Should ISPs take responsibility for exploits?
The debate lingers on the role internet service providers play in protecting users from malware, a security expert said Thursday at SC World Congress in New York.
The session examined many of the latest issues facing both users and the carriers.
"Is the ISP a pipe or conduit or should it be responsible for fixing problems?" asked Craig Spiezle, executive director of Online Trust Alliance, a nonprofit that seeks to enhance the security of e-commerce and online services.
While he admitted he did not have an answer, Spiezle said much progress is being made on self-regulation.
"Roles are quickly evolving," he said.
He pointed to a few aspects that he believes need further development, particularly email authentication, extended-validaton SSL certificates, password management and privacy policies. Further, he said that for consumer protection, there needs to be more effective bot and malware protection.
"It is very easy to spoof 'mail from' addresses," Spiezle (left) said.
And these messages could contain malicious links, he added. However, on the positive side, most ISPs are detecting and blocking spam.
Spiezle pointed to an Australian plan allowing ISPs to alert customers if their computers are taken over by hackers. They then could limit online access. This, he said, is a plan that Howard Schmidt, the White House cybersecurity coordinator, has favored.
He also spoke admirably of his personal ISP provider for sending warnings when his son's computer was infected, which provided instructions for remediation. Web providers such as Comcast and Cox Communications have rolled out similar programs.
Other ISPs believe it is not their job to fix machines, he said.
"They say, 'I'm not the plumber, I'm not the electrician," he said.
It is everyone's job to stay alert, said Spiezle, who spent 17 years with Microsoft. To assist, he pointed out that a number of government agencies, including the Federal Trade Commission, White House and Commerce Department, are all inviting input on the topic.
Consumers, too, must be diligent in making sure their home PCs remain clean.
One way to guide home users would be to give ISPs letter-grade ratings so they can get an idea of a provider's value.
"Consumers need to have confidence and trust," he said.
One way to help in that area would be making privacy policies easier to understand.