Microsoft - quarantine infected PCs!

Filed Under: Law & order, Malware, Microsoft, Privacy, Spam

The Guardian leads today with a story entitled "Microsoft: virus-hit PCs should be quarantined". The idea, endorsed on Microsoft's own technoblog, is not new.

The theory is simple: if you are infected with a bot, then the best thing you can do for yourself is to get rid of that bot. It's also the best thing you can do for everyone else in your neighbourhood on the internet. These days, that means everyone else on the internet.

You'll protect yourself from identity theft, and you'll spare the rest of the network from the bandwidth-plundering poisoned packets which your zombified PC is spewing out.

Ergo, if your ISP knows you are infected with a bot, and you don't realise, or you don't care, then the best thing your ISP can do is to help you get rid of the bot.

If you still don't care, then they can help you and everyone else by restricting your internet access, both to protect you from yourself, and to dangle you a carrot. Fix the bot. Restrictions removed.

And if you still don't care, then the ISP has a stick. Modem unplugged at the other end. Thanks for coming. Goodbye.

One problem is that for ISPs to implement such schemes is expensive - and at least some of that expense goes on helping those least willing (rather than least able) to help themselves.

And unless all, or at least a significant majority, of ISPs follow the same code of "assist - show carrot - wield stick", egregious offenders can recover from disconnection simply by churning their business to a more easy-going ISP. To add insult to injury, that ISP's running costs will be lower.

What does all this mean? It means that when ISPs try to take the upper hand, at their own expense, in dealing with zombified customers, we ought to applaud them.

I've argued before (commenting on the Australian iCode scheme) that ISP-based quarantining, and even forcible disconnection, is not the privacy nightmare which some people think.

Provided that ISPs decide whether you are zombified from your public-facing internet behaviour, such as spam already reported by other people from your computer, rather than by snooping on your traffic or your PC, it's hard to have serious privacy objections.

I'm not sure that we need biological or biomedical analogies for ISP intervention against infected PCs, such as those applied in Microsoft's abovementioned blog. (The article links to Scott Charney's paper majestically entitled "Applying Public Health Models to the Internet", which is stretching things a bit.)

All we need is a bit of common sense, and the willingness to accept that we owe it to ourselves, and to the rest of the internet, to keep our corner of the cyberworld secure. The flip-side of this, of course, is that if we don't, we may be made to stand outside until we have learned to behave.

There's a simple name for this sort of approach, and it works.

Defence in depth.

, , , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog