Zero Day

Ryan Naraine and Dancho Danchev

Zombie PC Prevention Bill to make security software mandatory

By Dancho Danchev | March 24, 2011, 8:53am PDT

Summary: South Korea’s recently proposed Zombie PC Prevention Bill, aims to fight botnets with common sense - by making security software mandatory on users’ PCs.

How do you fight botnets? With rationalism, or with radicalism?

South Korea’s recently proposed Zombie PC Prevention Bill, aims to fight them with common sense - by making security software mandatory on users’ PCs. What’s particularly interesting about the bill, is the backdoor left open, empowering the government to “examine the details of the business, records, documents and others” of users and companies who do not comply.

More details on the bill:

to impose a statutory duty on every citizen to install and to use security software pursuant to the Presidential Decree to be issued under the Act
to confer on the government department (Korea Communications Commission; KCC) the power to ban or to allow the business of those security solution providers which KCC chooses to ban or to allow according to certain criteria
to make the security solution providers to focus on winning the favor of government officials (through lobbying) rather than winning the consumers in the market through competition and innovation of product quality
to empower the KCC agents, without a warrant, to “examine the details of the business, records, documents and others” of anyone upon mere suspicion that the person (individual or company) has violated the duty to use security software

In the past there have been numerous cases of enforced best practices, or how the lack of such may lead to unpleasant results:

End users without security software cannot file fraud claims for their E-banking accounts
Commonwealth got fined $100k for not mandating security software on its PCs
Citizens Financial got sued for lack of sufficient E-banking security measures

What the MPs seem to have forgotten is the fact that antivirus software only mitigates a certain percentage of the risk, and is only part of a well developed defense in depth strategy. Multiple independent reports and tests show that despite that users are running antivirus software, they still get infected with malware.

What do you think is the best way to fight botnets? Rationalism or radicalism. Is running security software a duty, or has the time come for ISPs to take care of their own backyards.

TalkBack.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Microsoft warns: Fraudulent digital certificates issued for high-value websites

Spamvertised Post Office Express Mail (USPS) emails lead to malware

Topics

Antivirus, Malware, ISP, Software, PC, Security Software, Security, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Full Bio
Disclosure
Contact

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Talkback Most Recent of 127 Talkback(s)

Follow via:: RSS; Email Alert

RE: Zombie PC Prevention Bill to make security software mandatory

Sounds great on the surface, but when you get to the meat and potatoes, people would likely do just as well running without "security" there.
scoop0901@...
24th Mar
- Reply to
- Flag
And it won't work.

@scoop0901@...

Unless you get rid of the weak link (AKA: The User), this will only enrich the people that make security software.
Bruizer
24th Mar
- Reply to
- Flag
Actually, it would be easier to just outlaw Windows. No need for Win32

Anyway.
DonnieBoy
24th Mar
- Reply to
- Flag
That's stupid. Lets bankrupt a company by taking away

@DonnieBoy
Windows and give them Linux instead. May as well give them a pad of paper and a pencil to run their businesses on.
John Zern
24th Mar
- Flagged
RE: Zombie PC Prevention Bill to make security software mandatory

@DonnieBoy I'm currently running Win64 =).

It would be pointless. They'll just start attacking the next platform that comes in.
CobraA1
24th Mar
- Flag
Guys, the only redeeming feature of Windows is Win32, and that is fading

away. Trying to keep Windows computers held together with duct tape and bailing wire and all of the security problems is what is bankrupting companies. Can you say "rats nest"? Sure, I knew you could.
DonnieBoy
24th Mar
- Flagged
Fading away?

@DonnieBoy
Odd, I don't see it fading away.
Rat's Nest? I heard of that, it's the next incarnation of Ubuntu.
John Zern
24th Mar
- Flag
RE: Zombie PC Prevention Bill to make security software mandatory

@DonnieBoy I find Win64 very redeeming =).
CobraA1
24th Mar
- Flag
Donnieboy, All platforms are vulnerable.

@DonnieBoy

Instead of banning Win32 lets not give the sudo password out to users for they will get infected. Malware for phones is taking off and they run a Unix variant on a RISC Arm processor. You are not very logical.
osreinstall
24th Mar
- Flag
Not at all

@John Zern
It would put you out of job shilling for Micro$oft, and that would be awesome.
LTV10
25th Mar
- Flag
RE: Zombie PC Prevention Bill to make security software mandatory

@DonnieBoy
Although Windows is the biggest target for spyware, ect, no operating system is 100% secure. Attackers would just move to the next big target.
Zc456
25th Mar
- Flag
RE: Zombie PC Prevention Bill to make security software mandatory

@DonnieBoy

seriously? get a grip on reality!

i've worked network security for more than 10 years. i do not care what the target is, if the attacker believes there is sufficient value to compromising the target, the attacker will attack with whatever channels are available, and no system is impervious. it is a constant cat-and-mouse game between the attackers and the defenders. having been on both sides of that game to some extent, i say this from direct experience.

and when all is said and done, no matter what the OS is, the single weakest ***** in the armor is the user, and the human tendency to choose convenience over security because it is easier.
erik.soderquist
25th Mar
- Flag
Agreed!

@DonnieBoy
The problem is not technically inept users (like here), but an operating system with more holes than any other in the history of IT.
Of course, nobody will admit this, there's too much money to make on the second rate platform. :-/
Mikael_z
27th Mar
- Flag
Different shades of hell

@ Zc456
Windows is the worst with a huge margin.
I'd say the problem would be solved if Windows were banned from the internet. We who want a network free from PC zombies, virus infected PC:s, sending data everywhere, in effect reducing valuable bandwidth for everybody else who have enough wits to choose something better than that crap from Redmond.

Clear enough?
Mikael_z
27th Mar
- Flag
RE: Zombie PC Prevention Bill to make security software mandatory

@scoop0901@... - Then there is the Congress. Would a Republican led Congress thats currently howling about the Government requiring citizens to purchase Health Care agree with this? Well we know they would be fine with it if it were on a State level but not Federal.
NPGMBR
24th Mar
- Reply to
- Flag