Wednesday, December 21, 2005

Should ISPs be accountable for overall Internet security?


Let's start with a basic understanding of what you're looking at. Right now, it's my blog. It has graphics, text, formatting, and all these pieces sit on the server. When you got here, your browser software asked the server for those pieces. Blogspot said sure, no problem, and started to send them.

Due to the way the internet was originally designed (and unless you want to spends billions and billions of dollars moving everybody to a new system, you're stuck with it), things are broken up into smaller byte-sized pieces, wrappped with identifiers called headers, and tossed out into the maelstrom. I don't have a clue how many packets my blog gets broken into, but let's use the number thirty(30) as a working number., point A, sends the first five packets out to point B. Point B suddenly gets buried in stuff from somewhere else, so sends the next five packets to point C. Point C is doing ok, so blogspot sends the remaining twenty packets to point C, too. So now we've got five going one way and twenty-five going another. Point B has a good connection down the line, so it sends the five packets on to point D, which in turn connects to points E, F and G. G is your home ISP, and they hand those five packets to your browser. Meanwhile, point C hands off five packets to point H, which says everything is fine so point C hands off five more. But wait! Point H suddenly gets a bunch of stuff from somewhere else, and point C now must hand off the remaining fifteen packets to point I. Point H is so overwhelmed, it can only hand off the ten packets two at a time to point J, who in turn hands them to K, L, O, Q and Beta. Somewhere in there, they finally make it to G, your ISP, and then to your browser. Meanwhile, the fifteen currenly at point I get handed off as a group to point M, which again due to traffic, breaks them up into five packet pieces and hands them off respectively to N, P and S. N's got a direct connection to G. P has to send its packets thru R, then Y and then to G. S has to send one packet each to T, U, V, Z and alpha. Alpha needs to hand off to X before it can get to G, but the rest can hand them all to point G, which gives them to your browser. Your browser now can put them all together and you get my blog.

Everything gets sent that way.

The $64,000 question is this: How can your ISP (point G) check every single packet for the hundreds, thousands, tens of thousands of users, without slowing down your I-want-it-now web surfing experience, correctly identify that piece as a virus and not as the next version of Norton anti-virus download or the picture of my cat, without having all the pieces, when all the pieces don't come together, in the same order, or even at all? If you can answer that question successfully, I guarantee that you will be richer than Bill Gates in less than two years.

In the mean time, get virus checking software on your computer. Your ISP can check your email because all the pieces have come together on the email server, but everything else is yours. Your computer is the only place all the bits and pieces come together to make a blog, a shopping website or that ugly monster virus.