Internet service providers (ISPs) are showing little interest in cleaning up network traffic, delegates at the RSA Conference have been told.
Some countries now insist that ISPs clean up their data traffic, but security firms are finding considerable resistance to the idea. Part of the problem is that ISPs make good money from malware.
"I would pay for clean water out of a pipe, but I can't do that for the internet," said Raimund Genes, chief technology officer at Trend Micro.
"We are one of the biggest security companies, but we can't convince the ISPs, Facebook and others to clean up their internet pipes. It's up to the customers to request clean water out of the pipe."
Genes explained that regulatory pressure in Japan and Germany had forced ISPs to introduce malware and phishing controls, resulting in a noticeably lower rate of infection.
"Here in the US you have a deregulated market so there's no progress. ISPs will host malware because there is money in it," he said.
However, George Kurtz, chief technology officer at McAfee, said that such deregulation actually suits some internet users.
"There has to be an economic motivator to do this. If you have customers who like dirty water then so be it. If your habits are downloading porn and warez you're likely to be at risk," he said.
Nevertheless, security companies face challenges in getting law enforcement to shut down malware generators. Genes said that Trend Micro faces major problems in trying to get law enforcement to take down malware command-and-control servers.
"We identify a command-and-control server in Germany, and by the time we've got the police involved the hosting moves to Italy. Once we've got Interpol involved the server moves to South America," he said.
Genes explained that some Russian hacking groups make up to $20m (£12m) a month and can afford to hire the best computer talent to circumvent government controls.
The best Black Friday tech bargains out there
Russell Group slammed for misusing student data in donation campaigns
Linus Torvalds is unhappy with current approaches to Linux security
Bug prevents ASLR from randomising location of important data