Microsoft: ISPs should quarantine infected PCs
By Barry Collins
Posted on 3 Mar 2010 at 08:30
Microsoft has suggested that ISPs should quarantine and clean-up infected PCs before they're allowed back on to the internet.
Scott Charney, Microsoft's corporate vice president of trustworthy computing, said quarantining systems was the only effective way of dealing with the threat of botnets on consumer PCs.
"With medical diseases we basically educate people, and sometimes if you've flown to certain countries they'll scan you for your temperature as you get off the plane," said Charney, speaking at the RSA security conference. "If you seem to be infected, you're quarantined and you're treated."
The attacks are happening at light speed; we have to respond at light speed. So, we should think about inspection and quarantine
"The question is, why don't we do this for consumers? Why don't we think about access providers who are doing inspection and quarantine, and cleaning machines prior to access to the internet?"
Charney cited the case of his young son and 80-year-old mother, who both blithely click "OK" on warning message pop-ups because they either can't read (in the case of his son) or don't understand the warning.
"The reason governments and enterprises can manage the botnet risk is because they have professional IT staff; this is their job, they manage this risk," he said. "It is much more complicated in the consumer space."
"The attacks are happening at light speed; we have to respond at light speed. So, we should think about inspection and quarantine."
Charney likened the problem of infected PCs with that of secondary smoking. "People used to smoke, and we said, look, you're going to kill yourself, but if you want to die, go ahead. You're causing cost to the health care system; we'll eat those costs, go ahead and kill yourself," he said.
"Then, of course, the EPA [US Environmental Protection Agency] comes out with secondhand smoke. Suddenly, smoking is banned everywhere. You have a right to infect and give yourself illness, you don't have the right to infect your neighbour."
"Well, the computers are the same way," Charney added. "We've told people run antivirus, patch, backup your data. But if you don't do that stuff and you lose all your stuff, that's a risk you can accept. But today you're not just accepting it for yourself, you're contaminating everyone around you, right?"
Charney suggests internet users would have to pay a tax to fund the scheme. "We pay a fee to put phone service in rural areas, we pay a tax on our airline ticket for security. You could say it's a public safety issue and do it with general taxation," he claimed.
Microsoft should disable all Windows PCs that are vulnerable to discovered exploits until they are patched.
By sbeams on 3 Mar 2010
sbeams,I seriously hope that's sarcasm, because I purposefully withhold some updates from the computers that I manage. Why bother to update IE, or Outlook, when I use neither, or to update windows defender when I shut it off and use a more capable third party solution?
And what about those of us who don't update until we can be certain that the updates aren't harmful, or won't clash with a third party package. We all remember the black screen of death incident a few weeks back.
As a mega corp, Microsoft should also have no right to puta kill switch in something that you legally own. No matter how infested it is. Suppose a hacker found out how to control it and shut down the Pentagon's Windows network?
By Perfectblue97 on 3 Mar 2010
Look at the EULA - you don't own the operating system (although you may own the hardware it runs on), what you own is a license to use it under the terms agreed.
By jbarnett on 3 Mar 2010
"The reason governments and enterprises can manage the botnet risk is because they have professional IT staff; this is their job, they manage this risk,"
Quote from Butterfly botnet article "Mariposa had infected machines in 190 countries in homes, government agencies, schools, more than half of the world's 1,000 largest companies and at least 40 big financial institutions, according to two internet security firms that helped Spanish officials crack the ring."
Does not look like profession IT staff makes a great deal of difference.
By chapelgarth on 3 Mar 2010
Horse Stable Door
Isnt the trick to make the things reasonably secure in the first place.
I get infected machines in every week, clean them and put on updates and a reputable I.S. package.
End result, I only tend to get the PC's back for renewal and a spring clean once a year.
I still think its better to require an SSL on every server and chase down the servers pushing out the infections.
By Gindylow on 4 Mar 2010
It's a good idea
I totally agree with this article. PCs that are infected should be removed from the internet, cleaned and fully patched, reputable anti malware software installed and then returned to the internet. At least that way, the threat of botnets can be significantly reduced.
There is very little excuse for running out of date web browsers, browser plug ins (e.g. Adobe Flash, Sun’s Java etc) and old PDF reader software (e.g. Adobe Reader). They are free to update and make your PC much more secure when update to date. Unfortunately, a lot of people don’t know the importance of this or are too lazy to do so.
If you are worried about application compatibility, back up the PC (using imaging software e.g. Acronis True Image or Norton Ghost) before installing the new updates and try out the applications that concern you. If things don’t work, simply restore from the backup and continue on. Then you might want to find out what went wrong and why.
I would like to recommend that you update IE and Outlook even if you don’t use them. If your PC gets infected the malware could further exploit the un-patched vulnerabilities in these popular applications even if you don’t use them to further compromise your system. It would be no harm to turn on Windows Defender once in a while and fully update it and then turn it off again. Vulnerabilities were found in Windows Defender some years ago and were fixed when it was updated. There is nothing to stop Microsoft incorporating silent fixes for as yet undisclosed vulnerabilities in Windows Defender.
All you have to do is to use IE (if using Windows XP) to visit http://update.microsoft.com (if using Vista or Windows 7, use the Windows Update application on your Start menu) and tick the boxes to install updates for IE and Outlook (and other updates you are offered). It only takes a few minutes and will make you machine as secure as it can be.
If you are using another web browser and haven’t patched IE in a long time you simply have a false sense of security. Patch IE and be as secure as you can.
I am not trying to be critical; I simply want as many people as possible to be secure. I am just trying to offer some free advice.
I have 3 PCs (2 XP SP3 and 1 Vista Ultimate x64 SP2, soon the XP PCs will be Windows 7 : ) ) and I constantly patch them as soon as updates are released. I haven’t had any application compatibility problems in many years. It doesn’t take too much effort to be secure.
Sorry for the long comment.
By Jimbo762 on 4 Mar 2010
Here we go again the end user is the one at fault in Microsoft's eye Oh no it can't be the crappy OS they put out and the gullible public buys thinking that the next one will actually be secure and work Nah my friends it is time to leave MS behind and switch to Linux Opensource. Also I might add that MS has been and is in bed with NSA/CIA/FBI to implant back doors into every system for years and let us not forget there cooperation with the Chinese to censor the internet for that Slave state. No Microsoft is not your friend dump it for freedom, independence and the American way!
Long live Linux!
By freedomOS on 4 Mar 2010
By c6ten on 4 Mar 2010
If the computer is blocked from the Internet...
Where do the cleaners and updates come from?
Answer: some oik who has a bright shiny Microsoft Approved Cleaner logo about his person will have to come physically visit your machine.
After he's done no doubt you then get a bill for several hundred quid.
Fear and doubt as a source of revenue 'R Us...
By derek_c on 4 Mar 2010
"then get a bill"
No, it's all part of the service - paid for by the tax proposed by Mr. Charney.
Although, that still doesn't answer from whence the cleaners actually come, or who supplies them.
By greemble on 5 Mar 2010
Hope you've got your tinfoil hat on - if not, the PC Pro forum used to have a member that would supply them.
At least he used to - not seen him around lately. I wonder if he's been taken away in a black helicopter?
By greemble on 5 Mar 2010
You seem to think I was too harsh on end users. Not really, the majority of end users don’t see the importance of patching their applications or their operating system. Most of this could be fixed if they updated Windows using Windows Update (Vista and Windows 7) or visiting http://update.microsoft.com for Windows XP.
End users need to make use of the tools available to them. It’s a case of “you can bring a horse to water but you can’t make him drink!” If the OS and/or applications installed all updates silently without asking there would be public outcry, what are software vendors to do? Provide updaters that people ignore or don’t use or cause even more problems by updating totally automatically.
Linux has vulnerabilities too you know!
So what about Microsoft’s “relationship” with the FBI, CIA and NSA? Unless you have something to hide, these security agencies have bigger fish to catch!
Windows 7 has a far better record of security that Windows XP had when it was launched.
The updates come from clean computers that you would hopefully have in your home (many people have more than 1 PC these days). Or maybe a friends PC or a reputable internet café. I wasn’t talking about paid for services.
I agree! That' s telling him!
By Jimbo762 on 6 Mar 2010
Hatless & Foiled again...
PC Pro lost a whole pile of regular users when they swapped over from the Old Web groups onto shiney bling tastic blogoshpere.
Perhaps we need a new master of the Tin Foil Hat?
By Gindylow on 6 Mar 2010
The fault is sloppy programming.
I just can't believe MS folk sometimes. These botnets arise from exploiting the weak security measures used in MS operating systems and sloppy programming in third party software. No MS OS has a robust system of user/root privileges and third party software often requires root (admin in windows speak) privileges to function (often by default) when there is no real need to have them.
Yes Jimbo762, linux systems can be hacked like any other but this is usually achieved by finding weak passwords (and is thus due to user error) or brute force attack rather than exploitation of inherent OS/application vulnerabilities. Where good security practise is used on linux systems, they are remarkably resilient to attack. And yes, there are viruses for linux too but to date, these are only proof of concept viruses that exist in security labs; there are none in the wild. These viruses have to be deliberately run by the user to activate yet once active, cannot harm system files as users have no access to these. Thus, these viruses can't spread, as they don't have root permission.
So come on MS, put your hand up to this and get it sorted out, you should be paying for these bad consequences of using your software, not the general public.
By iclbmc1 on 15 Mar 2010
- Tech City: Easy to score when you move the goalposts
- How to remove SkyDrive from the Windows 8.1 Explorer
- Switching from iPhone to Android? Switch off iMessage
- Why is Google pumping more money into Firefox?
- Sky Broadband Shield review
- Samsung Galaxy S4: how to double your battery life
- Motorola Moto G review: first look
- IBM Watson meets Willy Wonka
- Google’s support policies shove users towards Chrome
- Lenovo Yoga Tablet review: first look
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet