costly and it doesn't make a lick of difference to the bottom line.

I've written emails to ISPs that host compromised servers and have hundreds, or even thousands, or in two cases tens of thousands, of virus and malware droppers living on their networks, and received replies like "I see the problem and issues involved, I have to say what they are hosting is not right, but the best we could do is try to communicate with the client and urged him to stop or issue a 30 days termination notice per our terms of service if it is not resolved to our satisfaction. Please understand we have our difficulties as well from a service provider point of view and thank you for the understanding." (That's a direct quote, mind.) That is, when I receive a reply at all.

Until a direct, tangible incentive exists for ISPs to take responsibility for their networks, or a direct, tangible disincentive exists for ISPs to tolerate this kind of situation, or both, the situation will remain exactly as it is.

A block list of IPs just doesn't work.

I had trouble a while back when a number of websites I deal with all disappeared from Virgin. After some discussion with Virgin's techs, it was determined that these sites were on their blocklist (a copy of which was sent to me for analysis). Because these sites were hosted by a server that handles many websites (the most common way small websites are hosted), they were on the same IP as a single dodgy site. Further discussion revealed that normally such all catching blocks aren't employed because, as in this case, it may remove a single dodgy site but in the process takes out thousands of legitimate websites.

Took Virgin 4 days to remove that block, along with the others wrongly applied by their PFY.

They weren't sure about unblocking at first, but the idea of a court case caused by thousands of sites losing business from a potential 50% of the UK's internet users may have been a contributing factor to removing the blocks.

Paris, because she doesn't want things blocked willy nilly either!