How will we ever get a leg up on hackers who are infecting computers worldwide? Microsoft's security chief laid out several suggestions Tuesday, including a possible Internet usage tax to pay for the inspection and quarantine of machines. Today most hacked PCs run Microsoft's Windows operating system, and the company has invested millions in trying to fight the problem.
Microsoft recently used the U.S. court system to shut down the Waledac botnet, introducing a new tactic in the battle against hackers. Speaking at the RSA security conference in San Francisco, Microsoft Corporate Vice President for Trustworthy Computing Scott Charney said that the technology industry needs to think about more "social solutions." That means fighting the bad guys at several levels, he said. "Just like we do defense in depth in IT, we have to do defense in depth in [hacking] response."
"I actually think the health care model ... might be an interesting way to think about the problem," Charney said. With medical diseases, there are education programs, but there are also social programs to inspect people and quarantine the sick. This model could work to fight computer viruses too, he said. When a computer user allows malware to run on his computer, "you're not just accepting it for yourself, you're contaminating everyone around you," he said.
The idea that Internet service providers might somehow step up in the fight against malware is not new. The problem, however, is cost.
Customer calls already eat into service provider profits. Adding quarantine and malware-fixing costs to that would be prohibitive, said Danny McPherson, chief research officer with Arbor Networks, via instant message. "They have no incentive to do anything today."
So who would foot the bill? "Maybe markets will make it work," Charney said. But an Internet usage tax might be the way to go. "You could say it's a public safety issue and do it with general taxation," he said.
According to Microsoft, there are 3.8 million infected botnet computers worldwide, 1 million of which are in the U.S. They are used to steal sensitive information and send spam, and were a launching point for 190,000 distributed denial-of-service attacks in 2008.