Anti-Botnet Efforts Still Nascent, But Groups Hopeful
Seven months after a government-industry coalition announced recommendations for ISPs to fight botnets, success is still a long way off
Robert Lemos- Contributing Writer
Dark Reading, Dark Reading
November 30, 2012
Seven months after a coalition of government and industry organizations announced a set of voluntary guidelines to help Internet service providers clean their broadband networks of malware, the effort has yet to produce measurable results.
Known as the U.S. Anti-Bot Code of Conduct for Internet Service Providers, or "ABCs for ISPs," the voluntary guidelines call for service providers to educate consumers, detect botnet activity on their networks, notify users of infected systems, help remediate threats, and collaborate with other businesses. Five major ISPs publicly agreed to the Anti-Botnet Code when it was launched by the U.S. Federal Communications Commission (FCC) in March, but gaining new adherents and measuring the success of the efforts have been hard, says Michael O'Reirdan, co-chairman of the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), an industry group focused on finding solutions to online threats.
"We've had to have a little prod to get going," he says. "It is not trivial to do this if you are a large ISP."
While AT&T, CenturyLink, Comcast, Cox Communications, and Time Warner Cable all signed onto the code, other Internet service providers are wary of the cost of finding problems with customers' computers and notifying them of the issues. Yet the idea that call centers will be inundated with profit-sapping support calls once customers are notified of infections is wrong, says O'Reirdan.
"The call-back rates of companies that have committed to the Anti-Botnet Code are trivial -- they really are," he says. Moreover, with their financial accounts and other important information online, customers will gravitate toward ISPs that show a dedication to security, argues O'Reirdan, who served as the chairman of the FCC's Communications Security, Reliability and Interoperability Council's (CSRIC) Working Group 7, which developed the code with the industry.
Different countries have tackled anti-botnet coalitions and regulations differently. Japan's Cyber Clean Center, for example, is a collaboration with the government and alerts about 1,400 users a month, of which 550 users are new users and about one-third download cleaning tools, according to January 2011 data from the CCC. In Germany, the government funded the Anti-Botnet Advisory Center, helping ISPs defray the cost of detection and mitigation.
The U.S. Anti-Botnet Code is based on Australia's voluntary i-Code and stresses cooperation between groups to solve the problem of botnets.
"The collaborations go across industry and government because everyone needs to work together to solve the problem," says Kevin McNamee, security architect for Kindsight, a network security firm.
[A project to count bots will provide much more comprehensive, if not complete, tally of infected systems. See Bots: Stand Up And Be Counted.]
So far there is no evidence that the effort is producing meaningful results. In the third quarter of 2012, for example, 6.5 percent of North American households had malicious software on at least one computer, according to data from the Kindsight's latest report. The rate is a slight increase from the 6 percent of households that showed signs of malware infections in the first quarter of the year.
It is likely too early to see any measurable effect, McNamee says. In addition, measuring the prevalence of bots and the impact that the Anti-Botnet Code is having on the relative safety of end users is difficult. Internet providers focus on basic measurements, such as their total customer population, the number of infections, and the number of customers notified.
"Metrics are proving to be quite a problem," says M3AAWG's O'Reirdan. "You have this apple-to-lemons-to-oranges problems. It is very hard to compare like to like."
In many ways, ISPs are back where they were when tackling spam a decade ago. Yet consumers will start to expect similar results: Their broadband providers should create a safe network on which to communicate, he says.
"In a couple of years, an ISP who does not have an anti-bot platform will look as sad as an ISP that does not have an anti-spam platform today," O'Reirdan says.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.