Microsoft continues push for infected computers to be quarantined

Microsoft continues push for infected computers to be quarantined

Summary: Microsoft Scott Charney is pushing ahead with a proposal to implement a public health model to curb the damage from botnets of malware-laden computers around the world.

SHARE:
TOPICS: Security, Microsoft
108

SAN FRANCISCO -- Microsoft's Scott Charney is pushing ahead with a proposal for a public health model to curb the damage from botnets of malware-laden computers around the world.

During a keynote presentation (see documentation) at the RSA Conference here, Charney trumpeted a "global Internet health model" that uses existing technologies and organizational policies to implement a system that limits what an infected computer can do on the Internet.

Charney's message was much the same as it was last year when the Microsoft Trustworthy Computing chief called on ISPs to be aggressive and consider shutting off Internet access to infected computers.

This year, Charney took his message further, suggesting that computer users can opt into a Web-based program that provides alerts when security risks are identifies.

"Notifying individuals of security problems or configuration issues in advance provides a first step in transforming current computer security posture from reactive to preventative," Charney added.

follow Ryan Naraine on twitter

In an accompanying white paper (.pdf), Charney suggested the concept of device health can benefit from a more aggressive approach to pinpointing infected devices.  Specifically, he called for an analysis and hte sharing of data from sinkholes, network traffic, and product telemetry to identify potentially infected devices.

"If a device is known to be a danger to the Internet, the user should be notified and the device should be cleaned before it is allowed unfettered access to the Internet, minimizing the risk of the infected device contaminating other devices or otherwise disrupting legitimate Internet activities," Charney declared.

In most cases, Charney said this can be done with current technology across multiple systems and platforms and pointed out that Comcast is already making attempts to quarantine dirty machines.

"It is our view that approaches like this need to be broadened significantly, even globally," he added.

On the consumer side, he said there is need for a mechanism for clean computers to demonstrate their "good health" (a health certificate) without rendering the systems more vulnerable, less reliable, or providing a conduit for leaking private information.

Second, the mechanism that produced the health certificate must be trusted (that is, infected devices should not have a way to fake a health certificate).14 Combining trusted software such as hypervisors and hardware elements such as a Trusted Platform Module (TPM) could further enable consumer devices to create robust health certificates and ensure the integrity of user information.15 Third, access providers and other organizations must have a way to request health certificates and take appropriate action based upon the information provided. Finally, we will need to create supporting policies and rules to ensure the effectiveness of this model.

Under this model, Charney said a consumer machine seeking to access the Internet could be asked to present a “health certificate” to demonstrate its state. Although the conditions to be checked may change over time, he said the health checks should ensure that software patches are applied, a firewall is installed and configured correctly, an anti-virus program with current signatures is running, and the machine is not currently infected with known malware.

If the health certificate indicates a security issue, such as a missing patch or out-of-date anti-virus signature, Charney said an ISP may provide a notice that assists the user in addressing the security concern or directs the user to resources for remediation.

"If the problem is more serious (the machine is spewing out malicious packets), or if the user refuses to produce a health certificate in the first instance, other remedies such as throttling the bandwidth of the potentially infected device, might be appropriate," he added.

The idea of quarantining infected users to secure the Internet ecosystem is not new but security experts say that unless ISPs have a financial incentive to implement these models, these initiatives will go nowhere.

Topics: Security, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

108 comments
Log in or register to join the discussion
  • The only real strategy is to...

    ...remove Windows totally, install linux or get a Mac. Years and wasted man hours have proven that it is a futile effort to make Windows even remotely secure. Firewalls, IPS, IDS, Two factor Authentication, Antivirus, etc...etc...and these Computers STILL get infected.

    I guess a lot of people are just a glutton for punishment/abuse.
    james347
    • RE: Microsoft continues push for infected computers to be quarantined

      @james347 <br><br>Yeah! Mac and Linux! Sure why not? On one hand you have a walled garden, ruled by a egotistical man who wants it all, and on the other you have a complete mess (Or lack thereof) of an ecosystem. Sure that'll work out quite well. <br><br>Besides, it's not like Linux or Mac can be infected by clueless "joe user" users.
      The one and only, Cylon Centurion
      • RE: Microsoft continues push for infected computers to be quarantined

        @Cylon Centurion 0005 You already have that in the mobile market, it's called Android.
        Ron Burgundy
      • RE: Microsoft continues push for infected computers to be quarantined

        @Ron Burgundy - thank you Donnie, another goofy one.
        ItsTheBottomLine
      • Micro$oft doesn't control the internet

        And legally their push for quarantine is just pie-in-the-sky.

        I'd rather deal with multiple threats than be controlled and used by one unelected corporate monopoly.

        Thank God for Linux.
        LTV10
      • iOS Maybe, not OS X.

        @Cylon Centurion 0005

        I can see how you could make the argument of the walled garden for iOS (Apple's in this case, but Cisco's too), but not of OS X. OS X is very open, and anyone can write software for it, and not go through Apple to sell it. This is exactly the same as Windoz.
        anonymous
    • Fool alert! james347 is speaking again!

      @james347 its futile effort trying to spread your FUD, JimmyBoy.
      Run back to Steve Jobs an tell him nobody believes you and you need to try a new approach. :)
      John Zern
      • RE: Microsoft continues push for infected computers to be quarantined

        @John Zern

        Hey, I'm pacing myself, thank you very much!
        james347
    • It's not Windows, it's human nature

      @james347 <br><br>I'm not the biggest Windows windows fan in the world, but that being said, there will always be piece-of-s#!t a--holes who commit crimes. Take away Windows and where do you think the malicious hackers will look next?<br><br>The dumbest part of Charney's proposal is the supposition that there could be such a thing as a certificate service that could validate that a machine is free of malware, when anti-malware software can't even do that. All it could do is to validate that a machine is free of known malware. So, the validation would be completely useless since it offers no protection against malware we don't know about -- the kind we should all be especially worried about.<br><br>Couple that with the possibility of abuse by ISPs, and it's easy to see that this is a really bad idea.
      RationalGuy
      • RE: Microsoft continues push for infected computers to be quarantined

        @RationalGuy Games have PUNKBUSTER software that's required to play on many game servers. Hackers get banned. Simple.
        Feldwebel Wolfenstool
      • And yet people still cheat at video games ...

        @Feldwebel Wolfenstool<br><br>... with client side hacks despite Punkbuster. So, Punkbuster kind of works until someone figures out a way around it. Then it doesn't work anymore. Until Punkbuster is patched. Then someone hacks it again. Then it gets updated again.<br><br>Hmm ... kind of sounds like the anti-malware situation.<br><br>What kind of trust can I put in this "safe" Internet, when I know that by design it can't weed out hackers that it doesn't know about? Every machine on the new "safe" Internet is either truly malware-free or it's infected with malware that I don't know about.<br><br>Hmm ... kind of sounds like the Internet right now.<br><br>So, would my Internet habits change on the "safe" Internet? Not one single f---ing bit! So, then what's the point?!?<br><br>Another problem is what if ISPs set a participation threshold for "safe" that I don't agree with? What if their definition of "safe" begins to shape the marketplace for available technology, even if the thing they are pitching as "safe" isn't really safe at all since it can only detect threats it knows about.<br><br>When the stake are low (like who wins in a video game) the Punkbuster approach is fine. When the stakes are high, it's laughably inadequate.
        RationalGuy
    • RE: Microsoft continues push for infected computers to be quarantined

      @james347 guess what OS was the first virus written for! hint: it ends with "ix".
      pupkin_z
      • RE: Microsoft continues push for infected computers to be quarantined

        @pupkin_z Ummm VMS doesn't end in ix..

        The first worm was used in HP labs for diagnostics.

        The first unintentional worm that I know of was from an engineer trying to map the DEC internal network... with a bug. Took down the internal network sometime in the early 80s.
        jessepollard
    • Loverock Davidson said its all Linux & Mac fault

      were in the position were in and he's never wrong. Just ask him? :-)
      Over and Out
    • RE: Microsoft continues push for infected computers to be quarantined

      @james347 ....cliche rhetoric is tiresome...
      Feldwebel Wolfenstool
    • RE: Microsoft continues push for infected computers to be quarantined

      @james347

      And that will last 7 days. Mac and Linux viruses and malware exist. If they pass 40% or so of the machine population on the internet, say goodbye to "security through obscurity".
      RyuDarragh
      • RE: Microsoft continues push for infected computers to be quarantined

        @RyuDarragh

        Security through obscurity is the Microsoft strategy. It has never worked. Crackers I know say that no Windows machine is safe, an none ever will be. Too many ways in.

        Linux and some BSD variants are POTENTIALLY safe. There are vectors though. .NET/Mono, Java and a few others. On Windows, there is also ActivX, Visual Basic and friends.

        Reality is that there are no internet viruses. There are however Windows viruses spread on the internet. There is a rumor of an Apple virus on the internet, but I don't know anyone who has encountered it. Apple forums are also silent on this.

        Linux viruses are reported to have been created by security researchers, but have not been seen on the internet. There are a couple of .Net viruses that can infect a Linux machine running Novel's Mono. There are also a couple of Java viruses that can escape the sandbox. That's why Java should not be enabled for normal run time on any system.

        There should also be no automatically executed programs on any Linux or BSD system. A user can execute malicious programs on any system, but that is a Trojan, not a Virus. There are other attacks that can effect any system, but they require more control, and cannot be mass executed. That is why most internet 'Bot Nets' are Windows machines. It's just easier to automate the suborning of that system.

        If you want a safe machine for web surfing, I would suggest a Linux on CD approach. One of the live CD's will allow you to safely surf the internet. It can't infect your hard drive if the system can't address the hard drive. The only drive seen on most live CD's is the CD drive,and that is read only.

        Paranoia is only a problem if you are wrong!
        YetAnotherBob
      • Sorry, WRONG!

        @RyuDarragh

        Micorsoft allows both intentional and unintentional ways to load software. Apple does not.

        If a Mac user has any common sense at all, he cannot be infected. He can NEVER be infected without a proactive stupid act.
        anonymous
    • RE: Microsoft continues push for infected computers to be quarantined

      @james347 Soo.... 4 billion people switchover and you don't think this will have a negative impact on Mac or Linux?
      The article points to cross-platform usage so wouldn't it still be viable to say that it is needed?

      Here at work, if you are on the domain, you have anti-ware pushed out to you. If you do not get the updates due to errors or have figured out ways to circumvent this, you are removed from the domain. Allowing you to still have access to the internet, but not any school/hospital applications and whatnot. If you have an outside PC/Laptop and want to connect VPN with the system, your system will be scanned for active Anti-Ware programs with current DATs. If your Anti-Ware is NOT current, VPN is refused and you are given a message to update this before trying again via a webpage of instructions for most of the major anti-ware vendors and links to their dat file downloads.

      Luckily my Ubunto netbook has only been denied 1 time since I have started using it at home 3 years ago.
      dbisse@...
    • RE: Microsoft continues push for infected computers to be quarantined

      @james347
      It's not a solution to totaly remove any OS.

      Windows it a prime target ONLY because it's the dominating OS.
      If any other OS takes it's place, then THAT OS will becomes the new prime target. On the mobile platform, Android is the top OS and the prime target for the cyber crooks. Android is a Linux variation. Apple's iPod, iPhone and iPad are also under
      attack from those criminals. Mac OS and iOS are Unix variants.

      As long as the user is the weakest link in any security strategy, the OS used is don't mather. There days, most infections are done using social ingienering to circumvent security measures and hit some OS, or application, vulnerability.
      Kualinar