A hot topic at last week’s RSA Conference in San Francisco was how to stem the flood of botnet-infected PCs.
The controversial solution posed by a Microsoft security executive? Quarantine them.
In the conference’s keynote address, Scott Charney, Microsoft vice president of trustworthy computing, sought to start a discussion on Internet responsibility by comparing malicious software with second-hand smoke. But his analogy didn’t work for me. (The speech is available as a video dated March 2 from the RSA Conference site.)
Charney argued that, because of medical concerns about the dangers of second-hand smoke, smoking is being banned everywhere. “You have a right to infect and give yourself illness,” he said. “You don’t have the right to infect your neighbor. Computers are the same way.”
But are they? We’ve traditionally thought of security in terms of defense: A sends B spam, and B deflects it by filtering it out. Charney proposes that we become proactive and prevent A from ever sending the spam in the first place, even if it means cutting off A’s access to the Internet.
I can see cutting off a professional spammer’s access, but what about an average PC user who probably doesn’t know that his or her PC is sending out spam?
Isolating computers until they’re proven clean
What concerns Charney most is the prevalence of botnets: malware that joins infected computers into a covert, rogue network. Spammers and hackers use the networks of hijacked PCs to either spew spam onto the Internet or launch coordinated attacks against other PCs and Web sites.
Charney suggests that known-infected computers shouldn’t have access to the Internet until after they’ve been cleaned. Following his speech, he said in a CNET News interview: “I remember going to Asia during the SARS epidemic, and as soon as I got off the plane they were standing there with these little guns that took your temperature … If they registered that you had a temperature, they would talk to you, and if they thought you might have SARS, they would quarantine you and treat you. We’ve done this with other kinds of illnesses over generations, actually.”
Barring infected personal computers from the Internet might make the Net safer. But, to follow Charney’s analogy, who takes the PC’s temperature every time it goes online? And who pulls the plug?
Stopping a smoker from lighting up might save a life, but cutting off Internet access could be harmful, both personally and professionally, to the person with the infected computer — without solving the underlying problem.
In Charney’s model, Internet service providers assume a role equivalent to that of medical practitioners, deciding whether a PC on their network is sick and poses a danger to others. He argues that businesses already isolate infected computers on their corporate networks — ISPs should do the same.
The challenge, says Charney, is to get consumers to agree. If consumers are unwilling to run antivirus programs, then perhaps their providers should isolate them from the Internet.
That brings up the specter of giving ISPs access to your PC.
Although customers might worry that ISPs will go further and look for copyrighted material, Charney adds that illegal copies of music and video pose no danger to other computers on the Internet. “Maybe you shouldn’t be violating copyrights,” he said, “but that’s not a public health issue.”
Comcast looks for infected traffic on its net
According to a Feb. 15 Washington Post story, Comcast now notifies customers when their computer traffic is infected with malicious software. Charney points out that “Comcast is doing some of this because it’s cheaper to clean their machines than it is to lose the bandwidth on their network created by all the bots.” The cost of monitoring and holding infected traffic in quarantine, he says, could be borne by the market or by imposing an Internet tax.
Back in 2002, CNET reported on the release of the Bush administration’s “national strategy to secure cyberspace.” Missing from the final plan was an item requiring all ISPs in the U.S. to provide free antivirus and firewall software to their customers.
I thought it was a good idea then, and I still do. But it’s only a start. Providing free security software is no more the ultimate solution than is putting PCs under quarantine, and for the same reason — there are millions of infected PCs in other countries.
According to the Washington Post article mentioned above, security company McAfee tallied infected computers worldwide and found that China leads the pack with 1,095,000 actively infected PCs.
Will the majority of foreign ISPs support a quarantine system — much less provide free security software? Doubtful.
Fortunately, anti-malware protection is a low-cost or no-cost investment in keeping your PC safe from hackers. I recommend the following useful suite of free security software: AVG’s Anti-Virus Free Edition 9.0 (product page), Checkpoint’s ZoneAlarm Free Firewall (download page), and AVG’s LinkScanner (product page).
As an alternative to AVG, Microsoft also provides a free antivirus product called Security Essentials (download page). Personally, I think AVG is more effective, but Microsoft does offer a no-cost form of protection.
Together, these products can do a good job of eliminating malware without the expense of annual subscription fees.
| Have more info on this subject? Post your tip in the WS Columns forum.|
WS contributing editor Robert Vamosi was senior editor of CNET.com from 1999 to 2008, writing pieces such as Security Watch, the winner of the 2005 MAGGIE Award for best regularly featured Web column for consumers.