Bandwidth caps: they're coming, and the ISP's really want them. Why? They can charge you a flat rate for, say, 5GB a month, such as is already done by Sprint and AT&T for their wireless broadband offerings. With 5G a month you can do a lot of email, some web browsing, perhaps a Hulu video or two. But what happens when you go over that 5GB in a month? You get charged by the megabyte, say 5 cents/MB. So customers using bandwidth caps need to be parsimonious with their Internet usage. Gone are the days of being able to download anything that caught their fancy. No more movies from iTunes, not so many songs from Napster, and no more huge OS updates. Wait, what? That's right. These customers will definitely think twice before downloading any costly OS or security updates. And we will all pay as a result.
Some examples are Apple's recent Mac OS X 10.5.7 combo update (729MB), a massive Microsoft update that patches 31 vulnerabilities (some critical), and even the 36MB Ubuntu update that I am downloading as I type. If the user thinks his/her computer is working fine, why would that user waste valuable bandwidth downloading what seems like a totally necessary update? Who cares if the recent Microsoft update includes a patch to protect against Conficker (that has its million-plus botnet aimed at...well, we're still waiting)? Instead, the user saves his/her bandwidth for a couple of episodes of The Office. Meanwhile, the user's unprotected PC becomes another zombie. And now becomes everyone else's problem.
Internet access cannot be treated as just another utility. If the electric company decides it needs to upgrade its infrastructure to protect against SCADA attacks, it charges its customers a couple more pennies per kilowatt hour. It doesn't demand the customer buy some copper wire and pipe and get to work. Just as most users won't spend their time and money upgrading a utility, most users won't going to spend an extra couple hundred MB improving their own PC's security.
If the trend is to treat the Internet as just another utility, update downloads should be exempt. Otherwise, don't cap bandwidth. Also, OS vendors like Microsoft, Apple, even Ubuntu need to stop taking unlimited broadband for granted! Why are all updates available only as a download? Some of it is understandably because of zero-day exploits, but these security patches are relatively small. Otherwise, give customers the option of getting their updates via a non-download method, such as CD or a recycled USB key (you send it in, they send it back with the update.) Be creative.
PC security is no longer about a virus that trashes your hard drive. It's about botnets made up of millions of unpatched computers that attack banks, infrastructures, governments. Bandwidth caps will contribute to this unless the thinking of Internet providers and OS vendors change. Because we are all inter-connected now.
