Today I’ve read article by Bruce Schneier about conception of Internet Quarantines. Scott Charney from Microsoft gave an idea that computers in Internet should be quarantined if they’re infected by malicious software. This method is used by many companies when you want to connect via VPN to their networks. Bruce gave it deep and worth reading analysis so I wouldn’t rewrite what was written already.
From my point of view the idea would be especially bad for one group of people, helpdesk personnel at ISP. As I was helpdesk for ADSL service at the biggest telecom in Poland, I know what I’m talking about. Imagine situation that average Internet user (no tech savvy) would be quarantined because his computer is infected. What he will do? Of course he’ll call support. And he wouldn’t spent a minute trying to solve problem by himself or read single link which will be provided by ISP in FAQ (if he would even bother navigating to support page of his ISP, especially that he would need to do that from work or neighbor’s computer, obviously). He wouldn’t not consider buying anti-virus program. He would **demand **(let’s emphasize the demand) that his Internet connection start working right now. He doesn’t want to hear about security policies, reason why he is disconnected, how dangerous it is for him and others. No, he would shout his sorry ass off, he would escalate it to whoever he could, because he is paying his hard earned money for the service and he wants to receive it. I believe this is the main reason ISPs don’t want to implement quarantine policy. It would be just too costly. Mr. Schneier, who is the authority to me, written that this conversation-between the rights of the individual and the rights of society-is a valid one to have, and this solution is a good possibility to consider. But for ISP costs would always be most important (and quarantine would be very pricey to handle from helpdesk point of view), customer satisfaction would be important (as when people would be pissed off by the quarantine they would take their business elsewhere, and trust me they would be pissed). That’s why I’m not worrying about Internet quarantine, because it would not be anywhere around anytime soon, if ever.