We cannot push all requirements to the ISPs. End users who leave their computers vulnerable to being controlled by others are also at fault. All PCs connected to the Internet should have the latest patches installed, as well as updated firewall, antivirus and antispyware software. While these tools won't prevent everything, they can decrease a computer's susceptibility to compromise exponentially. Those who fall victim to an attack because they don't have the appropriate software and updates would be financially responsible for their own loss and potentially the loss they cause others. Just as individuals are legally required to keep their cars in safe condition to protect others on the road, they should be required to keep their computers safe to protect others on the Internet.
4. Write some kind of law concerning efficient security software.
I have been wrestling with how to word this one. A law like this is especially important if people are required to install and run security software. People have uninstalled their antivirus and antispyware software because it brought their systems to a crawl. Security software vendors must make performance a critical feature of their software.
While there are other laws I could recommend, these are the most fundamental and easy to implement. I know there may be criticisms. For example, some smaller, and even larger, ISPs and organizations will say they can't afford the software and staffing needed to kill end-user access as required. First, these companies are already spending money to provide bandwidth for all of the malicious traffic. Second, if they can't afford to protect their network properly, they shouldn't be in that business.
That is probably the key point. Can you imagine a trucking company saying that highway safety laws shouldn't be enacted because that would be too expensive? Likewise, can you imagine a private citizen saying that he doesn't want to properly maintain a car's safety? Of course not, as they would be endangering the safety of others. If people want to have access to the Internet, or financially profit from it, they should likewise be required to take precautions so that they don't endanger others.