X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
In 1993, Marketta Silvera had a eureka moment: She realized that Internet service providers would eventually offer much more than plain old Internet access. Anticipating that the biggest impediment to e-commerce would be consumers’ security fears, she launched Pilot Network Services, a company that provides Internet access with built-in security. Now, seven years later, the industry may be catching up to her. After February’s distributed denial-of-service attacks on major Web sites and the global plague of viruses that hit in May, other ISPs have begun to sell packaged security along with Net access. Security “is going to become a requirement in the [ISP] industry,” says Silvera, a native of Finland and chairwoman and CEO of Pilot, based in Alameda, Calif. “For public companies, it’s irresponsible to do business electronically and not know how to measure how secure you are.” Indeed, the debate over how much responsibility ISPs should assume in protecting their customers from Internet-borne nasties has only just begun. It parallels the earlier argument over whether ISPs are responsible for the type of content — for example, pornography — that gets distributed over their networks. To date, the courts have treated ISPs as passive carriers, or conduits, of the content their customers distribute, rather than publishers or broadcasters that could be found liable for it. And so far, no one has suggested that ISPs should be held liable for viruses that infect customers on their network. But some experts think that will change. ISPs “don’t think of it as their job [to prevent the spread of viruses], but it is their job,” says Yogesh Gupta, a senior VP of e-business strategy at Computer Associates, based in Islandia, N.Y. “If some virus spread through telephones, wouldn’t it be the problem of the phone company?” Anti-virus vendors — who hope to sell their software to ISPs — have long urged ISPs to scan for viruses. The solution to the outbreak of viruses, says Dan Schrader, chief security analyst at anti-virus company Trend Micro, “is to stop relying on desktop-based security and put security onto the Internet cloud. This whole idea that we can update or even alert 300 million people to stop the next Love Bug virus is absurd.” In fact, Schrader predicts, “Two years from now every major ISP is going to have this kind of service.” ISPs are also concerned about how to prevent customer machines on their networks from being used in DOS attacks. But many ISPs are reluctant to add complex features to their systems. Filtering or scanning data could slow their networks, they maintain — and they would probably need to buy routers capable of running the filters. America Online and EarthLink, the top two ISPs in the U.S., have chosen not to offer comprehensive built-in security features yet. “Scanning for viruses on the server sounds like a good idea in concept, but it’s a little messy and not very effective,” says Dan Farmer, a security researcher at EarthLink. “The best solution is to give people the software, then people who want it can use it and set their protection level.” Even if ISPs can’t be held liable for viruses and hack attacks, they may find that protecting their customers will differentiate them in an increasingly competitive, low-margin business. When customers complained they were overwhelmed with spam, many ISPs began offering spam-blocking for free. The same thing could happen with viruses. “The real big issue here is that e-mail boxes have become a commodity for ISPs,” says Gary Hermansen, CEO of Brightmail in San Francisco, which provides its anti-spam service to ISPs and e-mail outsourcers. “And they’re looking for ways to add value to e-mail boxes through security and other services.” Brightmail announced a new anti-virus service last week. Other ISPs are already offering managed security via partnerships with security vendors. For $1.50 per month, Qwest (which merged with US West in June) will scan customers’ e-mail attachments for viruses. And BellSouth (BLS) has teamed with anti-virus company Internet Security Systems to offer corporations a suite of managed security services for $1,500 to $5,000 per month. Will AOL and EarthLink (which between them have almost 27 million customers) follow suit? Security services are “a great niche offering for people concerned for some reason about that,” says Steve Dougherty, director of technology acquisition at EarthLink. “We haven’t done it because it hasn’t been that significant for our customers.” As the only ISP with a focus on security, Pilot includes security features in its basic corporate service. The security includes intrusion detection, firewalls, virus and spam scanning and round-the-clock monitoring from centers in Alameda, Calif., Chicago, London, Los Angeles, New York and smaller centers in Boston and Washington. Pilot charges between $6,500 and $100,000 per month, plus $13,000 to install the software and hardware. Though Pilot lost $5.8 million in the most-recent quarter, its revenues almost doubled from the same period last year. After falling from a high of $55 to below $9 in May, its stock has inched back up above $11. Pilot signed up its first telco partner, Primus Telecommunications Group, in January and serves about 2,000 networks covering 270 corporate customers, including General Electric and various ISPs and application service providers. To prevent machines on a network from being used as “zombies” for DOS attacks, the Internet Engineering Task Force recommends that ISPs use “spoof” filters (which block packets from being sent out of the network with a forged Internet address) and “smurf” filters (which block packets designed to be rebroadcast and expand as they pass from network to network, soaking up more and more bandwidth). Any ISP that doesn’t do what it can to protect its customers from viruses and from having their computers turn into zombies, risks bad PR and customer defections. “For commercial ISPs, there is a huge issue of potential embarrassment,” says Wyatt Stearns, CEO of Tripwire in Portland, Ore., which sells intrusion detection software. “Managed service providers, ASPs [application service providers], and ISPs are quietly, but very effectively shoring up their processes internally.” Executives at AboveNet in San Jose, Calif., which sells bandwidth and co-location to ISPs, feel so strongly about security that they are revising contracts with customers to require that they install filters. It seems inevitable that more companies will begin adding customer protection to their menus. “ISPs can and should do this,” says Steve Bellovin, network security researcher at AT&T (T) Research Labs. “The Net should be protecting the Net.” Related Articles from The Industry Standard: Gloves Off EarthLink Lures AOL Users With Free Service What’s The Deal: AT&T-Mindspring Agreement Moves ISP Market Copyright � 2000 The Industry Standard

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.