Microsoft wants internet quarantine for zombie PCs
Only computers with a health passport should be able to surf freely
Several million computers worldwide are infected with zombie PCs in a botnet or with other pests. A kind of public health system for computers should curb the malware epidemic, according to a recent proposal by Scott Charney, Microsoft Corporate VP for Trustworthy Computing. This includes the idea of quarantining infected computers and restricting their access to the Internet.
Virus on board: This PC belongs in quarantine
(Photo: pixelio.de, Martina Taylor)"That is an interesting concept and theoretically very effective. The implementation is extremely difficult for legal and technical reasons," says Eddy Willems, Security Evangelist at G Data http://gdata.de, in conversation with pressetext. The stumbling blocks include, for example, data protection, the problem of the most comprehensive "health care" possible and also how infected PCs can actually still be cured.
Health passport
Charney's idea is that computers need some sort of health passport to access the internet. Conceivable prerequisites for this are currently patched software, a sensibly configured firewall, an AV solution with up-to-date signatures and proof that the computer is not infected with known malware. If a PC does not meet these conditions and therefore cannot show a certificate to the respective ISP, for example, its Internet access should be restricted. The challenge is not to shoot over the target.
"When a PC is infected, the user needs cleanup tools," explains Willems. If the user can no longer find information on the Internet about how to get rid of malware or if he does not have access to the necessary software tools, the computer cannot recover. At Microsoft it is assumed that this could be solved by selective access, for example, to the sites of AV providers. "In some cases it may be sufficient to block only certain protocols or ports, for example port 25 against spam," said Gerhard Göschl, security spokesman at Microsoft Austria, when asked by pressetext.
Lots of challenges
The detection of whether AV software is running on the computer at all is a potential weak point. "Malware could attack that to manipulate the outcome," said
Willems. He also emphasizes that such a quarantine system would have to contend with legal hurdles, especially in Europe. This includes the question of data protection, since an infected PC would be identified quite clearly. However, Microsoft points out that there is already a national system in Finland, thanks to which users can be informed about infections. This feeds the hope that something similar would also be feasible across Europe.
"For such a solution to really take effect, it would have to be used for all computers around the world, if possible," says the G-Data expert. This is a huge logistical problem, but Microsoft is putting it into perspective. "It's like a flu vaccination. The more people are vaccinated, the more difficult it is for the virus to spread to the few who are not vaccinated," says Göschl. In any case, an approach that partially curbs the flood of malware is better than nothing. Waiting for a 100 percent perfect solution would also be an illusion.
Scott Charney, "Collective Defense: Applying Public Health Models to the Internet" (PDF): http://go.microsoft.com/?linkid=9746317(ck)
.