badware

badware

Supporting a voluntary code for ISPs

Earlier this week, we submitted comments in response to a request for information from the U.S. Departments of Commerce and Homeland Security. The topic was development of a voluntary code of conduct for industry, particularly ISPs, to help address botnets. The RFI follows similar national efforts in Australia, Germany, and Japan.

StopBadware, of course, already helps to reduce the threat of botnets by helping to prevent and clean up websites that deliver malware to end users. That said, there's much still to be done, and we support the approach broadly proposed by the government's RFI. Here's a brief summary of our comments:

  • Prevention of malware infection is multi-faceted, including everything from cleaning up badware websites to educating end users. We detail several of these facets, highlighting examples of effective tools and approaches within each.
  • When discussing industry-driven initiatives, it is critical to look to users' needs. We use our experience working with owners of compromised websites to suggest how industry can effectively meet the needs of users whose devices have been infected.
  • A voluntary code of conduct for ISPs is a good step, but there are several opportunities where pooled resources could do more than each industry player working independently. We suggest three such cases and argue that independent non-profit organizations are better suited than for-profit companies or government to offer such resources.

Here's the full set of comments. Please let us know if you have any additional thoughts on this topic!

Tags: 
badware, isp, malware, policy

20 providers. 10 countries. 5 continents. 1 goal.

Posted on November 3, 2011 - 13:43 by ccondon

Two months after its launch in August, our We Stop Badware™ Web Host program has garnered 20 hosting providers from around the world who have pledged to protect their networks and their customers by responding decisively to badware reports. We’re impressed and encouraged by the diversity of the providers who have voluntarily pledged to implement policies and procedures consistent with our best practices. We Stop Badware™ now boasts participating providers from 10 countries on 5 continents, and participants include everyone from small providers who pride themselves on uncompromising security to several of the largest web hosting companies in the world. We at StopBadware know what a crucial role web hosting providers play in both badware prevention and remediation; in fact, we’ve submitted badware reports to several of these companies ourselves, so in some cases we can vouch firsthand for their responsiveness. We commend these providers for their commitment to security and collaboration.

We Stop Badware™ Web Host participants:

13StudioHost

Portugal

Blacknight

Ireland

Coolhandle Hosting

United States

Daycohost

Venezuela

DiscountASP.Net

United States

Host TugaTech

Portugal

InlandHost.NET

India

InNucleo, Alojamento Web

Portugal

Serverminds

Netherlands

SoftLayer*

United States

SpeedPartner GmbH

Germany

tetoOnline

Portugal

Texo Web Hosting

South Africa

TVCNet

United States

VEXXHOST

Canada

WebTuga Hosting

Portugal

WinHost

United States

WiredTree**

United States

World4You.com

Austria

ZoneGS

Portugal

 

*StopBadware Sponsoring Partner

**Previously recognized for exemplary responses to badware reports

A few points we’ll reinforce, at (acceptable) risk of sounding like a broken record: 

Websites are prime attack vectors. Hosting providers who address malware on websites within their zones of control protect countless users and additional website owners from infection. Self-evident? Perhaps. Still, we’ve been aware from the beginning that web hosting providers operate within an extraordinarily competitive market and are often subject to diverse legal constraints. We also recognize that hosting providers are frequently the first to feel the ire of site owners whose domains have been infected, blacklisted, or taken down. In a competitive market, taking responsible action shouldn’t ever mean losing business. For this reason, we publicly acknowledge and commend web hosting providers who commit to doing their part to stop badware, and we work hard to educate site owners about badware prevention and remediation. 

On that note, this one’s for the site owners (and future site owners): your web hosting provider matters, and not just to you. Hosting providers who take action to limit malicious content on their networks benefit you individually—whether your site is currently infected or not—and the Internet as a whole. Security isn’t just a consideration; it’s a necessity. Is your hosting provider on this list? If not, why? 

StopBadware’s Best Practices for Web Hosting Providers, on which the We Stop Badware™ Web Host program is based, are designed to be implementable by hosting providers of every size and type. To address concerns about legal liability for malicious content on providers’ networks, we commissioned a legal whitepaper from the renowned Berkman Center for Internet & Society at Harvard University. The white paper, the best practices, and additional resources for web hosting providers are available at http://www.stopbadware.org/best-practices/web-hosting-providers. Learn how to sign up for the We Stop Badware™ Web Host program here. Free resources for site owners who want to prevent or remove badware on their websites are available here

 

Tags: 
badware, malware, stopbadware, webhost, website

Why Finland has so little malware

Posted on September 30, 2011 - 12:23 by mweinstein

Tim Rains from Microsoft's Trustworthy Computing group recently posted an excellent series of short blog posts titled Lessons from Some of the Least Malware Infected Countries in the World. Tim asked local security experts in each of these countries why they believed their nations were consistently lower than most on Microsoft's "Computers Cleaned per Mille (CCM)" measure. A brief summary of the findings can be found here, but I encourage you to read the six part series. (None of the individual parts are more than a couple pages of text.)

One interesting tidbit is that there is not necessarily a correlation between low PC infection rates (as measured by CCM) and low rates of badware websites (as measured by either malware hosting sites per thousand hosts or drive-by download sites per thousand hosts). This isn't terribly surprising, I suppose. Although the basic goals of prevention, mitigation, and remediation are the same for PCs and websites, the practical implementations are quite different. Germany, for example, has a national center for providing remediation of bot-related malware detected on consumer PCs. No such national resource exists for addressing compromised websites. (It's a good thing StopBadware and BadwareBusters.org are here, isn't it?)

Perhaps the most important lesson, though, is that strongly coordinated efforts to educate the public, notify victims, engage providers, and coordinate response seem to be highly correlated with low infection rates. We can all draw inspiration from that as we work to strengthen these efforts within and across our own areas of focus.

Tags: 
analysis, badware, malware, microsoft, trends