The head of the Federal Communications Commission (FCC) wants the ISP broadband providers to help battle botnets by being more active in helping their subscribers eradicate malware infections on their PCs. But AT&T's chief security officer said AT&T is reluctant to go beyond its current anti-malware efforts.
FCC Chairman Julius Genachowski recently gave a speech calling on the ISPs to take part in a volunteer effort to aggressively eradicate malware-infected computers that often become part of massive remote-controlled botnets used for data stealing, denial-of-service attacks and spam generation. "The user's PC can become infected," Genachowski said last month as he suggested ISPs should voluntarily "detect infections on computers and offer remediation and support." When tens of thousands of infected PCs are roped into a botnet, it can become a dangerous cyber-weapon.
But Ed Amoroso, AT&T's senior vice president and chief security officer, says it doesn't appear feasible right now to expand beyond what AT&T currently does to inform customers that their machines may be malware-infected.
"We'll see if you're infected if your machine is a live connection," said Amoroso, explaining that what AT&T and other ISPs frequently do now is email the customer with a notification that their machine appears to be infected. But going further to offer advice about cleaning up the machine, or even somehow cleaning the desktop, are not steps that AT&T regards as something it wants to get involved in.
"The detection mechanisms are imperfect," said Amoroso, noting it's unclear how AT&T would recommend detailed malware eradication instructions to every individual whose PC became infected with any of the vast array of malware types out there. In some instances, "You might actually have to re-image the machine," he pointed out.
Amoroso said Genachowski's speech indicated that the FCC would like to see ISPs acting more along the lines of Australian ISPs that have been known to block access to customer machines that are botnet-controlled, making informational resources available on cleaning infected machines.
AT&T understands the impetus for Genachowski's remarks and wants to work to optimize the malware-detection process, but intervening directly into the user's PC difficulties isn't something AT&T thinks is practical for it to do as things stand today, Amoroso said.
Amoroso added that AT&T already takes some measures, including putting known malware sites on a blacklist, and for business customers being targeted by botnets, AT&T does offer protection. "What no one's good at is dealing with the moss on the PC," he concluded.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.
Read more about wide area network in Network World's Wide Area Network section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.