Microsoft reflects on its proposal to ban virus-infected PCs from the net

By Tom Warren, on 17th Feb 11 5:01 pm with Comments Off

Microsoft Senior Executive Scott Charney suggested in October that virus-infected PCs should be quarantined from the Internet.

The proposal met huge criticism and debate across the industry and Charney appears to have reflected on his idea recently. Speaking at the RSA conference earlier this week Charney said “in the course of the last year as I thought a lot more about this I realized that there are many flaws with that model.”

Charney proposed a possible approach to addressing botnets and other malware that impacts consumer machines. The approach called for sick PCs to be treated in the same way that society deals with infected humans. Charney described the issue in a company blog post in October and explained that firewalls, antivirus and automatic patch updates aren’t enough. “Despite our best efforts, many consumer computers are host to malware or are part of a botnet. “Bots,” networks of compromised computers controlled by hackers, can provide criminals with a relatively easy means to commit identity theft and also lead to much more devastating consequences if used for an attack on critical government infrastructure or financial systems.”

He went on to explain how individuals that are not vaccinated against human viruses put others’ health at risk and that there are processes governments use to track and control the spread of disease. “Simply put, we need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk. To realize this vision, there are steps that can be taken by governments, the IT industry, Internet access providers, users and others to evaluate the health of consumer devices before granting them unfettered access to the Internet or other critical resources.”

The main issue that Microsoft wants to tackle is the ever growing army of robot PCs. Botnets are networks of compromised computers controlled by “bot herders” or “bot masters” that use the thousands (sometimes millions) of compromised Windows machines to distribute adware, spyware, spam emails and launch DDoS attacks. Botnets are typically installed onto end users machines by web browser vulnerabilities, worms, Trojan horses, or backdoors. A “bot master” will then control the machines by IRC commands to launch attacks or send email spam. Early last year Microsoft announced, that together with industry partners, it had executed a major botnet takedown of Waledac, a large and well-known “spambot”. At the time the software giant said it was looking to be “even more creative and aggressive in the fight against botnets and all forms of cybercrime.”

Charney penned a new blog post earlier this week detailing the feedback and criticisms he has received. The main question appears to be around privacy. “A related concern raised is that people might be cut off from key services like Voice over Internet Protocol (VOIP) phones to contact emergency services or machines used for medical devices. This is an area that needs to be accounted for in driving social, political and technical alignment to develop acceptable solutions,” says Charney.

Charney still wants to hear from those with feedback or suggestions. Internet privacy and security has been a long running debate across the industry for many years and Microsoft wants to address some concerns with new actions. “Advancing such a far-reaching proposal certainly raises many important issues that will need to be worked out, but when I look at the extent of the problem we are dealing with, I think we need to come up with systematic solutions,” added Charney.