Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Insecure ISP Support Is No Help at All



 By: Jim Rapoza
2005-02-21
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
If a support worker at your ISP tells you to turn off anti-virus programs and firewalls, it's time to find a new ISP.

Hello, this is officer support of the ISP Police Department. You say youre worried that someone might try to steal your car? OK, Im going to try to troubleshoot this problem for you, but I need you to do two things.

First, Im going to need you to bring your car down so we can check it out. But I want you to park your car in a poorly lighted lot in a shady part of town. Trust me, we handle this kind of thing all the time.

Now, this second part is very important: When you get to that dark lot, youll need to leave your car running with the doors open. Yes, thats necessary for us to be able to check for problems. After youve done that, walk over to the police department, which is several blocks away from the lot (did I not mention that earlier?), and well try to help you out in the next few hours.

If a police officer did say this to you, youd be outraged. And theres no way that you would do what he or she had asked. But this is exactly how ISPs treat many small businesses and corporate customers when they have problems.

Resource Library:

A few weeks ago, I wrote a column about security basic training and how vendors and ISPs need to do a much better job of educating users about security, rather than sending messages that the ISPs will take care of all the problems. It turns out that some ISPs are even worse about educating users than I thought. In fact, I found out that some ISPs actively make their customers less secure whenever these customers call for support.

Click here to read the column.

According to reader responses to the aforementioned column and to eWEEK Labs Technical Analyst Andrew Garcia, who worked as an IT consultant before joining the Labs, it is not uncommon for support workers at ISPs to tell users who call in for assistance to turn off anti-virus programs and firewalls before any help can be provided. I guess virus- and worm-ridden computers are much easier to troubleshoot and support.

I know that Linux and Mac OS users are typically left out in the cold when it comes to support from SOHO-oriented ISPs, but I didnt realize that some ISPs had decided to actively harm Windows users.

But maybe anti-virus programs and firewalls are overrated as security tools. In a response to my column, IT consultant Triona Guidry told me that a support person at an ISP informed one of her clients that he didnt need these kinds of tools because the ISP network already had them.

I would really love to see that ISP network—it must be almost magical. Why, this ISP apparently has been able to pull off a level of network-based protection that would make any corporation or government envious.

Most ISPs have license agreements that indemnify them against everything short of burning down their customers houses (and some probably do go that far), but do they really want to actively harm their customers just to make it a little easier to do a remote scan?

To pull an idea from my Feb. 7 column, isnt there a Glum at these ISPs who will stand up and say, "This is a bad lawsuit just waiting to happen, and no matter what our license says, do we really want to go to court and defend telling customers to turn off features that would have protected them?"

Whats most galling is that theres no need to turn off security applications. I realize that support personnel at many ISPs are not the technological gurus that users imagine them to be, but providing good support in situations where firewalls exist requires just a few extra steps. But no one wants to go through them because people are lazy—and laziness is the root of most security problems.

So, many users end up with systems that are worse off than they were before the call for help was made. And many users and companies dont have an Andrew or a Triona around—someone who will tell you that the ISP advice youve just received is dead wrong and that you need to put your coat back on before you and your PC head back out into the stormy night of the Internet.

Heres my advice: If your ISP tells you that you need to be less secure to get support, then a very good way to be more secure is to get a new ISP.

Labs Director Jim Rapoza can be reached at jim_rapoza@ziffdavis.com.

To read more Jim Rapoza, subscribe to eWEEK magazine.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Insecure ISP Support Is No Help at All
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Jim Rapoza
 


x}r۸j9km"u#MɖkŶ,%L*EBERv9'ˮO7t%_q*D th4?{$sG3L{B.cnQ?sOuޙ'76{R(-GFgP+N-w5 E]0eNFNv@\}@^sF7D%x_'Щ=ѩ&€wɔiPoل͙ؗ6}^~b .hѱ ⌳Il/G tyG`aFNo Vs7-R#X@vIna>E4f™EQ udnxЖ-AA9E,[3SAVU̠`W:k1㝩S9m<]st/۽>9]vCGV=Bg#j`Bmiue_Zrn`KK']įfb M u4}GuISw2x!޺z|=!9Io'ogs`lDmYܹ̑\RyǛȃkReQ oȱn>@|Ӡd[q* ߰n^S;G7oRy۬) rƒ 4K_s;nZK0[#RFp\ Дa#Xذ 1"%̛^ҁ:)`I˪ TY&嗋mQa>].Q#w=^f/\RD3Al8{ØWҽT6wsY [|28߆]7Du.*s5-wfxˢaZ*;{<;mҿ]{v`Ub}PhvZM]qsuTStTzl:>JjjG%xPW G@8ʍ??5m!S[ö@ .Sks+ky0`贁;mF_{g0HP? M/6G˥yf>5 @ L^a +Gݺ~LnXŞ+ Qm:Fm|&6ld$4(sw[LLσ I#ˋ0P 2/?6axsܧP}MrA}2g`sDokwii#1)\jJodN˵K ] cRR,H hI#r Bг1,`@o!``P􎄰r)ilry sg rSvn<K){TKh!+K@fsfh(4{~u}bB+|#'bXr`Y \h+|h)lc lԨ[6؛RHU|:IoBg<6u0 Һ:M -X& # K8Y fzn4 I߱(Y`6Ê0ӊYsξS s>xFXvG7Mm ݜ6,>%&B~`Z&4$ 7u準Ira*j +)dz~#JC͸^`é3h{q#%IAg=U檳@tlX+nMo?HՍ݋pz1(+úZJx Hod m_eƠemLGy+-m" IPצ(XkezdxE6*&C 7u=k}0)\TBZȔe0jAsXjgܲ&P gC~0-j(6 SXSq:hzE>\ijێygrG SǏiЦ0T]2agRJMIas(zq |X0b=9[8[%f//+ igu]ؓ.[\|zN 0|p4'Z>plZ`/R7&¿4wڳJ)ՇI ,ǒR.%&"I D ȸla,ri L*gXsM>QȚ a(JuѧɅi s M~N hPU*1 "I;4/V G.{sz]1UF=3 $h@j4e2fL4_0-x8JD9xT,* OkMf٧O副1ۉoi0@q_8R"X @ 4~x| " L-9IZ1-[*::$f߂ä,Cd>OM{c>4YU a2~2Ejw8x_ℯ-8ݩ ?ӇhO?CzCpm0SMwK\i >#]\V`QaSƖ=4FXXoH]M;H̎Ǐz\NR_!<,`(\rRj͔ Q=87~e7ufv9Aخ crAm>qW;'PV:LΣu O#%c:Yd:@ݐkUQlk:,n`w]0>AG50qHG&{3E6856o:+@%5-r ?֊kt)D n713Z`fzž.n(jVT+km7xEW‡v1ር546M|8ړ"ZJ qvsTy9kY%f+aEL4=:YCP$*Z+>J _BQ`о(&w,dU]uv'HGϢ.sn{pvH*ۧ>]E!1`Q#r޽H^+΃ Gw"y!KrBë<'uxq)qڎ7M,#LkCuWndL-һnw9`R4c5ɅH' fmDu8eVyy~¯n-,d20)&Wktvă}BHHR ~tDۿ:o}du^k 2 m D785C He*4Д+e3ѓ:)K+y5EY-.l*$'?v 81 IN4?77} Rgǣ&RNe<zY{HZ?cĺ SvtD_}h4_PϟMc,PJBCW_nr$ n~A_I5R9$O_gsID(OS'P9|#Cq$eq%X,u51tS8qTik-DEtete s/ b# &.0{.3mpeYbsPXGvGo,3J${NT=Ȣ9 $︵$v+KxT9Ci%WCޮ8W q=VnIk%`2R*HU\~TinWRn69Ȍc+N [d$#mqz%*?㱁ɌPL ?lt}Y6t޵'qbym%J^-Dl9Ҭ|^x!Yrޠwx_?(ȮZlY> :FoP bX/'`)V%^s'o,jt^qQ mB̊+{Nt?H)NnJ:`MBwa'.%+:5 LUե\(w%%j!S|>Vw8쯋oR TKjua`G@ufۗԂRʥRX`(qU3·[ z͇juIQv`3{‰V`6q1!',,gR-2 )"-o-:Dx[$[VUiҳzgǖޡ茙>l6KĻ_fPglk5+T%Uٖ 7\F=mPkɇ,K:'` pCB8$I^qs껫B}[<;tXNOxN>1\4K  mqnq .wdE٧x8U2cXw>xb[ϴ'L"19J5%:!]ޒ/<Xd!NbLR z4Rč,Scܮ*pb>oZV5V0+_Sv,qJ)JNl}[|R@$} J@=;fP2N<Und)(̛ykKP_p}t9w@3_vFs?0Hxވ-u_'x|1ē^]=js[{f1]J{wpGtF޻(?F̚r,cڒJO#0-"^! sǜ b6~!j(53gpv"C8\ |{0ե"X^g00ˈ2I8.I` sT1C}k;5& $A]ܭlLJ\KE-H,Pw hZ p51B:cϤ,|1nv7 <۫ pP+Y#PѯnoY $sV;+Ѽ/o{㛛U2p tᕡvGe쌡SٿggQ?(es^eYo|֊[N[iΞCI.Bx ך񕆤Έ=q#[-BR^)CXC"^tIw'y}DdCZ',7h6w`aV3X/0q_n]WɘLǔu{-'s:^я{.0G&_"<7ϥ=+a=&u _nQO6u=!ꕂvךSN|l:/JmoWϥB7oqH e_M BaD0‡쪖dXT/cb*1ʱ, <~܋["RPy!Fv%ԏ{Kb+hJ7{$qhkkj5F5AV^ C>cZrD,?tUHE/]^|}~8. dP]m /-IyoY+6qNfAfQȢi7n\1)b|%Jӊ,w9]dDo-?5j֘1h*B UٜAK5n*Z!ѤFZj>Aolj3#lzZC JOk&}av̈́|W@O[jkhDPU*unȇP}s-* ;, =쮥8 1w[+x6_j~R.gI*]Z 0>p5.˿VVH-JR;rC=iәH[5A\N{=yJMwݹ>#Ծ3=ǎ>??Rm{ι\`{a|oeZ`3+n{lˊRMȶ8.AJLa rٚmj6A@C"T75濾#y+W7Qi߈fzd+nO5 U j>*1Xwt1І0#ZIHx J7:]~_%ʄ 'oLW<0՘0t+PʲjNT]֏pYJl~'dM,;|U:o|%wqOܶh쇈1} NM .MFJ@Q˯Ig/4}}A6ڄyi$Yc r'\Ixc#rk3d|*+_!߰VIm{7R[ $y֑?ZED% IsC~hue :} d9™6 b-uL ڂ. >ޓ1c}& 6$EuE)d; wCGy~]:?qa)?Eo9fH s wחBPHe Ft83* F2*mG&~I79t 45`BXRA~9IE"RF$1bNx ֭9Ӗ8.X_j :r@>WLQZj*!b3w  9;聁8ʿI6K,0ET&}nA=`Aa~N­!Rjs# h_fF Lma`t.tܣq?]_Aff)'p͒w\j:rtԨ b8+M4?3,ȏKlݜ(8Z1I(tCK/Hzszqc„dtnz~X׻SSe/(  @Ka1c~PBMФPs]+J9qn<>ŻAgu|^*_ɸӄ^I+\QY / Ij WuGSIS`ٷCsGrڻ&-rzuj]yPa[k|Sw{'urk|j%<6ideAN/[f)LԹ6W#\gqxixɎ>+ah,.6q̀;8Rv}YQJ/Na01ycj;M֖C||ƋxYn12ZTmx9j0FIg p!>Ew;'һ䚡IJ/΁3Aߡk(\~NmeQ>\;'P~sAo.?gvmgCCL2~Q?n.?ak^dȂȠ">Eyy(_~gP~Q(GF_d^f%e\]f_O/C@2U\W_\gOg7 \}}Y߇ >>doʁo2ڿh&s$eCPʐ.Np3˹q+/ޯ;s}:^vC{>k'K[ }ςoDV)pF F,R+|c ,~r)Wa45D -B9fhNh{@$~ܛ8,@ꖉ$ s#RRՒRJZVrG?'Hd6=8 "2x5JA.$`rXRKUrF(RB4|O۴W)]74Csc<{+4аY-}?"z5~L@NL6" /cB6of)3^8ռD<gM~ o2P e +7 J,5{SЫD@.^sLO]|LAÆ^Vٍv"n<4Nwz:e9@z4ǝaƹrV2@z4}z<8>6%'x-7:\A>|#Z;dp!gB-Kt!^PaD˦U՞/kn:aKƈ DUKIn_!]x'G5ĺ"9<;$} F(s1>r> (luy532Q5s()/&-רv`"pśI փMΊ Zq匾xL´kTgm&Ĵ`5㣭A{-ЧFFo"9ţ:aѡ(Yc{XnD82sx 2&6u;9 {P3xX: 5 g[=ǙPZ뺺whކ_ &0Th;c{+2‡_i u EݩcE^cͅx{p1a`a?>N@33c~]S4FmY{N6 )4˧M뚈βRszn%()%y+L9(م70UZVAO=SY,> N_dvO~%Bpy2Gd!᳤c*3S3m-)e'r}7{,ݤd/+2b%vm=HYUҎ?Bg H, 7A)|@,[kl`B`tլ`*sˠvSl]@_v܅iUhHl;:ֵh2֭kc'p7_Sbz:SAW(|x@NlM{g;5&Tc :۳|? Oe Lt4/o90kn>7Q$Ly Li!zQ;ˬ`+L~0qGĶ2C|R2k̜UpvRv ?93rxgse@EqD'Pvymm<^|:y-EOfuݍ2ZWlk]#+b 1Cb]R>Ŕ+ ]'[ۧ3й?-{/e;>_X (K#Ln}9NRnãÍXǸ׬[ [+ qy6` <Щ0D\bXe܌1MF.D]khT[%**S6 /ߵS3pݼg®"vyXA\X3' ȱ ya1 g{y{~kC'> k?;ajn,eH&}kqd.DI qk,Ma4,Lb5"[]QI(`vX33}"@a)5ZBLN Po3pRaL y/b[иgvC%z1w~X0~v19&Y>˲Ƙb~r1LX+0_mkASsLeU|t#GYEL`&;]+N%t&ж?8 acT 1L(x,RY7Wv!{ZyƋ|E>WNENE<<Sf}#)VSL_Xџ_,P>I*g\ƕySq||<\7,w9N[<|XYx(~']f(FRqO\|=)>c34N޽lKaE eiAђuzNH]dEg0]\}!l4O⍿c01-Ͽi4VA$摝7yE1um*^(Պ[]jv[W셳Qbm٦di29Z{) q%֫46!v07Nw6̈́ В^&ŮvbesY5N*