Microsoft: We should block infected PCs from the Internet

[Matthew DeCarlo]

In its effort to tackle botnets, Microsoft has offered a potential solution that would prevent botnet-infected computers from accessing the Internet. In a blog post this week, Redmond's Scott Charney described a "global collective defense" and compared his vision to modern public health in a paper titled "Collective Defense: Applying Public Health Models to the Internet" (PDF). Charney said that while traditional protection mechanisms such as firewalls, antiviruses and automatic software updates can reduce risk, they're not enough.

"Despite our best efforts, many consumer computers are host to malware or are part of a botnet," he said. He suggests that infected machines could have a "health certificate" to show whether it has security software and the latest patches. Systems lacking the proper software would be forced to update, while infected computers could be blocked from the Internet entirely.

"Just as when an individual who is not vaccinated puts others' health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society," Charney said. "We need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk."

Quarantining PCs may require government intervention, according to the Microsoft executive. "Voluntary behavior and market forces are the preferred means to drive action but if those means fail, then governments should ensure these concepts are advanced," he said. Such measures are unlikely to be accepted by Internet privacy advocates, however.

Analysts are already questioning the effectiveness of a quarantine-based system. Joe Stewart of SeecureWorks adequately notes that if the person behind a botnet isn't dealt with, they'll just find a way to continue operating. "Technical solutions just haven't worked," Stewart said. How effective do you think Charney's proposed solution would be?

Permalink to story.

https://www.techspot.com/news/40574-microsoft-we-should-block-infected-pcs-from-the-internet.html

 

[bugejakurt]

I think it's effective. I agree with him forcing security updates on computers and penalting those who don't enforce security updates.

 

[TomSEA]

Wow....can you imagine how many PC's would get shut down from the net? I'm sure tens of millions around the world.

(shrugs) But I can't blame them and frankly I admire the innovative thinking. Just not sure the Microsoft campus in Kirkland, WA would get burned to the ground from (uneducated) angry PC users as a result.

 

[JMMD]

How about shutting down sites that host this crap, or shutting down sites that have known security flaws.

I'd really like to see them focus more on hardened operating systems, sandboxed environments and taking down the botnet operators and controllers.

I'd be all for ISP's having a dynamic black list that blocked computers from going to sites that were infected or host malicious software.

The problem I see is a lack of education and standardization in the industry. It's like the wild west and no one has any control of any part of it.

 

[Guest]

Yeah right. I've never taken part in the annual flue shots available, and now they think they're going to quarantine me to my house..........

 

[Guest]

Not a bad idea as long as it is run by a trusted(LOL) company. Instead of banning the whole internet for infected computers, allow them to access sites that would allow them to get updated and cleaned.

 

[matrix86]

Such measures are unlikely to be accepted by Internet privacy advocates

My thought exactly. Kicking your clients off of your connection because a company wants you to wouldn't settle very well with the ISPs. When consumers don't have connections, ISPs don't make money, and they could care less whether or not your computer is infected.

I'm torn between this, though. I could see it as a good thing, but at the same time, I just wonder exactly how well it would work in the long run...not to mention all the people who would not buy a Windows computer for fear of getting infected and shut off from the internet. And as we can already see, with Mac becoming more popular, they will eventually have the same problem. So i'm stuck in the middle here.

 

[Guest]

ya that will work (LOL)

I know companies that still use windows 2000 on service pack 2 because service pack 3 screws up there proprietary data base software and they are too cheap to put money into a new system software not to mention hardware

 

[Guest]

if your pc is blocked from the internet because you dont have updates, then how do get the updates...
i have several pc's but i don't update them all because the update process can prevent other software from working.. my nero5 stopped working over a year ago and only a system restore would put it right, but when i restarted it i forgot to cancel auto update and once again it stopped working.. i had a similar problem with my purchased version of dr divx where it asked for my password saying my trial period had expired and then wouldn't accept my password.. luckily system restore worked and i turned off updates and i no longer have the problem.. i mostly disable my network connection on that pc but when transfering files or buying software online i temperaraly enable it...if it was detected without updates and was forced to update then who is going to reimberse me with software that works.. the new divx encoder is crap as i am unable to crop with it and i am not happy with the results obtained.. which means we will all be at the mercy of microsoft.. and i for one don't trust them that much

 

[mattfrompa]

I have not had a virus that I was unable to get rid of, but if I get kicked off the net I'll pop that Linux dsic in right away

 

[spydercanopus]

"Just as when an individual who is not vaccinated puts others' health at risk"

Backwards speak. If you're vaccinated, doesn't THAT protect you from non-vaccinated people? Bill Gates is a eugenicist and admits vaccines are used to reduce population in a TED video. Just google it.

 

[Guest]

How did the expression "could care less" get started. Is everyone so stupid not to realize it means just the opposite of what's intended?

 

[MrAnderson]

It sounds all good in the realm problem and solution, but we don't lock people up in their homes when they refuse to take a pill. This idea at its core is a thought excise that could only be successful in being implemented with major compromises that would make it otherwise less effective. An idea insisting on enforcing an industry by making sure that there will be buyers is scary. Heck, forget insurance against damage, it truly would herald in health care for our devices.

Perhaps if it were freely available might it be more appetizing... if the computing device security industry were funded by government and businesses (those that stand to lose money the most, spending perhaps millions each year to track and cut off another of the hydra's head) it might stand a chance.

Why not make it a truly free market where competition is academic and garners the prestige to match Nobel esc prizes. An openly public none proprietary and open sourced code base/library to fuel the “cyber health care cause” Put one leaching industry to bed for good, which only subscribes to subscriptions for customers.

We might as well be paying for insurance, because what have people gotten when the software failed yo defend. Yes the software that year after year people are entrapped into using through the front loading of such software by PC manufacturers.

This proposed solution defies the entire ideal of an open Internet. Surely a new infrastructure will need to be in place. Billions will be spent, or a new Internet built by multinational corporations and governments, and the old Internet will be come the slums. The web will fracture under the strain and the people with the technical know how will find ways to build smaller webs. They will be limited in scope, but vast enough to connect many. And for those with out resources to recreate some of the services that are on the commercial web, will connect via proxy “clean machines”...

 

[blaacksheep]

Systems lacking the proper software would be forced to update, while infected computers could be blocked from the Internet entirely

Who exactly determines "the proper software" that I need to be running on my machine for internet access? I find it highly objectionable that they propose to mandate the installation of "approved" processor-crippling antivirus software on MY computer. I find it equally objectionable that I would be considered guilty of harboring malware until proven innocent.

"They" won't stop until they have complete control over every aspect of our lives.

 

[Guest]

Why don't Microsoft make a better operating system that is more secure ?

No one will be on the net if they do that .dleption

 

[aj_the_kidd]

Big companies will never go for it, users are stupid and will open any attachment, if that attachment contains a virus and spreads throughout the companies network, effectively shutting out most users from the internet. Thats going to be a problem

 

[Guest]

As a society we do currently take action simply because you are not ‘up to date’ with virus protection. Do we not lock children out of public school if they have not been vaccinated? How about the way we treat those that have a known ailment? How well do you suppose it goes when you admit to having aids on your health/life insurance application? How about cancer? Shall we start this list up because you know should it is a very long and disturbing one. The verbiage in the article is wrong. The intent is be to block known infections from the ability to spread. This does not preclude the ability for a known infected computer to attach to an protected system for an attempted repair, though this odds are a new OS install would be the best answer. I merely means you are locked into the sandbox until you get your fix. Bashing critical thinking like this just shows where how postured you are. How many people out there thisnk everything is fine when in fact they have infected systems? Hmmm? Don’t you think they would feel a modicum of appreciation when they actually start seeing the performance they remember? (having done my best to disinfect many machines I already know how people react to this).

Nope. This is an excellent idea if implemented correctly. Of course there will be haters and dung throwers as always.

 

[Guest]

This is simply a ploy to divert attention from the real issues, most of which have already been commented upon in the preceding posts.

 

[Guest]

It's called Secunia PSI, use it, love it. People posting here are probably the ones who are actively "vaccinating" more than the average joe anyway. While Microsoft isn't making perfect products, last I checked the major issues usually involve someone trying to open up a bad attachment, XSS attacks, poor browsing software. No Script will solve a lot of those programs and the best part is it's free! So is Secunia, but I'm not in the habit of pushing software on others. Just family and friends.

 

[Wendig0]

I'm not sure how well this will work, but until they put "access to internet" in the Bill of Rights, then it's really up to the isp. ISP's should send out warnings to infected users with an ultimatum to clean their PC or lose their privilege of surfing through porn online. Giggity.

Guest said:
How did the expression "could care less" get started. Is everyone so stupid not to realize it means just the opposite of what's intended?

The expression is "...couldn't care less", but so many people are *****s, and have used it/ heard it wrong their whole lives, that nobody gives a damn.

 

[Guest]

Let's face it. This is just another ploy by MS to sell more of their "insecure" software. If MS knew how to write a truly secure OS, then there would be no need to kick the average "Joe/Jane Schmuck" off the internet. The bulk of the security problems are with MS software to begin with. Win 7 has been "ballyhooed" as the most "secure MS OS" yet, and no sooner is it made available to the general public, then a bunch of "security patches" come out. Now if MS can convince users to buy more of its crappy software (under the guise of security), then it stands to make more money. As Barnum said, there is one born every minute.

 

[AlExAkE]

Me too! AGREE! Such updates and software checks to see if the PC is infected should be the law. I will always install the latest patches and security risk updates to any computer I have access to. There should be a way of limiting access to internet to people who refuse to update, because they become the contributes to the problem.

Take any regular biological virus/bacteria for example. If there are many people infected in a place, their access to other people is being denied, in order to protect the rest and not spread the dieses. This should work the same way.

I VOTE "YES" with both hands!!!

 

[Guest]

I definitely agree. I hate bots. If your computer is infected then it is your fault, not Microsoft. So, we should enforce security patches and anti-virus software on any computer that is connected to the internet. Otherwise, they should be blocked from accessing internet.

 

[fimbles]

Will microsoft continue to provide updates and support for their older operating systems forever?

Or when the support ends does this mean you will be forced to upgrade to the newest version of windows in order to keep updated?

Call me cynical....

 

[Guest]

Apparently there are too many users here who are not familiar enough with computer security and/or flaws to properly comment and see right through this.

The idea is nice. It's a lofty goal, however, and nearly impossible.

Current malware and virii already disable the majority of well-known anti-malware or anti-virus software, making the computer user believe there is nothing wrong. The anti-X software products are much more difficult to overcome than simply accessing and modifying some form of "health" certificate.

So...again...it's a lovely idea in theory. In actual practice it simply would die a horrible death from the internet flu.