The plan of the belgian minister of IT to put a content firewall around the belgian internet has not been thought through and should be re-adjusted.
http://www.opendns.com is an open source initiative that could be the solution if some other questions are answered. The idea is to use the DNS servers to block the addresses of the malware or childporn sites. This is easily done as you just ad a blacklist. The cost is minimal compared to other systems.
The other advantage is that you can add more easily another dns server (an FDNS - Filtering DNS server) to the existing parcs and that you can hardcode these in dialup software (for example to contact egov and ebizz sites and not to be redirected to phishing sites). If the sites are being taken down, you can easily put others in its place or just redirect to others.
The problem with opendns.com is that in their interview they say that everything is going automaticcally and that there is no human supervision or control, which seems a bit 'naïve' and that in an analysis of their infrastructure they don't use SPF to indicate the security of their identity.
In belgium the minister for IT Vanvelthoven has said that there will be a content firewall on the information routes to belgium blocking illegal content, such as child porn, but not only that, while not specifying what exactly and how it will be done. They while form a committee to decide what. Blocking is a great word because it will only display a page that you are going to see illegal content if you go any further, while not blocking this. The blocking of malware and viruses will be done by the other means of security that the ISP's have legally to put into place according to the new telecomlaw (but which still has to get the budgets and manpower to be put into place). This malware-blocking is without any doubt the only way to clean our information routes. But this may be not enough for ebanking, ecommerce, egov and etrade which should be put in a restricted zone with which you can only communicate over certain ports and all portscanning and application attacks are filtered out. For me these servers should also be connected via different routers and maybe all other connections from other applications on the pc connected to these restricted zones are blocked or disactivated and computers without antivirus and or firewall have to pass a online security check and update before being allowed access. This will give the security people and installations of those operations more time to concentrate on phishing and other kinds of fraud by humans. But that is a totally other discussion. Read more here http://wildweb.wetpaint.com/page/belgian+content+firewall