The problem with PCs infected with bots has stymied security professionals ever since botnets came into wide use among cyber criminals. Attempts to shut down the command-and-control servers only temporarily have any effect, and investigators take months -- or years -- to nab the those responsible for the attacks.
Now Microsoft is arguing that the security community needs to develop a collective health policy to restrict sick PCs -- those infected with malware -- from connecting to the Internet.
[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. ]
"Just as when an individual who is not vaccinated puts others' health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society," Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, says in a blog post published Tuesday.
The idea is not new. Many security experts have talked about quarantining infected computers. Research has shown that quarantining compromised computers on the top-50 networks showing signs of infection could eliminate half of all bots. Companies that run network access control (NAC) systems can restrict computers from connecting to their network if they don't have up-to-date security software or do not meet other requirements.
However, such policies rely on the Internet service provider to be the enforcer and cut off customers from the Internet. The problem is customers then require support, which raises the ISP's costs tremendously.