Microsoft Senior Executive Scott Charney suggested on Thursday that virus-infected PCs should be quarantined from the Internet.
Speaking at the International Security Solutions Europe (ISSE) Conference in Berlin, Germany, Charney proposed a possible approach to addressing botnets and other malware that impacts consumer machines. The approach calls for sick PCs to be treated in the same way that society deals with infected humans. Charney describes the issue in a company blog post and explains that firewalls, antivirus and automatic patch updates aren't enough. "Despite our best efforts, many consumer computers are host to malware or are part of a botnet. "Bots," networks of compromised computers controlled by hackers, can provide criminals with a relatively easy means to commit identity theft and also lead to much more devastating consequences if used for an attack on critical government infrastructure or financial systems."
He goes on to explain how individuals that are not vaccinated against human viruses put others' health at risk and that there are processes governments use to track and control the spread of disease. "Simply put, we need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk. To realize this vision, there are steps that can be taken by governments, the IT industry, Internet access providers, users and others to evaluate the health of consumer devices before granting them unfettered access to the Internet or other critical resources."
The main issue that Microsoft wants to tackle is the ever growing army of robot PCs. Botnets are networks of compromised computers controlled by "bot herders" or "bot masters" that use the thousands (sometimes millions) of compromised Windows machines to distribute adware, spyware, spam emails and launch DDoS attacks. Botnets are typically installed onto end users machines by web browser vulnerabilities, worms, Trojan horses, or backdoors. A "bot master" will then control the machines by IRC commands to launch attacks or send email spam. Earlier this year Microsoft announced, that together with industry partners, it had executed a major botnet takedown of Waledac, a large and well-known "spambot". At the time the software giant said it was looking to be "even more creative and aggressive in the fight against botnets and all forms of cybercrime."
The reaction to the proposals has been met by an angry backlash from Internet commenters on Microsoft's blog. One poster lambasts Microsoft for "touting" to remove unsecure PCs from the Internet, "by that logic we need to remove every machine running Windows" said Debbie Mahler. Another asks "If Microsoft isn't competent enough to make software that is safe, how are they going to be able to make an Internet quarantine that works?". There's no doubt that the proposal is workable but the controversy of such actions, and an appropriate industry standard, seem a far way off.