Microsoft calls for blocking infected PC's by ISP's

Internet Service Providers like Belgacom and Telenet should block PC's that seem to be infected by recognized viruscontrols (not heuristic or advanced onces - that would make for too many false positives).

The only problem with this is that you will need a whitelist of organisations, enterprises and infrastructure that can't be blocked individually but that should go through an alert system. In fact this is the beginning of the building of a networkwide alerting system because every such network would have to set up a process in which calls for cleanup from the ISP are taken care off in a speedy way. This would be useful for the CERT and during crisis. And the reason they would have to do it is because otherwise they couldn't be whitelisted (they will need to adapt a process and fill in forms). The reason they would have to clean up is because they would otherwise loose their whitelisting and be automatically blocked if one of their pc's on their network is infected again. I think the business value of securing your network will be so evident (imagine a day without mail or internet) that no one will doubt for a second to secure the computers and place the necessary limits and controls.

For the ISP's it is also quite interesting because it will take off some of their responsability. They can say : "you are blocked because you are infected and you should clean up your computer before you can reconnect. If you don't know which antivirus, here are links to several free ones you can use for home and/or business use. THis is the virus and see here some links to some help if you can't get it off your systems."  The banks and financial services will also find something interesting in it because they will have less infected clients attacking their networks and trying to steal money from their customers.

If customers get fed up with a continuous stream of infections they don't seem to handle (once hacked, always attacked), isp's can offer a clean pipe or protected zone (get mail, bank and another 100 selected trusted services if that is all you do on the web or what you want your kids or others to do on the web). The trusted zones can also be used when a massive worldwide new attack makes it difficult to use the web worldwide.

This is the quote

"If the access provider just made sure you're not carrying any disease and you're not going to infect the community we'll let you connect with no further ado. But if you are infected with something we recognize and have a signature for, let's clean you up and allow you to connect.

I wondered what is the rational basis for doing this to consumers and I started thinking about smoking. People smoked for the longest time even after we knew it causes many types of cancer, heart disease. Society said you have a right to smoke. Even though you're going to add cost to the health care system that we're all going to have to pay for, if you're going to risk lung cancer that's your right. Then the EPA came out with the secondhand smoke report and suddenly smoking was banned in a lot of public places. The philosophy is simple--you may have the right to risk your own life and risk disease, but you don't have a right to sicken the person next to you. So when we started in Internet security we said to consumers, run antivirus, update your software, and back up your data, and many people didn't. The problem with botnets is you're not just risking yourself any more, you're risking everybody else in the community. It's just like smoking."

The comments are closed.