Microsoft has suggested that virus-infected computers should be quarantined from the Internet until they are proven to be clean.
In a post on the company’s blog, Scott Charney, corporate vice president of Microsoft’s trustworthy computing team, said that computers should be subject to a similar method of control used to contain infectious diseases.
"Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society," Charney wrote. "In the physical world, international, national, and local health organisations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others. Simply put, we need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk."
A more detailed report into the proposals read: "To improve the security of the Internet, governments and industry could similarly engage in more methodical and systematic activities to improve and maintain the health of the population of devices in the computing ecosystem by promoting preventative measures, detecting infected devices, notifying affected users, enabling those users to treat devices that are infected with malware, and taking additional action to ensure that infected computers do not put other systems at risk."
Other remedies suggested by Charney include bandwidth throttling for infected PCs. PCs would also be asked to display a "health certificate" to prove they are clean before full Internet access is granted by their ISP.
While Microsoft’s intentions are noble, the health certificate approach will be difficult to implement, according to Rik Ferguson of security firm Trend Micro.
"While I can see the good intentions underlying the proposal, I doubt its effectiveness in practice to be honest," he told CBR. "This could well be a costly exercise for ISPs as they would need to set up quarantine networks which hopefully also would contain tools and links to both help diagnose and then resolve whatever the issues were. At the same time each single ISP would see little tangible benefit, such as a reduction in spam levels and a consequent regaining of their own bandwidth, as each individual ISP will only be responsible for a small amount of the total malicious activity."
Ferguson added that the security industry needs to look at this sort of situation from the end user’s perspective, rather than from a technical one. "We should consider how this scheme would be made workable for the vast majority of Internet users who neither need nor want to know how a PC works, let alone how malware works. If you quarantine them without offering them in depth technical support to resolve the issue, the temptation will be to simply switch to another ISP and start again."
"There is a good case to argue for the proactive notification of customers they believe to be infected, along with advice on what to do next but quarantining or throttling them is much more likely to be costly, counter-productive and short-lived," Ferguson concluded.
