So I've been asking myself this question for awhile and I don't seem to be getting any good results–why is it that spam bot owners are able to get all of these zombie machine IP addresses, but from a defense perspective, we don't seem to be able to do anything about these botnets? It occured to me that addressing this issue of security in the 21st century will mean that we have to be proactive with detecting these bots and shutting them down.

First things first, a bill should be passed that requires ISP's to do monitoring of every machine that is connected to their network and scan them to see if there are any machines that have been exploited. I mean without knowing all the technical in's and out's, if a botnet operator can detect an exploited machine without having access to the ISP's switches and routes and such, it would make sense that an ISP who does have access to all of this, would be able to do it more efficently. This would do wonders to make US ISP computers one of the most secure in the world. Also ISP's, as part of their subscription services, should REQUIRE that all user's connecting to their network do so from A) behind a hardware firewall, and B) using antivirus software on each machine. This should be a SIMPLE and painless process, i.e from the machine a user goes to this URL, it detects they are coming from the ISP's IP address, and downloads a copy of the software to their machine.

It would seem that unless we take a proactive stance to say all machines that are on a network in the US will be hardened against exploits, then we are going to be putting ourselves in a worse situation as time goes on. Is it hard–YES! But will the end results pay off, absolutely.