How do you fight botnets? With rationalism, or with radicalism?
South Korea's recently proposed Zombie PC Prevention Bill, aims to fight them with common sense - by making security software mandatory on users' PCs. What's particularly interesting about the bill, is the backdoor left open, empowering the government to “examine the details of the business, records, documents and others” of users and companies who do not comply.
More details on the bill:
- to impose a statutory duty on every citizen to install and to use security software pursuant to the Presidential Decree to be issued under the Act
- to confer on the government department (Korea Communications Commission; KCC) the power to ban or to allow the business of those security solution providers which KCC chooses to ban or to allow according to certain criteria
- to make the security solution providers to focus on winning the favor of government officials (through lobbying) rather than winning the consumers in the market through competition and innovation of product quality
- to empower the KCC agents, without a warrant, to “examine the details of the business, records, documents and others” of anyone upon mere suspicion that the person (individual or company) has violated the duty to use security software
In the past there have been numerous cases of enforced best practices, or how the lack of such may lead to unpleasant results:
- End users without security software cannot file fraud claims for their E-banking accounts
- Commonwealth got fined $100k for not mandating security software on its PCs
- Citizens Financial got sued for lack of sufficient E-banking security measures
What the MPs seem to have forgotten is the fact that antivirus software only mitigates a certain percentage of the risk, and is only part of a well developed defense in depth strategy. Multiple independent reports and tests show that despite that users are running antivirus software, they still get infected with malware.
What do you think is the best way to fight botnets? Rationalism or radicalism. Is running security software a duty, or has the time come for ISPs to take care of their own backyards.
TalkBack.