Microsoft and botnets alerting : some thoughts

Microsoft is the one firm in the world investing the most resources in tackling botnets and using any means to disrupt their networks (including getting them in US courts)

Botnets are a complex problem that requires a multi-faceted global solution. As such, no one entity can solve the problem alone. Microsoft believes that voluntary efforts to combat botnets must include members of the entire ecosystem. In fact, the most interesting and effective solutions will come from the partnerships between different parts of the ecosystem.


o We emphasize the need to disrupt and ultimately prevent botnets in the future. It is important not to simply build mechanisms by which botnet infections can be cleaned up very efficiently, in perpetuity. To do this, we must disrupt the botnet business models by simultaneously raising the attackers’ costs while lowering their gains.


o We are supportive of efforts to notify customers of infected devices, but recognize the increased possibility for fraudulent notifications. There are two key aspects to making notifications resistant to fraud and effective to end-users regardless of the form they take. First is to establish a trusted communications channel, so that users can be assured they are getting notifications from a trusted entity, and not just another attacker trying to get them to put malware on their system. Second is to explain the problem and the solution in terms the user can understand and with steps they can easily follow.


o We believe the most effective measure end users can take to stop botnet infections before they happen is to use the most current versions of operating systems, applications and security software available to them. Our recent Security Intelligence Report shows that each successive version of Windows has a lower infection rate than its predecessor.

but even than I still think it is up to the ISP's to block the addresses of known botnet servers and to alert by trusted channels (why not the ISP bill for example) that that person could be infected and should install an antivirus or any other securitymeasure

and I still think that a securitypackage should come automatically with your ISP subscription (even if you would be able to chose between different products).

The comments are closed.