Microsoft: We should block infected PCs from the Internet

[tyler811]

In its effort to tackle botnets, Microsoft has offered a potential solution that would prevent botnet-infected computers from accessing the Internet. In a blog post this week, Redmond's Scott Charney described a "global collective defense" and compared his vision to modern public health in a paper titled "Collective Defense: Applying Public Health Models to the Internet" (PDF). Charney said that while traditional protection mechanisms such as firewalls, antiviruses and automatic software updates can reduce risk, they're not enough.

http://www.techspot.com/news/40574-microsoft-we-should-block-infected-pcs-from-the-internet.html

 

[olds]

So, what's your point?

 

[rudeguy]

I vote for nuking them from orbit

 

[Amused]

I vote for nuking them from orbit

It's the only way to be sure...

 

[DominionSeraph]

I vote for nuking them from orbit

LOIC.

Oh, wait

 

[spidey07]

I think this is an incredibly awesome idea. Internet wide intrusion protection systems. If you're running a bad bot or malware you are sent to a cleaning zone and given free access to tools to fix it.

 

[WelshBloke]

I think this is an incredibly awesome idea. Internet wide intrusion protection systems. If you're running a bad bot or malware you are sent to a cleaning zone and given free access to tools to fix it.

Noooooooo, I agree with Spidey.


Must.....reconsider.....position...before..its....too.....la.....t....e

 

[spidey07]

Noooooooo, I agree with Spidey.


Must.....reconsider.....position...before..its....too.....la.....t....e

Well the article mentions he wants government intervention to do so, so on that, screw him.

 

[DrPizza]

"Just as when an individual who is not vaccinated puts others' health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society," Charney said. "We need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk."

How about make a product that doesn't have so many vulnerabilities?

 

[sandorski]

SkyNet to the rescue!!!

 

[lxskllr]

How about make a product that doesn't have so many vulnerabilities?

Impossible. You can't fix stupid. If 90% of the people started running Linux instead of Windows, Linux would have the same issues Windows has now. Windows has actually been pretty good since Vista. A lot of the exploits have gone after 3rd parties to get in the system.

 

[WelshBloke]

Impossible. You can't fix stupid. If 90% of the people started running Linux instead of Windows, Linux would have the same issues Windows has now. Windows has actually been pretty good since Vista. A lot of the exploits have gone after 3rd parties to get in the system.

True that.

If a box popped up saying "if you click OK you will surrender control of your computer to a dodgy Russian geezer, however, we will show you lots of boobs" what % of people do you think would click OK?

 

[busydude]

Impossible. You can't fix stupid. If 90% of the people started running Linux instead of Windows, Linux would have the same issues Windows has now. Windows has actually been pretty good since Vista. A lot of the exploits have gone after 3rd parties to get in the system.

qft

I vote for adobe reader as the worst POS insecure software ever made, even worse than IE 6.

 

[lxskllr]

qft

I vote for adobe reader as the worst POS insecure software ever made, even worse than IE 6.

Yea, Adobe is a blight on computing. It'll be a grand day when their products have been marginalized, and replaced with better, more professionally packed competitors.

 

[irishScott]

Impossible. You can't fix stupid. If 90% of the people started running Linux instead of Windows, Linux would have the same issues Windows has now. Windows has actually been pretty good since Vista. A lot of the exploits have gone after 3rd parties to get in the system.

Actually I'd argue that since Linux is open source it's possible that, especially with 90% market share security updates would be released much more promptly, but yeah. Old armor/weapon war of infinite escalation any way you slice it.

 

[lxskllr]

Actually I'd argue that since Linux is open source it's possible that, especially with 90% market share security updates would be released much more promptly, but yeah. Old armor/weapon war of infinite escalation any way you slice it.

It's only secure if people use it properly, just like Windows. If everyone started running Linux, you'd see tweak guides popping up all over showing people how to run as root to avoid credential challenges, and other ways to "speed up" the system. Throw in some good old fashioned phishing, crappy third party apps, and plain old dumbassery, I don't think things would be much different than they are now.

 

[Bateluer]

While they're at it, will they also black IE6 and 7 from accessing external web sites?

 

[Wyndru]

I think this is an incredibly awesome idea. Internet wide intrusion protection systems. If you're running a bad bot or malware you are sent to a cleaning zone and given free access to tools to fix it.

The only problem with this is if whoever is hosting the tools doesn't have a way to fix it, you are screwed. Similar to how one virus program will work on a specific infection, yet another doesn't. Then you are stuck waiting until someone creates a definition that detects whatever you have. They would need to be sure that if they detect it, they can correctly and fully remove it and prevent it from coming back.

At my job I feel like I alert CA's etrust and pest patrol team of more viruses/spyware than I am protected against. Every week there is something that isn't detected that I have to send them the files on before they add it to the definition. Malwarebytes and combofix seems to be the only resolution for majority of my issues lately.

 

[alkemyst]

I vote to take over the sound and blast "HEY ASSHOLE, YOU HAVE A FUCKING VIRUS!"

 

[Zorkorist]

It's an easy fight back...

The bots are by definition, easy to infiltrate, so obv, we infect them with our bot.

That kills their bot.

I'd hope our Government can do that.

-John

 

[spidey07]

Here's how you do it:

1) Your IP has a traffic pattern that is a well known bot
2) You can't talk to much of anything, you can't phone home and you cannot receive bot commands
3) You are placed into quarantine and only have access to free tools to clean your shit.

The best analogy would be you are spewing viruses to the entire world, so the best course of action is to contain you.

 

[Zorkorist]

That's not bad.

Except it means some big over-sight thing, rather than just attacking bot machines the way they were compromised to begin with.

-John

 

[rockyct]

How about make a product that doesn't have so many vulnerabilities?

Microsoft's Security Essentials is a great piece of AV software for 90% of the people out there. You have to go manually download it though or else Microsoft would get slapped with lawsuits. Windows itself is actually very secure if you've installed MSE and all the patches are up to date.

qft

I vote for adobe reader as the worst POS insecure software ever made, even worse than IE 6.

Exactly. It's the Real Player of the last five years. It's just a matter of time before it gets killed off though.

 

[Zorkorist]

Adobe seems to begin to understand, that they are almost as pervasive as Windows, and I get updates from them about as often as Windows now.

Any popular application is ripe for attack...

-John

 

[SagaLore]

Disconnecting a compromised machine from the network. What an original idea! Oh wait...