Saturday, 30 October 2010

Sick PCs should be banned from the net says Microsoft

At least that's what the BBC's poorly headlined article said...

Virus-infected computers that pose a risk to other PCs should be blocked from the net, suggests Scott Charney of the firm's trustworthy computing team, in an attempt to tackle botnets - networks of infected computers under the control of cyber-criminals, which can contain thousands of machines. Running Microsoft Windows. All of them -  as far as I know. 

Charney's proposal is based on lessons from public health, 
"Just as when an individual who is not vaccinated puts others' health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society,"

Putting machines in temporary quarantine would stop the spread of a virus and allow it to be cleaned, Charney suggests.

"In the physical world, international, national, and local health organisations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others.
"Commonly available cyber defences such as firewalls, antivirus and automatic updates for security patches can reduce risk, but they're not enough," wrote Mr Charney. 
"Despite *our best efforts*, many consumer computers are host to malware or are part of a botnet.
"Simply put, we need to improve and maintain the health of consumer devices connected to the internet in order to avoid greater societal risk."
His proposal, presented at the International Security Solutions Europe (ISSE)  Conference in Berlin, is for all computers to have a "health certificate" to prove that it is uninfected before it connects to the net. If the health certificate indicates a problem the computer could be prompted to download a missing patch or update its anti-virus settings.
"If the problem is more serious (the machine is spewing out malicious packets), or if the user refuses to produce a health certificate in the first instance, other remedies such as throttling the bandwidth of the potentially infected device, might be appropriate." 
Great.

One: some might say that 'Microsoft shouldn't be on the internet until they get their own house in order' (not a quote by me but by a spokesman from Sophos)

Two: Where are the standards, the infrastructure and the enforcement to come from? What is the standard definition of healthy? Who issues the health certificates? Microsoft? I don't thinks so. The ISP's? No. The government? It better not. Where is the legal framework for this; no legislation, no enforceable quarantine! What's the penalty for non-compliance? Who arbitrates false diagnoses?

Moreover, who is paying for this? I can bet it won't be Microsoft

Three: who is diagnosing infections and sending messages to tell the user the machine is infected? Will they believe it or think it's just another a scam?

Four: Charney draws parallels to quarantine, but doesn't say kick the infected PC's off the net completely: 
"An individual might be using his or her internet device to contact emergency services and, if emergency services were unavailable due to lack of a health inspection or certificate, social acceptance for such a protocol might rightly wane."
More to the point, if the PC is kicked off the net, how does the user go about fixing it?

Apparently, there are voluntary initiatives for ISP's in Japan, France and Australia to do this kind of thing, but who else has heard of them in other territories?  RC

No comments:

Post a Comment

At least try to be nice, it won't kill you...