The problem with PCs infected with bots has stymied security professionals ever since botnets came into wide use among cyber criminals. Attempts to shut down the command-and-control servers only temporarily have any effect, and investigators take months -- or years -- to nab the those responsible for the attacks.
Now Microsoft is arguing that the security community needs to develop a collective health policy to restrict sick PCs -- those infected with malware -- from connecting to the Internet.
[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. ]
"Just as when an individual who is not vaccinated puts others' health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society," Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, says in a blog post published Tuesday.
The idea is not new. Many security experts have talked about quarantining infected computers. Research has shown that quarantining compromised computers on the top-50 networks showing signs of infection could eliminate half of all bots. Companies that run network access control (NAC) systems can restrict computers from connecting to their network if they don't have up-to-date security software or do not meet other requirements.
However, such policies rely on the Internet service provider to be the enforcer and cut off customers from the Internet. The problem is customers then require support, which raises the ISP's costs tremendously.
Even so, fearing government mandates to block compromised customers, some Internet service providers have banded together to deal with botnets. In Japan, more than 70 ISPs have partnered with the government to create the Cyber Clean Center, which covers 90 percent of Internet users in that country. Internet service providers in France, Australia, and the Netherlands have also made attempts to collectively tackle the issue of bots.
Microsoft is calling for a four-step plan to implement a health policy for the Internet. First, we must develop a way to define and demonstrate "good health," perhaps a combination of active client-side defenses and a lack of malicious data from a system. Second, a trusted system of health certificates must be created to avoid spoofing a health system. Third, Internet service providers need a way to request and accept health certificates and take action. And fourth, a legal and regulatory framework that supports the model must be created.
"In the physical world, international, national, and local health organizations identify, track, and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others," Charney argues in his post. "Simply put, we need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk."
This article, "Microsoft: Ban sick PCs from the Internet," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.