back to article Microsoft: We’ve taken down the botnets. Europol: Would Sir like a kill switch, too?

Last December, Microsoft intercepted traffic on users’ PCs and helped break up a botnet. And nobody complained. So the company very tentatively asked at a session on ethics and policy in Brussels this week whether it should do more. John Frank, Microsoft's VP of European Government Affairs, explained how Microsoft had helped …

  1. This post has been deleted by its author

    1. Dave 126 Silver badge

      C'mon 'coder, you know that is not an option for everyone at this time.

      Many industries, their software suites and workflows don't have Linux/BSD/OSX/Whatnot alternatives. One uses the software that one's clients and partners use.

      People who are thus tied to Windows are right to express their concerns and criticisms.

      1. Anonymous Coward
        Anonymous Coward

        @Dave 126 - People who are thus tied to Windows

        deserve to suffer ever increasing pain. Throughout the decades they always scoffed at any non-Microsoft alternative so they've lost my sympathy.

        1. Dave 126 Silver badge

          Re: @Dave 126 - People who are thus tied to Windows

          >People who are thus tied to Windows deserve to suffer ever increasing pain.

          Eh?

          The whole fucking point is that they, the users, have no fucking say-so in the OS they use; they are tied to their industry standard applications. What part of you fails to grok that, you pathetic misanthrope?

      2. Anonymous Coward
        Linux

        One uses the software

        "Windows 7 vs. Linux: the Desktop Comparison"

        https://www.youtube.com/watch?v=QHCDU-CUoaQ

        1. Dave 126 Silver badge

          Re: One uses the software

          @Walter Bishop

          I said that Linux wasn't an option for everyone at this time. I did not deny that Linux can be good idea for many people today.

        2. Scorchio!!
          Thumb Up

          Re: One uses the software

          ""Windows 7 vs. Linux: the Desktop Comparison"

          https://www.youtube.com/watch?v=QHCDU-CUoaQ"

          I've been playing with it on and off since March 2014. The latest MS imbroglio makes my departure from their products more likely. I've been using their stuff since Win 2x, and a slightly earlier DOS variant. What has happened this year disgusts me even more than previous slipperiness.

          By virtue of their latest tricks they are sounding their own death knell.

        3. staringatclouds

          Re: One uses the software

          I have to say I'm pleasantly surprised with Zorin, I put 32 bit Zorinos 9 on an old Compaq Presario C500 and it's at least as fast as 64bit Win7 Asus A53u laptop which is years younger & has vastly superior specs, plus the office suite is included.

          I'm looking very hard at Zorin as an upgrade path to avoid Win10.

      3. This post has been deleted by its author

    2. Bronek Kozicki
      Mushroom

      Icon selected for reactions I expect to receive -->

      Actually I like the idea, with caveats. But first I'm quite certain that Windows 10 EULA allows this, and much more. So nothing new actually, just a new use of extremely invasive, but apparently legal, technology. Now, here are the caveats:

      1) "permitted on the internet" this implies the computer is not being entirely disabled, just some parts of its functionality which depend on connection to Internet won't work anymore. Yes I know we all need Internet to do things we need to do, like fill taxes, chat to family etc. but if your bloody Windows is spewing viruses or DDoS-ing important infrastructure I do not give a sh*t about what you need it for. You are running Windows and by agreeing to EULA you allowed Microsoft to do whatever it wants to do with your machine, now go crying elsewhere (or go ask your friends for Mint Live CD)

      2) backdoors. That's a big one, but how much of a backdoor would be actually needed? We are talking about installation or remote activation of a component rendering network component of a computer inoperative, and I argue that what Microsoft has done with Windows 10 users is by far much more intrusive than this. I do not think anything more intrusive would be actually needed and Microsoft already has PKI infrastructure in place for strong enough verification of a signature of any action they might want to take.

      Now whether Microsoft abuses or not such a kill-switch is entirely separate discussion - even if they demonstrate the capability to abuse it, it would open them to whole lot of work ("cooperation requests") from law enforcement they might not like. I guess this is actually the question they are asking now - how much of a finger to give, without risking the integrity of the whole arm.

      Good side-effect this might have, after 10 or 20 years of such technology no-one will even dream of attaching SCADA and other critical systems to Internet, or anywhere close where they might self-update or do anything else triggered by the vendor and not by the user. Or ideally, no-one will use Windows for anything critical.

      1. John Brown (no body) Silver badge

        "I'm quite certain that Windows 10 EULA allows this,"

        Depending on where in the world you are, sections of the EULA are not worth the bytes they take up. From a comment on another story I gather that in the USA "contract is king" and MS may well be able to do this, but in the UK and the rest of the EU and probably most other non-USA jurisdictions, the EULA is subservient to law and consumer rights and can't sign away those rights by agreeing to a EULA.

        It might be a different matter if MS were offering to help ISPs detect network abuse or outgoing signals to known C&C servers as the result of infections and give them the ability to easily sandbox those users computers by limiting their access to an ISP website containing advice and downloads to help clean up the offending PC. This way it's only the service providers network access being restricted without any remote control of a users PC and very unlikely to fall foul of existing legislation or require new legislation.

      2. King Jack

        EULA

        At what point does Windows 10 present you with a EULA and give you the choice to decline? Windows 10 forces itself on people with choices like 'install now' or 'install later'. They cannot stand behind an un-inforcable EULA and say you gave them permission. Can I use that defence if I rob someone? I asked them for their wallet and 'they' gave it to me. (I was holding a gun at the time). It is illegal to frig with someone's computer without their consent.

      3. Richard 12 Silver badge

        It doesn't matter what the EULA says

        The law is more important, and the law says that any clause that a consumer who has no easy ability to change EULA clauses would not expect, is invalid an unenforceable.

        To pick a daft example:

        If the EULA said that you owe Microsoft the blood of your first-born child, would that be valid?

    3. Roland6 Silver badge

      As long as it's all documented in the EULA, it seems reasonable. If you don't like it, use an alternative os.

      Whilst we can argue about the need or not for security software that is separate to the OS/platform, it is clear this is another attempt by MS to push AV vendors aside. Remember MS aren't the only one's operating cloud-based security services; and were a rather late entrant to the market...

      Interestingly, one of the reasons why Windows has done so well is because of the ecosystem it spawned. So whilst it might seem like a good idea for MS to do more, in fact it will only serve to destroy another part of the Windows ecosystem...

      1. Dave 126 Silver badge

        >Interestingly, one of the reasons why Windows has done so well is because of the ecosystem it spawned. So whilst it might seem like a good idea for MS to do more, in fact it will only serve to destroy another part of the Windows ecosystem...

        Yes, Windows has done well because it has spawned an ecosystem of productivity applications.

        However, the idea that people choose Windows because it has a wider selection of anti-virus software than other OSs seems a bit of a stretch.

  2. Buzzword

    Products become Services

    It's the servicifation servicisation financialisation of the economy. Soon you won't be able to buy a PC - you'll only be able to lease one, with capital and maintenance costs rolled up into a single monthly payment. We're already there with cars, with mobile phones, even with our homes. Why buy when you can rent instead? The mind boggles.

    1. Rich 11

      Re: Products become Services

      Soon you won't be able to buy a PC - you'll only be able to lease one, with capital and maintenance costs rolled up into a single monthly payment.

      A bit like cloud provision, you mean?

      It's the thin client era all over again.

    2. Dave 126 Silver badge

      Re: Products become Services

      Eh?

      We're living in an age where a £30 PC can run a GUI desktop and traditional office applications, as well as playing HD video.

      Phones, likewise. I'm seeing more 'bought outright' phones amongst Joe Public, like the One+ and Cubot, and also people keeping their 2-4 year-old phone and switching to a 'SIM only tariff'. At the moment, to tide me over 'til I can afford a new screen for my 'proper' phone, I'm using an Android 4 phone purchased unlocked from Sainsbury's for £25*.

      For sure, there are parts of the world where £25 is still a hefty investment, but not in the markets that have bought IT gear to date.

      *It makes phones calls clearly. Android instates my contacts without fuss. Battery is pretty good. It lets me text and email. All in all, a handy spare to keep around. Alacatel Pixi 3.

  3. SMabille

    “We detect when your PC is infected and 'phones home' as much as four times an hour. We then redirect that back to our sink hole and identify that with our national computers, and work to get those machines cleaned up,”

    Oh so that call from "support from Microsoft partner" about the virus I had on my computer was genuine after all... no I feel bad having played idiot for nearly 45 minutes with the poor engineer trying to get a remote session on my PC. I'm sure he'll be calling back, one of his colleague already called me a few months ago :-)

    1. BebopWeBop

      45 minutes is not bad. On one particularly slow afternoon I did manage 27 minutes before they managed to work out my machine was running OSX. Just waiting for a call back from their specialist Mac department. Might make it mint next time and try to beat my last score.

  4. N2

    Pot Kettle Black

    How about taking down your own bot net thats ramming Windows 10 down everyones throat & spying on those who have installed it?

  5. Anonymous Coward
    Anonymous Coward

    Yes, a kill switch...

    For Win10 "NagWare". Please. Pretty please...

    1. Joe User

      Re: Yes, a kill switch...

      It's called "GWX Control Panel". Check it out:

      http://ultimateoutsider.com/downloads/

      1. Joe User

        Re: Yes, a kill switch...

        A thumb's down for gaining the right to say "No thank you, I don't want it"? Must be a Microsoft fanboi....

  6. Alister

    Just waiting for the day when cops can execute a "search and seizure" of your home PC if it's identified as having a malware infection.

    Popcorn sales will rocket.

    1. Cynic_999

      "

      Just waiting for the day when cops can execute a "search and seizure" of your home PC if it's identified as having a malware infection.

      "

      Yes, that would be great. And even better, the same law would almost certainly also allow search, seizure & arrest if your computer is detected as connecting to an ISIS website. Or a communist website. Or an anti-Christian website. Etc.

      Wouldn't that make the World a far better place?

  7. allthecoolshortnamesweretaken

    A kill switch would be a very bad idea - mission or otherwise critical boxes can get infected too (they shouldn't, but it's not a perfect world) and simply switching them off would lead to all kinds of problems. However, re-routing traffic plus a notification seems like a good idea and would help a lot in sorting things out, and faster.

  8. Dan 55 Silver badge
    Happy

    We detect when your PC is infected and 'phones home' as much as four times an hour.

    Okay, that's Windows 10, but what about the rest of us?

  9. Hans 1
    WTF?

    Windows 10 EULA

    The windows 10 EULA already mentions a Kill Switch, WTF^100 - well, it mentions: we can and will change any setting on your computer at OUR discretion.

    1. Adam 1

      Re: Windows 10 EULA

      Nothing new here. Windows 7 does it too. Just take a look at the "do not download windows 10" setting for example.

  10. hplasm
    Facepalm

    Knock yourselves out, Microsoft.

    Oh- that IS what you will do, isn't it?

  11. hplasm
    Facepalm

    Boom!

    Footshot!!

    Again...

    1. Dave 126 Silver badge

      Re: Boom!

      Eh?

      Microsoft have raised a possible future tactic for the public to weigh its pros and cons.

      They haven't enacted it, so how is it shooting themselves in the foot?

      1. Fibbles

        Re: Boom!

        It's actually a reasonable question to ask. If a PC is part of a botnet then it's likely being used for something illegal. Why should ISPs and the like let such machines continue to access their network?

        The answer is they shouldn't but they will because profit. So it falls to companies like MS to do something since they're the only ones with both the ability and inclination to do something.

        Personally I'm a fan of redirecting all traffic from infected machines to a page with instructions on how to fix the problem.

      2. hplasm
        Paris Hilton

        Re: Boom!

        "They haven't enacted it, so how is it shooting themselves in the foot?"

        That's what they do best. Infected PC? MS will kill it. Don't want your PC to die? Don't use MS.

        Boom.

      3. Trevor_Pott Gold badge

        Re: Boom!

        "how is it shooting themselves in the foot"

        Microsoft have raised a possible future tactic that relies entirely on the public trusting Microsoft, and by extension all the governments to which they must answer.

        None of those entities are trustworthy. Not Microsoft, not the governments. The fact that Microsoft does not understand this - does not seem to be capable of comprehending the importance of trust - is the footbullet.

        Microsoft just thunder around like a monopoly: in their minds there is no need for trust because noone has a choice but to use them. I hope they are proven wrong and driven out of business. With extreme prejudice.

        1. Dave 126 Silver badge

          Re: Boom!

          >Microsoft just thunder around like a monopoly: in their minds there is no need for trust because noone has a choice but to use them

          So according to you, raising questions for discussion = thundering around like a monopoly. Oh well.

          Ok Dougal, one more time...

        2. Anonymous Coward
          Anonymous Coward

          Re: Boom!

          >None of those entities are trustworthy. Not Microsoft, not the governments.

          I don't have the coding and mathematical skills to audit all the software I use, so I would rely on trusting others, be them FOSS advocates or otherwise. Aware of my limitations, i would have to work out a chain of trust to someone who knows their onions. That is tricky.

          Maybe I would be trusting people on the same continent as me. Chances are, I would have to trust a white, English-speaking man (true of Linux, OSX, Windows, Plan 9 etc). This approach takes us down an unpleasant line of logic, and one remembers that mathematicians and chess players often become nutters, but artists seldom do.

          Anyway, software back-doors are not the chief threat to our privacy. In a few years time, sensors will be so cheap and ubiquitous, and the real-time processing so powerful, that we can just be observed at source.

          I don't want software back doors, but I do want those who profess to have the skills to stop bashing last decade's bogeyman and instead concentrate their attention on worthier battles.

  12. captain veg Silver badge

    Oh the irony

    "We detect when your PC is infected and 'phones home' as much as four times an hour"

    Windows 10, right?

    -A.

    1. a_yank_lurker

      Re: Oh the irony

      @Captain Veg - I suspect the 4 was selected because W10 only phones home 3 times an hour. Thus W10 would not be included in this proposal. Slippery, slimy eels these Slurppers are.

  13. Anonymous Coward
    Anonymous Coward

    Hello Sir, I am workering with Microsoft support for you. How doing are you ?. We have detectorized that your PC has a vogon and we kneed you to follow our very good instructions..............

    1. The Travelling Dangleberries
      Coat

      Skype auto translation

      "Hello Sir, I am workering with Microsoft support for you..."

      There you go, it works a treat!

  14. Amorous Cowherder
    Facepalm

    Just wait for the first bug and the "bad guys" find the kill switch API, the script kiddies have a new fun toy to play with!

  15. Norman Nescio Silver badge

    Not invisible

    A kill switch is less of an issue than a backdoor. You won't know if you have been backdoored, unless you are technically sophisticated, or unlucky. If you suddenly find you can only access websites that inform you you have been killswitched, it is very much in the open and up-front, and you'll know you need to do something about it.

    In motoring analogy terms: if killswitched, your PC has just failed it's DOT (MOT for old-timers), and until you have the necessary remedial work done, you are not getting back on the road.

    People don;t object to having their car inspected for roadworthiness at regular intervals: perhaps the same approach should apply to Internet-connected devices?

    1. h4rm0ny

      Re: Not invisible

      It depends on the criteria they use for killing access. From the article they suggest using it if they detect an infection or a crime. I don't mind about the infection part as almost by definition that will be doing something I don't want. But a crime might be something I choose to do in which case I don't want my computer colluding against me with the authorities.

      And there's also the question of the degree of infection. MS include Defender with all their OS's now and it's adequate. But what happens when something does get past it? Would you be helplessly booted off the Internet? Do they kick you off at the slightest sign of infection or only if you're wreaking absolute havoc? Who makes that decision? There's a lot to unpack in the details here.

      1. Paul Crawford Silver badge

        Re: Not invisible

        "But a crime might be something I choose to do"

        Or quite possibly is something legal in your own country (or a civil case, not criminal) and not in the USA where no doubt they would decide on such action.

        Either way, it is a slippery slope to go down. For example, can we then blame MS if they fail to stop botnets DDoS'ing a web site, etc, on the grounds those machines are "under the control of MS"?

      2. Doctor Syntax Silver badge

        Re: Not invisible

        "From the article they suggest using it if they detect an infection or a crime."

        If they think they've detected a crime it's up to them to prove it in court (whoever they might be).

      3. Lysenko

        But a crime might be something I choose to do...

        So, you object to LoJack on the basis that you reserve the right to use your car in a bank robbery and regard removing it to prevent vehicle tracking helping to apprehend you as an excessive imposition?

        That's bonkers. There are arguments to be made here, but keeping your criminal career as effort free (you can always install Linux) as possible isn't one of them.

    2. Cynic_999

      Re: Not invisible

      "

      People don;t object to having their car inspected for roadworthiness at regular intervals: perhaps the same approach should apply to Internet-connected devices?

      "

      OK - so all operating systems must have government approval before they are legal to use on the Internet (Microsoft and Apple will be able to afford to get approval, but it will probably be illegal for Linux users to connect to the Internet). All users must take every Internet device they own to a dealer and pay $$$ for an inspection and certificate every year. After any major change to the system (e.g. installing a new application) the user may not connect to the Internet before taking the device to a dealer for approval.

      Also 3rd party insurance will be mandatory in case your computer gets infected and causes damage to someone else's system.

      Still sounding like a good idea?

    3. Trevor_Pott Gold badge

      Re: Not invisible

      "People don;t object to having their car inspected for roadworthiness at regular intervals: perhaps the same approach should apply to Internet-connected devices?"

      My car is inspected by any of thousands of licensed mechanics in my city all of whom must meet regulatory criteria that is regularly reviewed by my government and subject to the input of industry experts. There is a vibrant industry of competition in the provisioning of the vehicles, the maintenance of these vehicles and the inspection thereof.

      My car is not subject to the whims of a monopolist who has proven repeatedly that they absolutely cannot be trusted. Microsoft is such a monopolist and they absolutely have proven themselves untrustworthy.

      There is no universe in which I will hand over control of my desktop to Microsoft. Not to them, and sure as all hell not to their government.

      Microsoft cannot be trusted.

    4. Anonymous Coward
      Anonymous Coward

      Re: Not invisible

      Yes I do object to having my car inspected. It always seems to cost ME money for simple things that are cosmetic faults not mechanical.

  16. Paul Smith

    Car metaphor

    A light on the dash board to say you have a problem is (IMHO) better then a kill switch that someone else operates. If you have ever had a car cut out on you while in the overtaking lane of a busy motorway, you will know why it is not always a good idea to let someone else decide when to withdraw service. In my case, the ECU decided that an oxygen sensor might be faulty (it wasn't) so it killed the engine. Not fun.

    1. Bronek Kozicki

      Re: Car metaphor

      Yeah people had indicators on Windows for ages. Users simply ignore them and carry on regardless. Technically, if my computer is a member of a botnet it is not my problem directly. In car industry driving unworthy car becomes drivers problem indirectly, due to (non-)legality and insurance. There is nothing like this on the Internet.

  17. Tezfair
    Thumb Up

    Over Christmas I saw a huge drop in spam across all my clients systems and that remained low until 'businesses' went back to work. You could argue that the spammers were also having a break, however I prefer to think that since most businesses would have turned off their PCs for two weeks, thats why all the bots stopped working.

    So I would say it would be a good idea if Windows alerted the end user to 'bot activity'. i'm not sure if making changes automatically would be legal, however there is a lot of ignorance in businesses PCs - 'it's someone elses responsibility so i'm not touching it', so anything that makes people aware can only be a good thing.

    1. Anonymous Coward
      Anonymous Coward

      however there is a lot of ignorance in businesses PCs - 'it's someone elses responsibility so i'm not touching it'

      In every business I've worked in, it is a formal policy that everything to do with desktop is under the control of the IT people. And even within IT, there's a RACI matrix that says who does what. So (assuming large corporate IT departments are not utterly incompetent?) your observations puts the blame on spam and botnets (most likely) at the door of the vast estate of partially managed SME PCs?

  18. Anonymous Coward
    Anonymous Coward

    Cars don't drive on the internet.

    1. Teiwaz
      Facepalm

      Cars don't drive on the internet.

      They will be very son. Stay tuned

  19. Dwarf

    Imagine

    You come home from a 2 week holiday only to find that your IoT fridge freezer was compromised and was shut down, so now you have a large rotten puddle that's stinking the house out and probably damaged the floor. I wonder who pays for the clean up ?

    Think they might be blurring the line between "Mine" and "Yours" again, or they have been watching Judge Dredd again.

    MicroLaw, the ex PC supplier looking for other revenue streams ?

    1. Bronek Kozicki

      Re: Imagine

      I don't know about you, but if this happened to me I would complain to the vendor - why was the fridge connected to the Internet in the first place, and how come removing this connectivity by the vendor has resulted in said puddle on the floor?

      PS since you changed the subject to IoT, it appears that security in this sector is at the level where Microsoft was before end of last century .

      1. Doctor Syntax Silver badge

        Re: Imagine

        "but if this happened to me I would complain to the vendor"

        If that happened to you you should blame yourself for being so daft as to buy a fridge that needed to connect to the internet.

    2. Lodgie

      Re: Imagine

      Disconnecting a fridge from the internet doesn't mean it will stop working. Does your other equipment power down if it loses connectivity?

      1. Dwarf

        Re: Imagine

        That's the difference between shut down and disconnect from the Internet.

  20. nkuk

    Waste of time whack-a-mole

    Unfortunately this is all seems a bit pointless, the botnet C&C gets taken down, pops up again, and the user clicks on the next "invoice2134904570.doc" that lands in their inbox.

    I'm sure if it was implemented Microsoft would be chomping at the bit to get it extended to non-DMCA media files, and anything else that didn't have a Microsoft approved cert or was purchased outside of their app store.

    1. Anonymous Coward
      Anonymous Coward

      Invoice scams becoming more offensive

      I got sent a invoice scam, claiming my subscription to the daily mail was unpaid.

      That's just offensive on so many levels.

  21. John Bailey

    Dear Pesant.

    We have detected our computer has a botnet/missing update/old version of Windows/deactivated telemetry/non MS OS.

    We are writing you this letter, because we contacted your ISP/the police/a priest/your mother, and had them shut down your account.

    To reconnect with the internet, proceed to your nearest computer store, and purchase a new computer. The store will for a fee, dispose of your contaminated equipment.

    Nah.. Never happen.. Right..

    Right....

    Anybody there?

    1. Maty

      Dear Pesant

      It's 'peasant'.

      Your Pedant.

  22. s. pam Silver badge
    Flame

    Seriously? Are they delusional?

    They routinely crash PCs with bad updates, or cause lock-ups due to their poor Q/A. So to seriously suggest a kill switch seems counterintuitive as their own product is more than capable of doing just that already!

  23. Anonymous Coward
    Anonymous Coward

    Very like the theatre

    Why should an “unsafe” (infected, remotely controlled) be permitted on the internet ... ?

    Why indeed. Of course the problem is that the internet is a very free medium and there aren't really many controls on who can use it or what for.

    In order to be able to control which devices are permitted on the internet, it would require that most existing OSs be replaced by a single OS which enforces tight control on what the user can do and institutes a high level of monitoring of activity. In addition it would require the OS supplier to actively police what goes on and even to disrupt the devices if it so desires.

    Well what do you know? Microsoft have just the products and aggressive attitude needed to fulfill this need : Windows 10 and GWX.

    This is all stage-managed, isn't it?

    1. Anonymous Coward
      Anonymous Coward

      Re: Very like the theatre

      "In order to be able to control which devices are permitted on the internet, it would require that most existing OSs be replaced by a single OS which enforces tight control on what the user can do and institutes a high level of monitoring of activity."

      For the safety of the Internet, the camera on any connected device will have to be permanently on and the user will have to be naked in order to provide full disclosure of any illegal activities.

  24. OffBeatMammal

    why not implement something like this at the ISP level, and require a court order. Reduces the risk of a glitch or malware activating it accidentally on a users PC and ensures that it's not just the latest version of Windows that gets the "protection"

    1. Kanhef

      ISP filtering makes a lot more sense. If malicious traffic is detected coming from a particular IP address, they can sinkhole anything coming from it until the issue is fixed. Redirect any webpage requests to an information page explaining the issue and how to obtain tech support to fix it. No backdoors needed, and if they ever finish rolling out IPv6, individual devices can be blocked rather than cutting off an entire household.

    2. frank ly

      Yes, if it's 'the internet' that's being given problems from a PC, then have the PC blocked at the ISP. Lot's of people use their computer for activities that don't need internet access so at least they can carry on doing 'internal' work.

      However, if a court order is needed, then someone will have to do the work of applying for the order and take the responsibility of providing judges or magistrates with truthful evidence. Would Microsoft take that responsibility? Would anybody here want them to?

      1. Anonymous Coward
        Anonymous Coward

        Der Court in Question

        and what juisdiction?

    3. Adam 1

      On a technical level, it can't be done at the ISP unless the malware is stupid enough to communicate over HTTP or something. The c&c is probably behind some hidden tor service. The ISP can't see that. They just see random 1s and 0s going to the tor exit node.

  25. Doctor Syntax Silver badge

    "why not implement something like this at the ISP level"

    Yes, this is the appropriate place. The ISP is the route for the user onto the net. There may well be something in the ISP's existing T&Cs that enable them to disconnect a user after due warning. If there isn't updated T&Cs re internet access from the ISP are more appropriate than MS changing its T&Cs to allow it to kill a customer's computer. A communication from the ISP is less likely to be treated as a scam than one from MS although maybe the users who get pwned are probably unaware of the Microsoft-calling scam.

    The downside is that it doesn't deal with the laptop on the coffee-shop WiFi.

    1. Paul Crawford Silver badge

      True about free wifi, but said free wifi links are usually pretty low bandwidth and only on a small percentage of machines. So it might not stop the problem, but would make it a damn sight smaller.

    2. Anonymous Coward
      Anonymous Coward

      The downside is that it doesn't deal with the laptop on the coffee-shop WiFi.

      True, but the spamming and botnet businesses are all about volume. If you can reduce the number of machines infected significantly then the returns are reduced. This would get rid of the skiddy spammers and made big inroads in the DDoS "market", and vulnerable devices on public wifi would be too small in number to make those markets viable.

  26. Norman Nescio Silver badge

    Implementation details

    If the kill switch were null-routing outgoing IP datagrams to known botnet destinations+port numbers, implemented by the ISP serving the device in question, then that might be acceptable.

    No changes are being made on your PC.

    The ISP could (maybe should), also, inform you in some way that this was being done.

    That shouldn't stop any legitimate traffic, so your IoT would continue to work so long as the servers the IoT were dependent upon had not been compromised.

    Some corporate networks implement access control, where a local client does a scan of the PC and signals to the corporate gatekeeper that the PC has no known problems before being allowed to connected to the local LAN. SOme people might want ISPs to do the same, until they think about the multitudinous clients that would need scanning.

    Dropping traffic to known botnet destinations seems like a reasonable plan.

  27. Chika
    Holmes

    Hello. This is Windows Technical Support calling...

    We have detected that your compewder is infected with verry bad software. Just go to duhbloo duhbloo duhbloo dot microsoft dot com and we will fix it for you...

    And we know where this goes, don't we?

  28. Anonymous Coward
    Trollface

    Freedom!

    And this is why I have disabled anti-lock brakes on my car, NO ONE will dictate how how use equipment I have purchased, even for the common good!

    1. Boris the Cockroach Silver badge
      Devil

      Re: Freedom!

      But anti-lock brakes are designed to fail safe, that is, if a fault occours with the ECU, or the sensors, the red light comes on and says "ABS failure", and all that happens is that you no longer have ABS in the braking system.

      m$ are saying "In the event of an ABS failure , we will jam your brakes on full where ever you are", which parked at the side of the road aint so bad, however..... doing an 80mph in the outside lane of a motorway with an impatient SUV driver up your chuff will be quite bad(classic english understatement there ;) )

      1. h4rm0ny

        Re: Freedom!

        I'd like to thank everyone here talking about anti-lock breaks for illustrating once again, how argument by analogy is bad.

    2. Trevor_Pott Gold badge

      Re: Freedom!

      Anti-lock brakes are regulated and must meet certain guidelines on functionality, safety, interface and so forth. They are provided as part of your car in a market that is rich with competitors. They do not prevent you from using your vehicle. They do not report you for driving "improperly", or force you to buy a new car. You do not have to pay a monthly subscription to keep them working.

      Microsoft inspecting everything you do on your computer and beaming that information back to the mothership, complete with kill switch is a completely different scenario. Microsoft are functionally a monopoly. They behave like a monopolist and have proven repeatedly they cannot be trusted. They are not regulated by anyone. They answer to no one, excepting their massively corrupt and equally untrustworthy government.

      Can you guarantee me that this kill switch won't be used on me if I do something perfectly legal in my jurisdiction but which the US has a problem with? How about if I am a political dissident? What if I am a journalist working with the next Snowden?

      Can you guarantee that Microsoft won't use this kill switch on me if I use an authentication bypass on my operating system, or on any of my applications? In my country these aren't illegal, as long as I do posses a license. Bypassing the DRM in order to make it easier to virtualize/clone/backup/whatever is perfectly fine here.

      What about if it accidentally picks up something as "malware", but isn't? What if I am journalist or grey hat hacker investigating a bot net?

      Who gets to decide when Microsoft can kill my computer? How, exactly, are we assured that this won't be abused, by Microsoft or by a government? How do non-Americans have any say in how that regulatory and/or oversight process occurs? Once that capability is in place, what prevents any government - even not the US - from demanding and requiring access? You KNOW that China, the US, the UK and Australia will be in there instantly. Probably already are, as the EULA says MS has the right to do this, so the code is probably there, waiting to be used.

      In short: Anti-lock brakes are a feature on a vehicle that is very specifically narrow in scope and in impact. They were and are rigorously tested and their use is regulated.

      Oh, and my car DOES have a button on it that turns my anti-lock brakes and my traction control off (they are essentially one and the same system). The manufacturer put it in because they are aware that there are instances (such as when you are stuck in the snow and need out) that the ability to turn that feature off is very useful.

      Another big difference is that when I push the button to turn the ABS/TC off, I believe it does, in fact, turn off. I don't believe for a second that turning off Windows 10 spyware actually turns it off (the damned thing still calls home) and I don't believe for a second that if they put in a "don't kill my PC" switch that they would honour it.

      Microsoft cannot be trusted.

  29. John Savard

    Less Scary

    How about ISPs blocking traffic to the bad IP addresses that control botnets? That would not involve anything remotely resembling a backdoor on people's computers.

    1. Paul Crawford Silver badge

      Re: Less Scary

      While simple in theory, its not as if the bad guys have a DNS entry for "botnets-are-us.com" to make it easy. A lot is P2P between compromised machines to obscure the final machines.

      Other side of such ISP fiddling is how long before world+dog starts asking for ISP blocks for all sorts of reasons a-la Pirate Bay? Then it impacts on wider freedom and adds a lot to costs to support it.

  30. Anonymous Coward
    Anonymous Coward

    But what about those of us who want to be part of a botnet?

    1. Anonymous Coward
      Anonymous Coward

      There will be another tickbox beside 'Yes, I want to look at pr0n online', adding 'Yes, I wish to join a botnet'

    2. a_yank_lurker

      @ AC - You W10 users?

  31. anonymous boring coward Silver badge

    Are all treated equally?

    Will they also stop Windows 10 from phoning home constantly?

  32. Anonymous Coward
    Anonymous Coward

    The logical conclusion to this approach...

    You will need to register your name, contact information, PC/phone details to your ISP and the government in order to be able to have a connection to the internet. Then you would agree to have all your traffic monitored by the ISP and governments to ensure you were 'using it right' and that 'nothing bad was happening'.

    Of course, it's all for your own and other citizens protection.

    Not at all like a police state with government scrutiny of all aspects of your private life - no - not at all.

  33. a_yank_lurker

    Stupid Analogy

    The reason vehicles are inspected is it is relatively easy for someone to be killed or seriously injured in accident. Most computers on the Internet by themselves do not have that capability. Plus many botnets are used for spamming not taking down critical computers. Those attacks are more targeted to get to the correct box.

  34. Anonymous Coward
    Anonymous Coward

    How clever they are..

    MS can do lots a myriad things to help out with infected PCs or botnets, everything that is, except preventing windows being a compromised pos in the first place.

  35. adnim

    The real motive behind this

    will be realised when MS switch to a subscription model for Windows 10.

    I don't know which icon to use because I don't know if I am joking or being prophetic.

  36. Anonymous Coward
    Devil

    Windows already has a kill switch

    When Windows Update forces the upgrade to Windows 10, many upgrades will fail and brick the PC. PCs that are infected with malware are more likely than the rest to have upgrade issues that result in a bricking.

    Thank you Microsoft, may we have another!

  37. Henry Wertz 1 Gold badge

    No sympathy

    "45 minutes is not bad. On one particularly slow afternoon I did manage 27 minutes before they managed to work out my machine was running OSX."

    Yeah, me too. They *told* me "my Microsoft" was having problems. I tried to clarify "what Microsoft?" (to waste the scammer's time; if they had asked if my computer had Windows on it I would have pointed out "No" but thyey never asked.) They *assured* me "my Microsoft" had a problem. I actually had them wait while I *did* install a remote desktop (knowing I could just pull the plug.) They saw that Ubuntu 14.04 (non-Unity) desktop come up and were like "What is this!?!?!" I pointed out "You didn't ask if I was running Windows, and I didn't say I was. " Then I pulled the network cable (well, wifi stick) and uninstalled the remote desktop software. I think I had them tied up over 30 minutes.

    So... I'm with the AC near the top "@Dave 126 - People who are thus tied to Windows deserve to suffer ever increasing pain. Throughout the decades they always scoffed at any non-Microsoft alternative so they've lost my sympathy."

    I won't go as far as saying they *deserve* to suffer every increasing pain. But people like me have been warning people off Windows for 20 years. You get me playing the world's smallest violin (no sympathy whatsoever) when you have had 20 years to switch off and continue not too. I mean, if you were warned off Yugos, bought one anyway, then said "it's to late to switch now", fine but you can't expect me to sympathize in the least when you keep complaining about your Yugo giving you trouble.

  38. Henry Wertz 1 Gold badge

    As for the kill switch

    As for the kill switch itself -- it's tricky, because I absolutely object on principal to having a third party redirect my traffic. But, the botnet itself is already generating unauthorized traffic, it's not redirecting any traffic the user authorized anyway. But, since I don't use Windows, I don't have to worry about it 8-)

    "How about ISPs blocking traffic to the bad IP addresses that control botnets? That would not involve anything remotely resembling a backdoor on people's computers."

    I view the ISPs job as providing me internet access. If an ISP wants to do this, sure, but it is quite simply not the ISPs job to prevent Windows computers from infecting other Windows computers. And, for Windows, that ship has sailed regarding not having "anything remotely resembling a backdoor" on it, see the numerous complaints of Win10 users turning of the "phone home" stuff only to have it turn back on every time they get updates.

  39. Asterix the Gaul

    If WINDOWS wasn't built like a sieve it wouldn't be vulnerable to backdoors,the Feds,GCHQ or the others.

    In this context, there are no 'good' guys,governments are in fact,worse than groups or individuals in attacking legitimate online activities,because they think they have a 'right' to 'your' data.

  40. David Roberts

    ISP blocking

    Just wondering how many botnets are in locations where the ISP could be expected to co-operate (or even give a shit).

    Trend Micro Botnet Map

    suggests that a hell of a lot are in the USA so if this was just a push for our US friends it could have significant impact globally.

    Policing at the PC seems the logical thing to do - in the same way that everyone SHOULD be running a capable anti-virus package on their Windows PC (and this does seem to have sunk into the general conciousness) everyone SHOULD be able to run anti-botnet software (although I think that argument just sank underneath me as most botnet infections are probably due to lack of protection from anti-virus packages).

    Problem is that the argument starts to smack of "terrist - and think of the children" because a capability which can snuff out botnets can also do loads of really undesirable things to your PC at the whim of someone over whom you have no economic or political control.

    The other issue is Microsoft. If this initiative was a cool new optional feature with Linux Mint, for example, it might get a more favourable reception. Nobody trust M$ any more. Which may be one reason why M$ are trying to be all "fighting for the customer against the man" at the moment.

    One thought - M$ regularly ship an update which searches for "malicious" software. Could this not search for botnets?

    Another thought - policing at the SOHO router? Although this would have the same issues as with policing at the ISP if VPNs were used to conceal the traffic.

    Bottom line - attacking botnets at source on the infected PCs is the logical way to go. The worry is that the cure will be worse than the disease.

  41. rjf

    not just for windows machines

    Okay, botnets are mostly windows-based machines, but the point of principle that they are discussing refers to any internet-connected device.. so if your device is pwn'ed or just deemed "diseased/broken", then they are proposing to disconnect your machine. My expectation is that this would be at an ISP level so your traffic will be re-routed.

    in my organisation, that's what happens automatically.. they detect a virus, they kill the port.

  42. Alister

    I really think the car analogy has been driven to excess

    Title

  43. strum

    Commentards are only too ready to gang-rape MS, on this (or any other) issue. But, does anyone have a better idea?

    Botnets have become a really dangerous factor on the internet. Mostly, they only cost money, but it's only a matter of time before someone dies at the hands of a botnet.

    It should be clear by now that many computer users are either too lazy or too stupid to protect themselves - so what are we going to do to protect ourselves from them?

    Block IPs that represent parts of a botnet?

    Send polite messages to such IPs?

    Write white viruses that infect black viruses?

    Or just complain every time someone suggests a solution?

  44. No-VicePenguinista
    Black Helicopters

    Minority Reporting?

    ... but what if "They" killed "My" PC because of one of "Their" own updates... Luckily I moved to Linux so I'm safe, aren't I? aren't I?

  45. Terrance Brennan

    Get over yourselves

    Listening to MS bashers gets tiresome. No OS, or any other piece of computer software, is perfect or completely safe. Windows, Android, Apple, all variants of Linux are subject to bugs and security holes. If you think your favorite is the exception you're fooling yourself or trying to fool a potential customer. While St. Jobs was alive he insisted on the myth that the Apple OS never needed to be patched. Some of the Linux apostles on these forums believe Linux is bullet proof. All software is shit, deal with it. At least Microsoft makes an effort to keep their buggy product patched; but, in the end it depends on the end users. If they don't patch whatever they use then they and everyone else on the Internet with them will suffer. And, stop whining because Windows beat your personal favorite and keeps beating it. Deal with that as well. Regardless of it's technical merits it is much better suited for the masses.

  46. cycas

    Perhaps this could be an available level of windows license for home use?

    Surely I am not the only person here supporting a group of remote charity volunteers using their own computers whose idea of problem reporting is 'my laptop is broken'. I have them using cloudbased email and document management in the hope that this reduces the likelihood that they will send infestations in all directions, and I make them swear they are all using AV but I am gloomily aware that probably at least a couple of them are infected with something and I'll probably never know what.

    They could actually be among the machines attacking their own charity's website. If their OS stopped them from doing that, they'd never know, but if they did, they'd probably be happy about it; well, if I could manage to explain it in words they'd understand, anyway. They are lovely, lovely people.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like