Microsoft: Infected internet PCs should be placed in quarantine
At the ISSE 2010 security conference in Berlin, Microsoft's Vice President for Trustworthy Computing, Scott Charney, suggested that to get the increasing number of problems with botnets under control, infected PCs should be isolated from the internet. In his report entitled "Collective Defense - Applying Public Health Models to the Internet", the executive uses the example of a public health system which puts infected persons into quarantine to avoid infecting others.
Charney suggests that governments and the industry should adopt a similar model, and that to ensure PC "health" within the IT ecosystem, measures must be taken: Detect infected devices, notify affected users and help those users solve their problem. Only devices with a valid "health certificate" should be allowed to access the internet, said Charney. The ideas he presented are closely related to a protective technology that is already part of modern Windows versions, where it is called Network Access Protection (NAP). The NAP approach involves similar Health Registration Authorities (HRAs) which check health certificates submitted by clients and then decide whether a device is allowed to access the rest of the network. Whether a technology originally designed for corporate environments is suitable for controlling internet access remains an open question.
Charney concedes that his comparison with the existing public health system is not perfect because the health system has more doctors, nurses and pharmacists. The executive also said that potential privacy concerns must be carefully considered in any effort to promote internet security. However, examining a computer's health is not the same as examining content, said Charney.
The idea of putting infected PCs into quarantine isn't new. Since mid-September, an anti-botnet advice centre has been in operation in Germany. The contributing internet service providers inform customers whose PCs show strong signs of a botnet infection, for instance because their internet connection appears to be a source of spam. Similar initiatives against botnets already exist in Australia, Canada, Japan, South Korea and in the Netherlands.