Maxim Weinstein spoke to the WHIR about the organization's new program for web hosts
(WEB HOST INDUSTRY REVIEW) — When it comes to the spread of malicious software on the Internet, it can be tempting for those without explicit legal liability to wait until someone else fixes the problem.
Non-profit Internet security organization StopBadware (www.stopbadware.org) believes that web hosts have a responsibility to help fight badware. Last week it launched a special program encouraging web hosts to adhere to the organization’s best practices and display a seal to visitors pledging their commitment to the program, “We Stop Badware.”
In an email interview with the WHIR, executive director of StopBadware Maxim Weinstein discussed the benefits of the program to web hosting providers and some of the web hosts already behind the program.
WHIR: Let’s talk about the role web hosts play, relative to badware, and what they can do about it. Can you describe how your organization looks at web hosts as a vehicle for taking care of this? To what extent do you see it being their duty?
Maxim Weinstein: If you look at a single website, you might see vulnerabilities like an out of date version of WordPress or a poorly coded submission form. When we look at the state of badware on the Web at large, we see vulnerabilities like webmasters and hosting providers that don’t know how to – or have no incentive to – prevent and respond to badware on their properties. If we’re going to build a safer web, we have to make it easier and more attractive for everyone in the ecosystem to step up and do their part.
The question, then, is what is the part that hosting providers should play? To help answer that, StopBadware started a process of developing our Best Practices For Web Hosting Providers. We started by pulling together a working group of security professionals, policy wonks, hosting provider abuse team staff, and other experts. Over several months, they helped us craft the first installment in the practices, “Responding to Badware Reports,” which we published in March. We plan to release additional installments; the next will likely be “Prevention and Customer Education” sometime next year.
Now that we’ve started on the Best Practices, we wanted to give hosting providers a reason to adopt them. That’s why we created the We Stop Badware Web Host program to reward providers that adopt the Practices.
WHIR: What about liability? I know you’ve published research about this, but can you describe what the web host’s actual legal responsibility looks like, relative to badware on its network?
MW: Sure, but first a disclaimer: I’m not a lawyer and StopBadware doesn’t provide legal advice. Web hosts should consult their own attorneys.
That said, based on the research conducted for us by the Cyberlaw Clinic at Harvard Law School, web hosting providers in the United States seem to have broad protection from liability for badware hosted by their customers. This is true even if the hosting provider is aware that the badware is present. As long as the provider doesn’t make an explicit commitment, like “we will remove the badware from site X by Friday,” the provider should be safe from liability.
Of course, the Federal Trade Commission has made clear that it is willing to take action against hosts that are particularly friendly to spammers and other parties engaged in illegal behavior, so there is some legal pressure to do the right thing.
WHIR: What does it take for a web hosting provider to be involved in the We Stop Badware program, specifically?
MW: The We Stop Badware web host program is a way of recognizing hosting providers that have put our Best Practices into action within their organizations. Any web host that is able to publicly commit that they’re compliant with the practices may fill out a form on our website, agree to the terms and conditions, and display the seal with a link back to StopBadware. The landing page at StopBadware describes the program, lists the participating hosts, and points webmasters to more information about protecting their websites.
WHIR: Can you outline some of what your best practices for web hosts entails, at least generally?
MW: The current installment of the best practices really focuses on a few things: keeping the lines of communication open with both the customer and the person reporting the badware; investigating the reported issue and taking action appropriate to the provider’s role; and using the history of past issues as a learning tool to improve security in the future.
WHIR: How involved have hosting providers been in your work up to this point? Who is already involved in the program? And to what extent is this program just kind of formalizing an existing relationship?
MW: Several prominent hosting providers were involved in the initial effort to develop the best practices: SoftLayer, Verio, GoDaddy, and Network Solutions. SoftLayer is also a corporate sponsor of StopBadware’s work. We expect some of these companies to join the We Stop Badware Web Host program once they have had time to implement the practices, review the program terms, and coordinate the marketing. Meanwhile, since launching last week at HostingCon, the program has attracted several other providers from around the world.
WHIR: Do you have any specific insight into how the seal might impact a hosting provider’s image? Do you see a real demand among customers or prospective customers that their hosting providers be committed to a cause such as this?
MW: We believe this is a great opportunity for hosting providers. The only cost for them is implementing procedures that, frankly, they should (and might) already have in place. Meanwhile, participating providers can distinguish themselves in a crowded market by showing their commitment to being good Internet citizens.
As the program gains momentum, part of our webmaster education – and we will encourage our partners to join us in this – will be to encourage consumers and businesses to look for the We Stop Badware Web Host seal when choosing a host. We hope that it will become a badge of honor for hosting providers and customers alike to say “we’re part of the solution.”
About Liam Eagle
Liam Eagle has worked as a contributor to the Web Host Industry Review since its inception in 2000, and as editor since 2003. He has been editor of the WHIR's print magazine since its launch. His daily involvement in the gathering and reporting of Web hosting news and his regular interaction with Web hosting leaders gives him an uncommonly broad appreciation of the issues and tends facing the business. Through his WHIR blog, Liam spots Web hosting trends and offers opinions on the industry-wide impacts of major developments and the motivation behind big announcements. Follow him on Twitter @liameagle
No related posts.
