ThreatSTOP has a number of universities and places of higher education as clients and, it turns out, there's a good reason for this. That reason is 'Academic Freedom' and the possibly unintended consequences of that on computers and networks.
Unlike other organizations, universities tend not to be allowed to limit the access of faculty or students to the Internet because of the need to not censor or interfere in Academic Freedom. This is a noble goal but, in today's world where significant chunks of the Internet are places that only offer one thing - the chance for visitors to be electronically mugged - it is not a goal that leads to a university network that is free from malware. And it doesn't help that, as part of the same freedom, university network users typically expect to be able to connect any computer with any OS they want and with or without any sort of malware protection. Given that Universities also have an obligation to protect research papers, student (and staff) personal information and so on there is an inherent dichotomy that must cause most university IT managers etc. ulcers.
ThreatSTOP however manages to reduce the strain because even the most ardent fan of academic freedom tends not to want to see his or her own computer 'PWN3D' by some criminal gang halfway around the world. Likewise academic freedom and lack of censorship tends not to mean that professors appreciate large amounts of spam in their inboxes or having their local departmental server taken over by a gang and used as a phishing server. Thus academics tend not to object to a firewall that merely blocks access to those comparatively few IP addresses that are known to be bad while permitting access to the billions that aren't.
ThreatSTOP has an extremely low false positive rate which means there is little need to worry that a blocked address is actually harmless. Furthermore because we are extremely fast to add new addresses and we actively remove IP addresses that are no longer actively bad, the lists we produce are ones that list just what is bad now, not what was bad last week or last year.
Our academic users typically see a huge reduction in malware on their networks once the implement ThreatSTOP as well as a significant reduction in spam and inbound attacks. The reduction in inbound spam and bandwidth is often entirely sufficient to justify the purchase of ThreatSTOP as this reduction significantly extends the life of mail-servers, virus-scanners, IDSes etc. and reduces the need to purchase additional connectivity to the Internet.
So if you're reading this and work in a university, why don't you give us a try?