The Internet Service Providers’ Association (Ispa) is launching a new, member-driven programme in an attempt to root out malicious software infecting the computers of SA Internet users.

The project, called iCode, is a voluntary system in terms of which Ispa members will notify customers if network traffic patterns suggest their PCs have become infected by malware. It is based on Australia’s iCode.org project.

Ispa special adviser Ant Brooks says the association has already received buy-in from various SA law enforcement agencies and a pilot will be launched this year.
Though it’s an Ispa-led project, Brooks says non-Ispa members are welcome to subscribe to the iCode. TelkomInternet, SA’s largest retail ISP, is not an Ispa member, but Brooks says he doesn’t expect resistance in persuading it to join.

iCode.org founder and president Peter Coroneos, who was in SA last week, says cyber security is becoming a critical issue for ISPs. “Over the last few years, the botnet phenomenon has become a front-and-centre issue in Internet security,” he says, adding that retail antivirus products no longer provide a complete solution for cyber security. “We’re at the point now where the average home user is no longer in a position to manage this themselves.”

Coroneos says botnets threaten end users’ privacy and personal information, feed into international crime and “go to the heart” of network integrity for service providers. “The capacity for damage increases with the speed of the pipes.”

iCode works by introducing a new layer of protection at the service provider layer, offering scanning tools and diagnostics that go beyond what retail software on users’ PCs can pick up.

“We are suggesting that if you can add value to the whole defensive environment through network-level monitoring, then you are adding a level of sophistication that puts the bad guys on the back foot a little bit,” Coroneos says.

Of course, network-level scanning of data traffic is likely to raise the hackles of privacy advocates. Coroneos says this was a major concern in Australia when ISPs began implementing the iCode. But he says ISPs do not scan the content of users’ communication; rather, the system conducts behavioral analysis of customers’ computers. “If your machine wakes up in the middle of the night and sends a few hours of traffic and then shuts down, this is typical of a spam bot.”

The system alerts ISPs to potential problems, allowing them to contact the customer — usually via an e-mail — about a potential problem. The user is then provided with a link to an iCode website, where they can download free tools to scan their computer for potential problems. “It helps reduce the theft of personal information and identity fraud, so it’s actually pro-privacy,” Coroneos says.

“This is about the industry striking back [against cyber criminals],” he says.

SA will be only the second jurisdiction worldwide, after Australia, to implement the iCode. But Coroneos says there is strong interest from other countries, including the US.

The iCode, once implemented, should allow local ISPs to reduce bad traffic on their networks and lower their customer support costs. Coroneos says it will also help ISPs improve their reputation among customers and help ensure their networks aren’t blacklisted. — (c) 2012 NewsCentral Media