Not according to many broadband customers and security experts.
Security experts and Internet users are becoming increasingly vocal about their concerns that high-speed Internet providers are not doing enough to ensure the data security of home users.
"It's been two months (since I notified my provider of three potential attacks)," wrote a Santa Clara, Calif.-based Web production manager to ZDNet News Talkback. "And I still haven't heard from (them). I'm not overly concerned about prosecuting hackers ... but I do care about my own privacy and the security of my system."
In the wake of the recent denial-of-service attacks against eight major Web sites, including ZDNet (NYSE: ZDZ - news), personal security has become less of an add-on and more of a must-have feature for Internet surfers. (See: Has your PC been hijacked?)
Customer security low priority
Unfortunately, while high-speed Internet providers are intent on
making their networks secure, they frequently overlook the security
of their customers, said Jeremy Rauch, manager of vulnerability
content and co-founder of security information site
Security-Focus.com.
"Broadband ISPs don't seem to be doing a lot on the problem right now," he said. "They don't seem to be going out of their way to educate customers about the problem."
A recent example: Two months ago, said Rauch, Usenet newsgroups were ready to give the @Home Internet service the "death penalty" -- blocking any user from the @Home domain from posting to newsgroups. The reason? Spammers were sending e-mail out to the Internet using @Home customers' computers to camouflage the source. If the ISP had helped its users correctly configure their computers, the problem never would have happened, said Rauch.
Yet, providers insist that they are taking customers' security seriously.
'Eyes and ears open'
@Home has learned from its checkered past, said Jacqueline Russo,
spokeswoman for Excite@Home (Nasdaq: ATHM - news), and now has
become more vigilant, adding a security page to its services
sponsored by security software maker McAfee. "We are constantly
keeping our eyes and ears open," she said.
Another problem for providers: Personal firewall programs have become quite popular with users. Many of those programs warn users of every little ping and port request, resulting in paranoid users who always think their PCs are under attack.
"These programs have taken off in the past six to eight weeks as more people are going out and looking for security," said Curtis Benton, network operations manager for Internet-over-DSL provider Flashcom Communications Inc. "Yet, people get too concerned over security sometimes, and they become convinced that anything attempting to contact their computer is coming from a malicious personality."
The result is a flood of e-mail to providers that is as debilitating as the denial-of-service attacks that hit the Web Feb. 7-9.
'A stack of complaints'
"We have an abuse coordinator that has a stack of complaints that
he has to determine whether are a serious threat or not," explained
a system administrator for Road Runner, Time Warner Inc.'s high-speed
Internet service, who asked to remain anonymous. "It would be hard to
respond to every single complaint, especially when people are sending
us their BlackICE logs and the like every day, and we have thousands
of users."
In the week following the attacks on major Web sites, personal firewall maker Network ICE Inc. has seen requests for its product, called BlackICE, skyrocket by 30 percent to 50 percent. Rival Zone Labs, maker of a free firewall called ZoneAlarm, has seen 400,000 downloads of its program in the past week.
Greg Gilliom, CEO of Network ICE, admits that personal firewalls can generate a lot of alarms. "The problem (for providers) is that they don't have time to deal with every knock on a customer's door by script kiddies," he said. The next version of BlackICE will not explicitly tell users when it has blocked an attempt to access their PC, though it will log the incident.
Gilliom also stressed that broadband providers are getting better about integrating their customers' security with their own. "We are in discussion with several ISPs that are thinking about rolling out a security service," he said. "They can charge the end user $3 to $5. Later, as everyone starts doing security, it will just become part of the service."
Security: Let the user decide?
That will let Internet providers tailor security to the needs of
the user, said Shawn Dainas, spokesman for Pacific Bell Internet
Services.
"Consumer have to decide if they need more security themselves," he said. "Just like in the real world, different people have different security needs -- some may want to have a state-of-the-art security system, others may just need a dog."
In the meantime, users should not wait for the broadband providers to come to them, stressed David Davidson, a software engineer from Omaha, Neb., in a post to ZDNet News Talkback.
"(Don't) take your security for granted," he wrote. "Learn and protect yourself."