Apparently about eighty percent of spam is being generated by zombie machines (i.e., home computers that have been taken over by trojans, and are sending out massive emails without the owner even being aware).

Folks, if you don't have at least a software firewall, like Zone Alarm (there is a free version), you are part of the problem. As cheap as hardware firewalls are these days, there is no excuse to have an unsecured machine with a permanent internet connection.

For real. I have logging turned on my router and I go in there and see IP address after IP address from infected home computers trying to ping out to find IIS servers. That means people are infected with old viruses like NIMDA that still to this day haven't bothered to even attempt to detect or clean their computer out. In a way I think it would benefit the rest of use if internet service providers , required that people run virus scans on their computer or have their service disconnected.

Hear Hear! Get security and get it now. Someone, I suspect a relative, does not do this and so both viri and spam are going out with one of my addys. We are not amused...

It is very easy for service providers to fingerprint these beasties. I was adminning when CodeRed hit, and there was some talk of generating automated WinPopup messages informing the user of infection...

However, there were all sorts of privacy considerations, and some opined that such actions would themselves constitute a hack, so it was never widely implemented outside of corporate LANs.

Perhaps ISPs could introduce such a system and include consent in their ToS, but this would come at a price (for hardware, maintenance, etc.) and raise the price of connectivity for all, including those like yours truly who have a locked-down BSD box in front of the rest of their LAN.

We would then get into two-tiered connectivity agreements - one "managed" tier for non-technical users, and one "unmanaged" tier, featuring either lower prices or better service (e.g. higher bandwidth) but including liability for zombied machines or whatever.

I can dream, can't I?

I run Linux, for several reasons, not the least of which is that i can't manage to install Windows without acquiring a virus before the installation and subsequent updates are completed.

Here's the drill I follow:

1. Unplug the cable to my network card
2. Install Windows XP
3. Install Norton firewall and antivirus product
4. Configure Windows network settings
5. Plug cable into network card
6. Reboot
7. Immediately update Norton
8. Run Windows Update

Now, typically, either in step 7 or step 8 my machine will acquire a virus that prohibits completing the Windows updating (endless reboots of a locked up machine seem to be favorites).

In other words, in a very short windows of opportunity, my machine is infected.

One thing to note is that the first and mandatory update for a lot of XP users -- Service Pack 1 -- bears a notice to turn off any antivirus software, lest its installation be affected. Why can't Microsoft fix that?

Regarding ISP's: Sending email to customers whose machines appear to be virus spreaders doesn't seem terribly invasive. In addition, ISP's might track each user's rate of email generation and simply alert them to the possobility of a virus or wom when their account shows a sudden and sustained increase in email output. (Rather like banks calling credit card customers when they notce unusual account activity.)

I don't know from Norton, but I would think that Zone Alarm should keep you clean if you install it before hooking up to the network. Are you using a hardware firewall? If not, try that, too. I have a Linux box that does nothing except firewall and route.

I used a Linux box as a firewall for a Windows machine, until I cannibalized its drive for a new LInux box that needed two drives.

The problem is that you're vulnerable to attacks created after your firewall product was released. So, you can be infected with something while you're actually in the process of downloading updates to thwart it. Last time I ran Windows for any length of time I saw attempted attacks on the order of every ten minutes or so. That fits easily within the amount of time it takes to pull down and install large updates, like SP1.

I used a Linux box as a firewall for a Windows machine, until I cannibalized its drive for a new LInux box that needed two drives.

OK, so you took down your firewall, and you're complaining about attacks?

The problem is that you're vulnerable to attacks created after your firewall product was released.

I'm not aware of any attacks that can be performed through a properly configured Zone Alarm, of any vintage. I've never had a successful attack on my Windows 2000 machines with Zone Alarm installed and enabled.

I have to assume that even a fresh Zone Alarm install can't block viruses until it has been updated with code written to block those specific attacks.

I took down my Linux hardware firewall when I moved exclusively to Linux. Since then, I've made a couple of attempts to install Windows on another machine, and each attempt has been thwarted by attacks that happended while I was updating either the firewall or Windows itself. Remember, I keep the machine off the network until the firewall and antivirus software are installed. Typically, the attacks occur 15 or so minutes after I bring it up on the net, when I'm attempting to install XP's Service Pack One. Windows Update forces you to install this first, and Microsoft specifically states that firewalling and antiviral software should be disabled during the install. I've been hit twice by attacks during that SP1 update that took over the machine.

I have to assume that even a fresh Zone Alarm install can't block viruses until it has been updated with code written to block those specific attacks.

Sigh...

No, you don't have to assume that. The most reasonable thing to assume is that attacks will not occur through a properly configured firewall (including a software firewall like Zone Alarm, but a dedicated hardware firewall is better). That's what firewalls are for.

Billg;

This is strictly a personal opinion, but it is based on experience with Norton products since before the Symantec acquisition...

Your problem is Norton.

Use McAfee.

M