Ewen McNeill wrote:
On a related tack, I am seriously considering writing to the appropriate government ministers and suggesting that, as part of their proposed anti-spam legislation, a legal duty be placed on people not to connect/allow to remain connected an insecure/0wned/infected system under their control. With the first breach resulting in mandatory disconnection of the system from the network, not to be reconnected until person had completed a course on "network security" and had their machine certified "cleaned up" by someone appropriate. Subsequent breaches resulting in that and fines and/or longer periods of mandatory disconnection.
IMHO such insecure/0wned/infected systems are a nuisance (in the legal sense of the word) and thus the owners of them should be responsible for the damage they cause.
Ah yes, like my old idea of the Internet User's License, with enforced education and third party insurance? The problem is, there are and will be certain situations where even clued up users cannot patch machines quickly enough, or vendors are tardy bringing patches out. Given the sizes of the current zombie armies however, I'm sure a revenue hungry government would listen to you. "Better than speed cameras!" they'll go. -- Juha