I really think we need to have two classes of internet service. One for technically savvy users, and one for my grandfather, and the millions of users like him. Most ISPs already offer this differentiation of service as a "personal" account vs. a "business" account. There is a cost difference between them, as there should be. The "personal" internet accounts should have somewhat severe limits put onto them, such that they can not run servers, etc. The business class accounts should not have the limits, or if they have the limits by default, the ISP should allow the user to fill out a form or check a box at signup which removes those limits. The AUP for many ISPs (cable for example) states that a residential user is not allowed to run a server -- so the legal issues of this are in place already. While many users have the need to run their own servers, from what I hear, the vast majority of CR and Nimda hosts are people who don't know they are running a service -- such limitation would be a boon to those people. Some ISPs actually have an option where they will install (and manage?) some level of firewall service for their users. This is the way it should be done. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 16:37:31 PDT