View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 8, 2010

Microsoft suggests ‘quarantine’ for sick PCs

Plan could be 'counter-productive' says security expert

By Steve Evans

Microsoft has suggested that virus-infected computers should be quarantined from the Internet until they are proven to be clean.

In a post on the company’s blog, Scott Charney, corporate vice president of Microsoft’s trustworthy computing team, said that computers should be subject to a similar method of control used to contain infectious diseases.

"Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society," Charney wrote. "In the physical world, international, national, and local health organisations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others. Simply put, we need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk."

A more detailed report into the proposals read: "To improve the security of the Internet, governments and industry could similarly engage in more methodical and systematic activities to improve and maintain the health of the population of devices in the computing ecosystem by promoting preventative measures, detecting infected devices, notifying affected users, enabling those users to treat devices that are infected with malware, and taking additional action to ensure that infected computers do not put other systems at risk."

Other remedies suggested by Charney include bandwidth throttling for infected PCs. PCs would also be asked to display a "health certificate" to prove they are clean before full Internet access is granted by their ISP.

While Microsoft’s intentions are noble, the health certificate approach will be difficult to implement, according to Rik Ferguson of security firm Trend Micro.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"While I can see the good intentions underlying the proposal, I doubt its effectiveness in practice to be honest," he told CBR. "This could well be a costly exercise for ISPs as they would need to set up quarantine networks which hopefully also would contain tools and links to both help diagnose and then resolve whatever the issues were. At the same time each single ISP would see little tangible benefit, such as a reduction in spam levels and a consequent regaining of their own bandwidth, as each individual ISP will only be responsible for a small amount of the total malicious activity."

Ferguson added that the security industry needs to look at this sort of situation from the end user’s perspective, rather than from a technical one. "We should consider how this scheme would be made workable for the vast majority of Internet users who neither need nor want to know how a PC works, let alone how malware works. If you quarantine them without offering them in depth technical support to resolve the issue, the temptation will be to simply switch to another ISP and start again."

"There is a good case to argue for the proactive notification of customers they believe to be infected, along with advice on what to do next but quarantining or throttling them is much more likely to be costly, counter-productive and short-lived," Ferguson concluded.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.