On ISPs Not Filtering Viruses

John Young jya at pipeline.com
Sun Jan 6 16:04:33 EST 2002 

We've also had bad luck in getting our ISP, Verio, to filter
viruses. The sysadmins we've discussed it with provide
varying explanations why this is not possible. Instead they
suggest workarounds to send the known varmints to null
or to a phony file name or even a file to collect them and
then be emptied periodically.

What is peculiar is that the sysadmins do not tell the same
story, instead offer vague explanations when pressed.

When we said we wanted to purchase (rent) new space on
alternative machines, we were told that would not solve
the problem. That even erasing the disks on our current
machine, and reinstalling system programs and our files
would offer only momentary relief for the viruses would 
return. The gist of all tales was that I would have to live
with the problem.

However, when I decided in frustration to switch to another
type of Verio service, a Verio rep told me to not believe what 
the sysadmins were saying, that the problem is not technical 
but administrative. However, he would not provide detail on 
what the administrative problem is. He promised the new
services he was offering would take care of the virus problem.

So we rented two new Verio machines to replace a single one
hosting our two sites, and split the archive to fit the two
domains. For several weeks we were virus free, and only
recently has a virus occasionally hit. And forgot about it
until the thread here appeared.

Now, we wonder if there is more to the virus filtering issue
than has been disclosed. Fore example, are ISPs covertly
assisting the authorities by not filtering, perhaps under
willing or unwilling non-disclosure agreements.

Some months ago we learned that Verio had been approached
by British intelligence to yank files from our sites and after
discussion with me Verio refused because the files did not
violate Verio's use policy. However, I learned during that
episode that law enforcment agencies often make requests
to the law department of ISPs for cooperation without providing
documentation of justification. A decision is made by the
ISP legal rep on whether to comply, and that usually is based
on the value judgment of the legal rep and familiarity with
the LEA contacts and/or procedures.

We learned from a friendly customer rep who happened to
agree with our publication of forbidden docs, that ISPs' legal 
reps keep in touch with each other on how to respond to 
official requests for assistance, whether to notify the target,
whether to comply quietly and what procedures to set up with 
the technical and customer support staff to deflect complaints
and press inquiries, how to keep a lid on past covert assistance, 
and how to respond to competition which may decide to exploit 
non-cooperation with authorities lacking court orders or other
enforcement.

After hearing this we better understand the possibility that
sysadmins and customer support personnel may have a variety
of reasons for refusing to filter besides indolence and poor
service -- that snooping and snarfing systems may installed, 
that a dragnet operation may be underway which covers the
territory of your machines though not necessarily targeting
you, or you may in fact be a specific target, authorized or
unauthorized.

To be sure, inadequate service may be an attempt to get you
to upgrade your service contract -- as seems likely in our
case with Verio -- or there may be competition within an
ISP, particularly if it is a giant like Verio where departments
are forced to compete with each other -- again as we have
likely experienced with Verio.

We're now on our fourth iteration of Verio services, and would
have moved on had Verio not bucked British intelligence and
a few lesser attackers when other giants had cooperated. 

Still, we remain thoughtful about when Verio will do the dirty 
in the face of fearful terrorism or some other business opportunity
to attack rather than be attacked.





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list