A top Microsoft executive is floating the idea of creating mandatory quarantines for computers with malware infections that pose a risk to internet users. The informal proposal, made Tuesday by Microsoft Vice President of Trustworthy Computing Scott Charney, was short on specifics, such as who would be responsible for …
He might have a point if the owners of quarantined computers were ones upon which the virus was written that infected itself... but they're often just as innocent as other potential victims. His analogy sucks, and with thinking like that, I don't want to hear about "the cloud" from him.
At least they'd discover the problem and could seek help to fix it and be educated in how to avoid it in the future. The problem with most infected PCs is because the owners are unaware and probably not techie enough to think to check.
I have no problem with the rubber room concept provided there's a helpful man in a white coat who can assist you to get out. Now, who pays for it is another argument entirely...
The rubber room concept...
...makes sense, provided you understand what is going on. Explain that to somebody that thinks IE is "the Internet".
Thanks to Microsoft's EU-mandated update, I have a bunch of grannies asking my advice regarding the choice of browser. My advice? Ignore it, carry on as you were.
You might be screaming at me for letting them carry on with IE, however of those I installed Firefox for, the usual response is "No, this doesn't work like it used to, put the old one back".
Now, you'll explain a mandatory quarantine HOW?
Maybe If M$ didn't distribute system knobbling software like WGA, maybe those machines would have stayed on auto update and be patched against a lot of the exploits that are currently doing the rounds... But no, you didn't want people using your software illegally, and now there are countries full of machines which haven't had an update since XP SP2.
Thanks so much.
Personally I think ISPs should do a bit of monitoring... A machine suddenly making 100 SMTP connections to multiple servers over the course of an hour should make alarm bells start ringing.
Surely not too hard to spot, when you've finished checking for P2P connections of course.
WGA has no impact on automatic security updates.
For the whole lifecycle of the product Microsoft provides free security updates. Pirated or legal copy of the OS.
You can take off your tin foil hat now.
So people *steal* a commercial OS, and then whine when said OS' vendor—a company that has never made any secret about wanting to be *paid* for its work—tells you to piss off and *buy* a copy when you demand they give you updates they've developed at their own expense for *free*? Seriously? Do you have any idea how f*cked-up that sounds?
Why the hell do you expect *any* business to act like a charity, just because you have a misplaced sense of entitlement? Is your business and / or personal data really so worthless that you can't afford £60 to buy a *legal* copy of Windows?
If you really don't think Windows is worth the price, sod off and buy Linux. There's no shortage of people wanking on here about how awesome it is.
100 SMTP connections per hour...
My ISP blocks all outgoing SMTP servers. I have to use the orange one. It is quick, reliable, and doesn't care who I claim to be (I usually set up accounts and then just say "use orange SMTP").
I would imagine it would only start to interfere if I posted to many CCs and/or fired off a mass of mails from the same IP.
a faulty paradigm
> You don't have the right to infect your neighbour
Except in cases where one person deliberately infects another (with, say AIDS) we tend to forgive people who pass on coughs and sneezes. We also tend not to know where we get other diseases from - probably just as well, otherwise the "no win no fee" parasites would have a field day. The point about this is that we're quite good at healing ourselves, so any ill effects are soon cured.
What this guy seems to forget is that operating systems (one variety at least) are hopeless at defending themselves against attack. In evolutionary terms, they'd have died off before the dinosaurs. Probably the very first time their hosts ate a slightly unripe berry. Maybe MS should spend the money we've paid them in developing a product that has the resilience to deal with attacks and if not cure themselves, then at least mitigate an attacks effect to the level of a sneeze, rather than bubonic plague.
Worse, M$ wants the rest of us to pay for it
Unfortunately, this clown is proposing a universal Internet Tax to pay for the rubber rooms, rather than using Microsoft profits to fix Microsoft problems:
Who would pay, then, if a bunch of Linux machines got taken out by a worm?
@ Rob Moir
That's a good point. Under the scheme of taxing people to quarantine them, everyone could be quarantined in the knowledge that they had paid for it. How could someone suggest that the company which actually wants this scheme implemented, rather than the public which doesn't give a shit, should pay for it? Imagine that some freeloader is using FreeBSD when they get to have their Internet connection cut off completely free of charge! Bloody thieving bastards!
A Better Idea
Here's a better idea: rather than quarantine malware-infested computers, why not do the owners a favour and give them an operating system that isn't a steaming pile of fresh manure, such as...... well, anything other than Windows. That way, they get a better computing experience and the internet becomes a better place.
How many times...
obscurity != security
Go look up pwn to own.
He may have meant...
...a more open OS. You know, one where you could go and look at the code if you wanted.
The people who rely on obscurity are the likes of MS and their shills.
Pwn to Own
Pwn to Own is a bunch of self-congratulatory 1337 haxxors trying to get a free laptop and represents nothing to do with the real world. Try again.
Put Microsoft in a rubber room
and the problem of malware infected PCs will go away by itself.
You beat me to it.
Just block all Windwoes PCs from the Internet. Problem solved.
"You don't have the right to infect your neighbor"
What about all those diseased gits on the train being "heroes" and going to work "even though" they are sick, coughing their germs all over everyone else and infecting half the population then? Can we throw them off the train?
More importantly can we throw infected Windows machines out of the nearest window?
throw the gits off the train...along with all the twats shouting into their mobiles. A moving train, that is.
Meanwhile, if "You have a right to infect and give yourself illness. You don't have the right to infect your neighbor. Computers are the same way", what was the reason for banging up people for dope again?
'being "heroes" '?
I think you mean "not loosing their jobs". You may be lucky enough to work somewhere where "I feel like shit and am coughing my guts up" is a valid reason for being off work but not all of us do. Some of us work places where you are questioned about each and every day you take off and told things like "sometimes you feel bad in the morning but get better later on, so perhaps you could come in and see how you feel?".
Take a stand...
Every time you are off you should have a back to work interview, and as part of H&S best practice they should ask if work was the cause. Tell them it was, as there is a policy of discouraging people from takeing time off ill. Get a few people to do it and it won't be long untill the HR droids are knocking on your bosses door (If you work for a half way ethical company, if not get the hell out).
So, essentially ...
Microsoft is proposing an intranet for computers running Microsoft software, thus leaving the rest of us alone? Sounds good to me!
So, just quarantine all the PCs running Windows
job's a good 'un.
Why not allow security patches to be installed even on pirated copies of Windows? That would take down a lot of surface area for malware.
Microsoft doesn't stop Windows update from getting security patches because of WGA failure.
Whiskey Tango Foxtrot?
"Why not allow security patches to be installed even on pirated copies of Windows?" -- what have you been smoking?
Pirate copies of Windows are pirate copies of Windows, and whoever is running them needs busting for copyright violation -- *not* encouraging to leech off others as though that was normal behaviour. If a malware infection is traced to a compromised PC and it turns out to be running an unauthorised copy of Windows, the owner should get the book thrown at them.
Look, if you don't want to pay for software, that's fine -- just don't use software you are supposed to pay for. How freakin' hard is that already?
Ah... a shame?
bout time too?
How to clean
Most of these Implementations would leave people with no way to fix their infected PC (other than to ship it off to be fixed.) So you can place all your data into the cloud, but then microsoft gets to lock you out until you get a new PC? This is assuming they are behind a NAT, and so they will likely be forced to block all devices on that same NAT. Also that paid repair is going to cost more than a replacing the PC.
"U-Prove is being used to help the German government roll out its electronic ID card system" - interesting, presumably the cuddly Kim Cameron we're-on-your-side-ID-mongers (http://www.identityblog.com/, http://msdn.microsoft.com/en-us/library/aa983293.aspx, http://www.theregister.co.uk/2006/03/28/infocard_identity/, etc ad nauseum) will be selling this to uk.gov?
"A top Microsoft executive is floating the idea of creating mandatory quarantines for computers with malware infections that pose a risk to internet users."
Can of worms meet opener.
While you couldn't really blame Microsoft for vulnerabilities that are fixed ASAP, they'd sure warrant severe penalties for the ones they don't fix in any sort of a hurry!
Then we have to look at vulnerabilities in Microsoft that products that exist because they had the choice of making something that would sell more/quicker or something that was secure. Most of these owners of infected machines, are, precisely because Microsoft skimped on security for profit. Into which category also you could include tacitly releasing 'beta' products, i.e. Windows This, Windows That, Windows TheOther, for testing on the customer.
Can of worms indeed!
Ha ha ha!
You don't have the right to infect your neighbour
I thought most malware was spread through compromised webservers, dodgy downloads and stupid people. With most people behind a NAT nowadays I cannot believe that a malware infection on a normal PC could attack others and spread unless they were on a local network - which rather defeats the point of banning them from the internet.
ISPs can't be trusted...
I run a Linux shop, no Windows PCs anywhere. Imagine my suprise when I got an automated message informing me that I had to visiti my ISPs security page, download and install their security suite, and clean my computers or they would cut me off. So much for the ISP being able to do the job.
Do you know they were clean because
You run linux, or you checked? If its the first then your system may well be riddled with the stuff, because linux is not a 100% proof against infection. If its the second then you are unfairly having a go at MS.
I think ...
I think the "security suite" they made him download and run is probably a Windows thing. They won't let him use the service until their software reports back to them from the Windows machine they forced him to install it on. But I could be wrong.
Metronet (smaller UK ISP which got bought by the Plusnet borg) was doing this back in 2005.
Infected by a bot, spewing spam traffic?
Automated port blocking, with browse redirection to a helpful page.
What if, every six months or so, you just had to prove to your ISP that your OS and popular Internet-facing apps had the latest security patches applied? (that's _security_patches_, not feature updates)
Then, if you're found to be running software with known security flaws, you are prompted to update the software before being allowed unfettered access to the Internet.
Oh, and anyone who is stupid enough to install a fake "ISP validation tool" would be banned from the Internet forever.
More Bad Analogies
The MOT isn't a bad idea as such, but why prove it to your ISP? It should never be up to the ISP to police the internet. Governments are proving very slow to catch up with things online, but every country really should have a single agency that has oversight of the internet. No, not OFCON, we need something that has some teeth.
people who know what they are doing? People who don't want to up-date with some patches? MS are well known for braking things with iffy patches, thats why you have the choice too...
...so long as the ISP can prove to me that the places I may visit and the files that may be cached on my system will be virus free.
Given that my site was compromised a while back, and two friends have had theirs compromised more recently, not to mention the current F1=pwn, it might be interesting to know:
1. What is the dispersal rate between email viri and nasty stuff lurking in web pages.
2. Is lurking web page stuff able to autoinfect, or does it need user interaction?
3. Is email stuff able to autoinfect, or does it need user interaction?
My personal feeling is that the quarantine is a solution looking for an outdated problem, and that the more likely current risk is malicious content which resides on various servers and NOT a case of user machine to user machine cross infection, which is kinda '90s...
By what means "detect", exactly?
"mandatory quarantines for computers with malware infections"
Sounds great (if impossible). But how to start? Since no one anti-malware software can detect everything, and new viruses appear regularly that evade even a collection of scanners, by what possible mechanism could we determine if a machine has the latest botnet beastie swimming around in it's boot sector, infecting it's neighbors?
Besides, even if we were able to "rubber room" all currently infected PCs, by jove, we'd likely have half the Windows PCs off the Net tomorrow! If not more!
Yes, please give us a way to effectively combat the insane tide of Windows-infective virus material out there -- we sysadmins are getting the piss taken out of us currently.
presumption of innocence ?
I'd start by including ALL Windows machines in the rubber room.
Let out the ones that can pass a cleanliness check.
@AC: the rubber room can let owners onto fix-up places. They don't have to be denied absolutely every access. This is well-understood technology. And the NAT issue is soluble too.
Quip of the Week so Far.
""A top Microsoft executive is floating the idea of creating mandatory quarantines for computers with malware infections that pose a risk to internet users."
Can of worms meet opener." ... Mark 65 Posted Tuesday 2nd March 2010 23:27 GMT
That had me a'tittering, Mark 65. Thanks ..... a'Titter is Good for You.
Old half idea - still waiting for the other half
Decades ago some ISP's tried contacting their customers with infected PC's and helping them deal with their problems. The result was often a happy customer not wasting the ISP's bandwidth with spam. The other possibility was an angry customer wasting a competitor's bandwidth with spam. I am not sure it would still work - malware is smarter and customers are more computer illiterate.
ISP's compete hard on price. If they put up there prices a little and offer a discount for not running malware then there is a chance customers will make an effort to keep their machines clean.
Incorporate Microsoft's BSD licensed source code today and get hit for patent infringement tomorrow. Even a PHB can see that one coming.
Patches and diseases...
"Why not allow security patches to be installed even on pirated copies of Windows? That would take down a lot of surface area for malware."
They do. Even pirate copies can install critical updates, its the less important bug fixes and usability they miss out on.
As for forgiving people for sneezing on us, yes we do. However people do tend to get rather annoyed when someone phones them 6 months later to tell you to get a HIV test. Perhaps the people being quarantined ARE victims, but the quarantine would then make them take their computer to someone to get fixed surely, thus they stop being a victim.
...I have no issue with infected PCs being blocked by the ISP (after their own scanning, or someone alerting them) and the owner being made to cover all costs incurred (including clean-up - they can take it to a certified engineer if needs be). People need to wise-up to their on-line responsibilities.
But for MS to propose such measures is a bit beyond the pale. If their OS was not SO EASY to infect and subvert, we would not have these issues. *nixes (and I include OS X) are not immune, but they are a shit-load harder to subvert with the tricks that work on Windows. They are also a heterogeneous and compatible environment, so it would be extremely hard for one piece of malware to infect more than a subset of machines.
Often it is not the OS that is actually infected, but some application (e.g. MS Office) that is bent to the will of the hacker. If you are lucky, MS will update this on a random Tuesday. But what if it was a non-MS app? You've got little help unless you actively seek our the patch/new version.
The update mechanism on any modern Linux distro (I don't know about OS X, sorry) is vastly superior than the one on Windows; it takes care not only of the OS and ancillary systems, but also all applications that have been installed via the certified repositories (or whatever your particular brand on Linux happens to call them). No need to go looking, your system will check for updates once a day (or whatever you set it to).
One side effect is that you may get a batch of updates every day. This is a "Good Thing"(tm) as you get the fix as soon as it is ready and don't have to wait for that special Tuesday. Reboots are rare due to how *nix deals with files and it is all over in a few mouse clicks (or a few terminal commands if you prefer). And yes, you can modify how all this works for the corporate environment).
If the world moved to Linux (or OS X, BSD, Haiku...) tomorrow, viruses, rootkits, trojans etc would not vanish, but they would become much, much harder to forge given the reasons above. The only losers would be Symantec et al.
So, by all means, block infected machines, but ask yourself why such measures should be necessary. If the internet is the "information super highway", then Windows PCs are unfit for the road and fail their MOT (or TUV or...)
@a better idea
No, quarantining all MS computers wouldn't be a good idea because the miscreants will then go after other OSs. How do you keep flies out of the kitchen? - put a bucket of shit in the living room. M$ is the bucket of shit. We have to be thankful for Tesco because it keeps the riff-raff out of Sainsbury's (and Sainsbury's keeps hoi polloi out of Waitrose). In other words we need lots of people to use Windows, get themselves infected, give away all their banking details etc so the rest of us can have a bit of peace.
"quarantining all MS computers wouldn't be a good idea because the miscreants will then go after other OSs" -- but you're forgetting that other OSs tend to have such concepts baked in as privilege separation, non-executable files and running on different architectures beside 80x86, making them inherently *much* harder to attack than Windows.