Microsoft Suggests Public Health Response for Sick PCs
When your sick PC connects to the Internet and starts distributing malicious spam and propagating worms and viruses to other vulnerable systems, it impacts all who share the Internet. Microsoft's Scott Charney proposes a novel approach to addressing that issue, suggesting that we treat infected devices as we do infected people.
Many organizations have already adopted some form of network access protection (NAP). NAP solutions analyze the security configuration and posture of a given system before allowing it to connect to network resources. If the user account password is too simple, or the personal firewall is disabled, or the antimalware software is not up to date, the device is redirected to a safe site that explains the baseline security requirements and provides links to get the computer compliant, or simply bans the computer from connecting.
Consumers, however, make up a significant percentage of the computers sharing the Internet, and with no IT admin or computer security team overseeing things the odds of compromise or infection are higher. Consumers view computers as an appliance--on par with the TV or microwave or an automobile. They simply want them to work and perform the tasks they were designed to perform without requiring some sort of advanced knowledge and constant monitoring.
In a blog post related to his proposal, Charney spells out the problem, "commonly available cyber defenses such as firewalls, antivirus and automatic updates for security patches can reduce risk, but they're not enough. Despite our best efforts, many consumer computers are host to malware or are part of a botnet. "Bots," networks of compromised computers controlled by hackers, can provide criminals with a relatively easy means to commit identity theft and also lead to much more devastating consequences if used for an attack on critical government infrastructure or financial systems."
Charney suggests, "Just as when an individual who is not vaccinated puts others' health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society. In the physical world, international, national, and local health organizations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others. Simply put, we need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk."
Granted, airport security does not routinely perform comprehensive medical exams, but individuals with highly contagious diseases are prohibited from flying. During the recent Swine Flu pandemic scare, the World Health Organization put protocols in place to try to contain infections and prevent the disease from spreading any farther.
Charney feels that a similar approach should be taken when it comes to protecting the cyber world from the "pandemic" spread of a worm or botnet. The suggestion seems worthy of exploration. It may seem like a heavy-handed approach, but its refreshing to see organizations thinking outside of the traditional security box and proposing proactive solutions to get a step ahead of the attackers.