Internet service providers (ISPs) representing some 80 per cent of the Australian market have signed on to the Internet Industry Association's (IIA) iCode, set to officially launch this week, according to the industry body’s chief executive, Peter Coroneos.
As of late last week, 20 ISPs had exchanged compliance declarations with the code, which is designed to bring ISPs and consumers together to help mitigate the risks of zombie PCs and botnets, and set to officially come into effect 1 December.
“It is our objective to reach then exceed the 90 per cent market coverage that already exists with ACMA’s AISI code and we will reach that pretty quickly,” he said.
Coroneos said ISP’s self interest in gaining more secure networks, plus the addition of a licensed ‘trust mark’ for ISPs complying with the code would help drive adoption.
He also expected public support from Federal Attorney-General, Robert McClelland, and communications minister, Stephen Conroy, which would drive consumer awareness of the initiative.
According to Cornoeos, the Federal Government was taking the IIAA’s iCode model to Paris to showcase it at an Organisation for Economic Co-operation and Development (OECD) meeting this week.
As reported by Computerworld Australia the OECD this month noted in a study that ISPs were important control points in the ongoing effort to control spam and botnets.
The report — based on a global dataset comprised of 109 billion spam messages from 170 million unique IP addresses delivered to a spam trap during 2005-2009 — found that of the tens of thousands of ISPs that provide internet access, the 200 ISPs that collectively hold nearly 90 per cent of the total market share in the wider OECD area account for more than 60 per cent of all infected machines worldwide.
The US and Asia-Pacific Economic Cooperation (APEC) forum had also shown interest in the code.
“What’s pleasing about this apart from the external validation… is really the opportunity to stat implementing consistent measures globally and that would be a critical development as this is a global problem,” he said. “There is the prospect that we could make real inroads against the zombie botnet problem.”
With the future of the NBN looking more secure following the passing of the Telstra separation bill last week, Coroneos said the prospect of even faster broadband speeds only served to ratchet up the need for anti-botnet measures.
“Users are going on to increasingly faster plans and of course the higher capacity of service they are on, then the greater the potential for damage to the network they are on,” he said. “It is very timely in the move to an NBN that we have a solid industry response.”
’Walled gardens’ to remain
The chief executive said one of the most contentious aspects of the June draft code — the walling off of ISP customers with zombie PCs — would remain in the official code, but said ISPs had a “fair bit of latitude” as to whether or not to apply the measure to customers.
At the most rudimentary level, alternative measures would involve a letter to infected customers advising them of the problem, urging them to fix it or contact to contact their ISP’s helpdesk.
ISPs would also have the option to throttle the customers’ connection in an effort to minimise any damage to its network.
Failing this, ISPs also have the option of locking users’ computers down into “walled gardens” and providing them with remote diagnostic tools and information to get them out of quarantine.
“One part, which we think is a world first, is that we are directing them to phone-based services, which can also be called into their home, if they lack the technical aptitude to both diagnose and remediate the problem, will come and identify the problem, hopefully get it fixed, and subject to users’ consent provide remote monitoring service,” he said.
The service would be run by IIA members and PC repair companies Gizmo, QK, and Tech2home, Coroneos said.
According to Cornoeos, some 10,000 newly active zombie PCs came into existence each day in Australia. In the US, this figure was up to two million.