Computers infected with malware should be disconnected from the internet to prevent them posing a risk to the rest of the online community, a top security executive at Microsoft has urged.
In a paper delivered to the ISSE 2010 computer security conference in Berlin on Wednesday, Scott Charney, Microsoft's vice president of Trustworthy Computing, proposed the move as part of a re-think of global IT cybersecurity along public-health lines. Quarantining infected PCs would help prevent malware from spreading and could help battle botnets, he said.
"If a device is known to be a danger to the internet, the user should be notified and the device should be cleaned before it is allowed unfettered access to the internet, minimising the risk of the infected device contaminating other devices," Charney said.
He called for companies and governments to work together on a "global collective defence" to ensure the safety of the internet and the world's online community. The strategy should be implemented and defined in the same way that nations define and deal with public-health problems, he added.
"In the physical world, international, national and local health organisations identify, track and control the spread of disease, which can include — where necessary — quarantining people to avoid the infection of others. Simply put, we need to improve and maintain the health of consumer devices connected to the internet in order to avoid greater societal risk," Charney wrote in a blog post announcing the paper.
Botnets, which are networks of millions of compromised computers, are increasingly popular among cybercriminals as a means for distributing spam or launching attacks against specific targets. In May, VeriSign said that its online investigation found botnets for rent for as little as £6 an hour, meaning that less-skilled criminals are able to use them for attacks.
A collective global approach to cybersecurity should help make up for failings in individual defensive measures, according to Charney. "Commonly available cyber-defences such as firewalls, antivirus and automatic updates for security patches can reduce risk, but they're not enough," he said. "Despite our best efforts, many consumer computers are host to malware or are part of a botnet."
Charney noted international, national and private-sector efforts that he believes are good examples of the use of collective defence. These included Japan's Cyber Clean Center, which communicates with 70 internet service providers to identify botnet-infected machines and provides software to prevent reinfection. The Microsoft Active Response for Security (Mars) plan, meanwhile, provides technical resources for quelling local botnet infections, such as the recent Waledac botnet.