"Zombie" computer quarantine

Open discussion regarding technological or telecommunication issues
Post Reply
CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

"Zombie" computer quarantine

Post by CoreyPlover » Sat Jun 26, 2010 5:43 pm

Not sure why it took so long, but perhaps the world is starting to recognise the benefits of the method that Exetel has employed for years now: http://yro.slashdot.org/story/10/06/26/ ... e?from=rss
Coroneos, Chief Executive of the Internet Industry Association, the national industry body for the Internet in Australia, said that the time had come for internet users to be responsible for their actions online.

"I'm sure there are people around that resent having to put new tyres on their car when they're unroadworthy, or have their breaks done," Coroneos said. "But the reality is that we have argued that internet users have a responsibility not only to themselves, but also to other users on the internet."
I am a volunteer moderator and not an Exetel staff member. As with all forum posts, mine do not constitute any "official" Exetel position. Support tickets may be logged via https://helpdesk.exetel.com.au or residentialsupport@exetel.com.au

Dimand
Posts: 36
Joined: Fri Jun 11, 2010 12:41 am
Location: Newcastle

Re: "Zombie" computer quarantine

Post by Dimand » Sun Jun 27, 2010 4:02 pm

Interesting. However, if someone did become quarantined, it would perhaps be too difficult to find a cure.
"throttle the speed of an infected users' internet connection until their computer fixed."
I know a number of antiviral medications that would have difficulty preforming an update under such conditions, and an update is usually the easiest way to clean any newer beasties in your brain, Sorry, PC.

Any good user is generally well protected enough not to fear been infected, however the reduction in spam would be wonderful. A delicate balance between refused and granted access would need to be found.

CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: "Zombie" computer quarantine

Post by CoreyPlover » Mon Jun 28, 2010 9:13 am

Dimand wrote:Interesting. However, if someone did become quarantined, it would perhaps be too difficult to find a cure.
What Exetel does, and other ISPs could easily implement, is to whitelist an FTP / HTTP mirror site with up to date versions of a few popular, free antivirus programs.
I am a volunteer moderator and not an Exetel staff member. As with all forum posts, mine do not constitute any "official" Exetel position. Support tickets may be logged via https://helpdesk.exetel.com.au or residentialsupport@exetel.com.au

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: "Zombie" computer quarantine

Post by Dazzled » Mon Jun 28, 2010 2:23 pm

If you are blocked for malware you can still go back online to find a cure if you boot your machine from a live Linux CD or USB stick containing anything from ultra-small Puppy Linux or Partedmagic up to a full blown desktop trial CD like Mint or Ubuntu. These have good browsers and downloaders on board to find and obtain whatever is needed to clean Windows, and they can save to the Windows hard disk. Sometimes you may find this the only simple way to remove part of a rootkit.

The full-sized trial CDs (which have package managers and on-line repositories) can download and install AV suites like AVG and ClamAV into RAM if there's enough. Most Linuxes run in only a couple of hundred MB of RAM, so there is usually room for a bit more.

After you have whatever information or tool is needed, go offline, reboot Windows and repair it. Of common operating systems, only Windows is readily attacked by malware.

Partedmagic is also a useful repair tool for Windows users who might have partitioning, imaging or boot sector problems. Other live CDs are available for the job, such as SystemRescueCD, but the skill level required is a little higher. There are even people who swear by the Satanic-looking #!Crunchbang for the purpose eg http://maketecheasier.com/remove-window ... 2010/02/02.

Dimand
Posts: 36
Joined: Fri Jun 11, 2010 12:41 am
Location: Newcastle

Re: "Zombie" computer quarantine

Post by Dimand » Wed Jun 30, 2010 10:56 pm

CoreyPlover wrote:
Dimand wrote:Interesting. However, if someone did become quarantined, it would perhaps be too difficult to find a cure.
What Exetel does, and other ISPs could easily implement, is to whitelist an FTP / HTTP mirror site with up to date versions of a few popular, free antivirus programs.
Right. but the average user who will be blocked in the first place is not going to figure out why whatever anti virus they chose might not be updating.

CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: "Zombie" computer quarantine

Post by CoreyPlover » Thu Jul 01, 2010 12:07 am

Dimand wrote:Right. but the average user who will be blocked in the first place is not going to figure out why whatever anti virus they chose might not be updating.
If someone has an up-to-date anti-virus program, their chances of being blocked are greatly decreased in the first place. But it is a trivial matter to place an explanation and links to downloadable virus definitions on the block page.

Blocked pages and quarantining need not be very restrictive. It might be as simple as a page that says "You have a virus and your internet service has been blocked. Click here to unblock" and this still has the advantage of informing the end user that their system has been compromised. This alone has the ability to educates users about the problem. If even light quarantining like this were to become the norm it would have an absolutely massive beneficial impact on spam and botnets. And if heavy quarantining were to become the norm, spam would effectively be eradicated...we can only live in hope I guess.
I am a volunteer moderator and not an Exetel staff member. As with all forum posts, mine do not constitute any "official" Exetel position. Support tickets may be logged via https://helpdesk.exetel.com.au or residentialsupport@exetel.com.au

Post Reply