Sick PCs should be banned from the net says Microsoft

DorsetBoy · Oct 07, 2010, 06:51:07

http://www.bbc.co.uk/news/technology-11483008

QuoteVirus-infected computers that pose a risk to other PCs should be blocked from the net, a senior researcher at software giant Microsoft suggests.

The proposal is based on lessons from public health, said Scott Charney of the firm's trustworthy computing team.

It is designed to tackle botnets - networks of infected computers under the control of cybercriminals.

Putting machines in temporary quarantine would stop the spread of a virus and allow it to be cleaned........ (more)

I think they are right, the only downside would be a false positive detection.

esh · Oct 07, 2010, 12:16:19

So who pulls the plug? I don't think ISPs will want to deal with irate customers in such a fashion. Can't see it happening.

Simon · Oct 07, 2010, 12:32:57

I've long thought that Windows should prevent users connecting online if they don't have up to date security and virus protection, so this would be a step in the right direction, in my opinion.

Lance · Oct 07, 2010, 12:43:31

Where is it proposed the computer is blocked?? If Windows decides locally, then maybe it should be clever enough to download and run the appropriate cleaning tool. If remotely, prehaps the user should be redirected to the appropriate tool and not allowed anywhere else.

gyruss · Oct 07, 2010, 12:46:43

*shudders at the thought*

Virus detected on drive C:.

Preparing to Format this volume to correct.

Access to the internet will be lost on this pc during this 'fix'.

Press any key to continue...

Lance · Oct 07, 2010, 12:47:56

Good job I've not got an 'any' key!

pctech · Oct 07, 2010, 13:07:40

I think this is a sales pitch to get ISPs to take up Windows Server 2008 R2 and the Network Access Protection feature which 'quarantines' a PC while patches are downloaded to it and applied.

trophymick · Oct 07, 2010, 13:11:08

Ironically, it's usually Microsoft OS that are sick.

pctech · Oct 07, 2010, 13:11:58

They are much better than they used to be

cavillas · Oct 07, 2010, 13:17:13

QuoteWindows-infected computers that pose a risk to other PCs should be blocked from the net, a senior researcher at software giant Microsoft suggests.

The proposal is based on lessons from public health, said Scott Charney of the firm's trustworthy computing team.

It is designed to tackle botnets - networks of infected computers under the control of cybercriminals.

Putting machines in temporary quarantine would stop the spread of a virus and allow it to be cleaned........ (more)

I thought this quote might have come from Linux and Apple users.

pctech · Oct 07, 2010, 13:20:42

To make this work every ISP would have to have a server with the latest OS patches and virus defininitions on it that the auto updaters would be redirected to or alternatively the routing could be restricted to the OS vendor and AV company update servers.

I don't see the ISP community going a bundle on the former.

trophymick · Oct 07, 2010, 13:26:24

Quote from: cavillas on Oct 07, 2010, 13:17:13
I thought this quote might have come from Linux and Apple users.

That's a bit cynical,Alf.

pctech · Oct 07, 2010, 13:31:47

I did think that first myself Mick

DorsetBoy · Oct 07, 2010, 14:53:16

Quote from: cavillas on Oct 07, 2010, 13:17:13
I thought this quote might have come from Linux and Apple users.

Well Microsoft do use both............

Rik · Oct 07, 2010, 14:58:15

In principle, I agree with the concept. I've long thought that the only safe way to let some people online is to give them a dumb terminal.

pctech · Oct 07, 2010, 17:11:36

I suspect the network quarantine concept will take off in time but will require the big ISP router vendors to co-operate on a standard (or most likely Cisco will create the standard and have it adopted through the IETF) and of course ISPs will have to purchase new kit or apply a new licence key to the OS to unlock the feature.

esh · Oct 07, 2010, 21:58:00

To be honest, if it did go ahead, they'd have to proceed in the same manner companies like NC do with identifying cheaters in games.

First there is a report; in games this is usually from other users, in this case we can have some flags throw up from a large amount of spam being sent, or significant data flow to particular sites or ports.

Second, there has to be a monitoring of this. It can't be trigger happy like BT's profiling. If it is repeated over a period of time this user should then be flagged to ISP staff by various monitoring computers.

Third, most importantly, most expensively, and probably the slowest of all three steps, a Real Person (tm) will have to investigate this to ensure this is not an erroneous flag and there is indeed potentially malicious activity going on. Difficulty arises with potential spam mail -- for example, where do ISP staff stand legally at looking at customers email? I don't know. What about packet monitoring? I think there are ways to be reasonably sure dodgy activity is going on without actually looking at the packet contents of course, but you cannot be 100% sure. Once the Real Person (tm) has confirmed this red flag, warnings should be sent to the customer and given a reasonable period to respond and or fix this. In a set time period, the IP should be checked again, and then appropriate action taken.

Like the law system, I'd rather have a few infected systems avoid the net than catch lots of innocent users with a slightly imperfect algorithm banning users with abandon.

Technical Ben · Oct 07, 2010, 22:06:41

Um. Yes, brilliant idea. Block a pc from the only possible place to cure it, seeing as MS are not happy to send their updates via the post.

D-Dan · Oct 07, 2010, 22:14:23

Get ahead of the game - install Ubuntu, Mint, Suse, Redhat, or whatever Linux distro takes your fancy before M$ make it a part of patch Tuesday

Steve

Simon · Oct 07, 2010, 22:15:01

Quote from: Technical Ben on Oct 07, 2010, 22:06:41
Um. Yes, brilliant idea. Block a pc from the only possible place to cure it, seeing as MS are not happy to send their updates via the post.

I guess the idea is that the 'cure' is downloaded via another machine. Everyone has another machine, don't they?

vitriol · Oct 08, 2010, 13:15:15

I can see their point. An acquaintance of mine has been infected with a virus and I'm getting spam from their email account. I told them about it and their reply? "We've run a scan and nothing was found", which basically means "We can't be bothered to do anything with our computers security".

My reply. Fine. Remove my email address from your contacts list and I'll block you with a spam filter.

Got right up my nose their poor attitude to their computers security. I'll be damned if I fix that one for them.

DorsetBoy · Oct 08, 2010, 13:17:34

Tell them it is sending out their bank account numbers, they'll soon move then

Rik · Oct 08, 2010, 14:55:39