[anti-abuse-wg] New Abuse Information on RIPE NCC Website

Luis Muñoz wrote:
>
> On Jun 27, 2013, at 10:50 AM, Frank Gadegast wrote:
>
>> I personally would start at the other end and force Microsoft
>> legally to only have PCs connected to the Internet that
>> have an AntiVirus solution installed and running ...
>
> Not all computers run Microsoft software.

Oh, sorry, I dint know that ...

> Furthermore not all computers run *recent* Microsoft software. There's still a very fair share of, for instance, Windows XP machines

With an update mechanism in place on most of them ...

> out there. Compromise 50% of them and you'll get yourself a very nice botnet to play with.
>
> The fact that a machine ships with an anti-virus dos not imply that said AV will remain running,

Sure, that why I sayd, that Microsoft should only allow an internet 
connection WHEN its running.

> maintain effectiveness over time, etc.
>
>>From past experience, a significant proportion of infected machines in an access ISP network did have an anti-virus installed by the time we had to pull the plug on the customer because they were spewing.
>
> Being proactive in this front will only get you that far.

Sure, but its a good start.
Old OSes will die one day, and all others should only be allowed to 
connect when there is something protecting it.
 From today on.

This would then kill most of the bots ...
What I sayd: a good start.
And forcing ISPs step-by-step to stop their intruded servers is
another good start (and thats what we are starting here, I always
thought).


Kind regards, Frank

> You still need to have a reactive mechanism to respond and mitigate.
>
> Best regards
>
> -lem
>
>
>