We have been doing that. During quiet times our Customer Service Reps (CSR) are calling infected users telling them
a) Their computer has been compromised. In its current state it can potentially be taken over by others or other users can look at the contents of their private files etc.
b) It is currently interfering with other users connections. Particularly our DSL users can blast out at a fast enough rate to hamper dialup users.
If the user is not home (often broadband users leave their computers on) the CSRs leave a message stating the customer can call in any time they like and they will be reactivated. Once doing so, they need to clean their machine ASAP-- there are several FREE point and click tools now.
The majority comply and are understanding. I think the key is to emphasize that its in their best interest and that we did it for THEIR protection (i.e. someone can potentially take over your machine,look at your private files, delete things etc etc). Also emphasize that they need to be a responsible Internet participant -- e.g. how would they like it if another user was hampering their connection because that other user had a virus and we didnt get them to clean it up. Give your CSRs a script or talking points to follow and it should be smooth for the most part.
---Mike
There will always be troublesome customers, but the VAST majority have been compliant. If they dont want to comply to something as reasonable as this, they will go to my competitors who will then have to deal with the flood of abuse hate mail (I am calling the FBI if you dont fix this), retaliatory attacks, black listings etc etc... i.e. they will become a headache for my competitors.
Other sites who are large and dont necessarily have the resources to immediately find and kill the offending host (with sobig.f the headers will often show the NETBIOS name of the sending machine so its not THAT hard to find), we will add local rules to contain them for now until they have their IT consultants clean it up.
But like I said before, give your CSRs a script. Explain to the customer how this is in their best interest... Most people are reasonable. We have all talked to people who say things like, "I have had 10 different ISPs and none have made me do something like this! I demand.......".... remember to ask yourself, why have they gone through 10 different ISPs .....
---Mike
It should be pointed put that the ISPs have their share of blame for the
quick-spreading worms, beause they neglected very simple precautions --
such as giving cutomers pre-configured routers or DSL/cable modems with
firewalls disabled by default (instead of the standard "end-user, let only
outgoing connections thru" configuration), and providing insufficient
information to end-users on configuring these firewalls.
--vadim
Vadim Antonov wrote:
It should be pointed put that the ISPs have their share of blame for the
quick-spreading worms, beause they neglected very simple precautions --
such as giving cutomers pre-configured routers or DSL/cable modems with
firewalls disabled by default (instead of the standard "end-user, let only
outgoing connections thru" configuration), and providing insufficient
information to end-users on configuring these firewalls.
And you�re willing to pay all the helpdesk persons helping these people to adjust their
configurations to accommodate for KaZaa, BitTorrent, Quake3, Counter Strike, etc?
It would be much easier and more centralized if the networking interfaces in operating systems
would not expose services by default. But were already went there.
Pete
Yes, fingerpointing fixes everything. I remember a quote my music
teacher used to tell the class, "for every one finger you point at
someone else, four fingers are pointing back at you".
Level(3) is generally very good. Great engineering team and very reliable.
I'm not sure if their pricing will maintain their business model in the
long run, but I certainly hope so.
- Daniel Golding
Agreed. I know nothing about the pricing but last time I had a problem
with BGP, it only took a few minutes to get someone with enable and
clue, calling their general support number posted on their website. The
problem was on their end and it was fixed while I was on the phone.
Arguably one of the fastest response times I've ever had with a vendor.
-Paul