While we were fighting blaster/nachi and others, we relied heavily on IDS's
alerts for the worms, then we disabled their network access and called
viruses are not an ISP's problem, but a worm is something that affects the
infrastructure, and is therefore a network operators business.
Privacy is not an issue in this case as there is a policy being monitored
by a policy
monitoring tool, and enforced on a per-violation basis. It wasn't a fishing
that could assess the users configuration or usage, it was monitoring our
There is no generalized way, without management access to the customers
(via SMS or citrix or something), to check that the machine is in
compliance with a
network policy. An IDS can tell you if it violates policy, and you can act
security procedures dictate.
So from an ISPs point of view, is there a way for the ISP to
tell the customer if the particular computer is fixed without
intruding on the privacy of the customer? With home networks,
may be multiple computers behind a NAT/router/firewall. So a
network scan doesn't always work.