Do not allow Infected PCs connect to web: Microsoft Recommends

Majority of computers in this world are using pirated operating systems and software. Although many of these PCs are regularly connected to internet; but since they are using pirated or unlicensed software, these computers don’t have access to regular automatic updates for security patches from the software makers’ official website. In addition, there are countless computers around the world which either have no or inadequate anti-virus protection.

All the above, account for a humongous number of computers on this planet which are not only unfit for venturing into Web; but according to world’s biggest software maker, Microsoft, put others at risk and pose a greater threat to society as well.

Scott Charney, Microsoft's vice president of trustworthy computing, says that these computers being threat to the society comes primarily from botnets. Botnets is a network of hacker-controlled computers which is used on a grand scale for identity theft. The computers the hacker controls are the computers with no or inadequate protection connected to internet scattered across the world, belonging to anyone, a ordinary web surfer or a hi-tech one at some Govt or business institution. The primary reason the hacker manages to control such computers is them lacking adequate protection.

According to Charney, the society should treat these infected computers in the same way it treats humans carrying some infection. This means, quarantine (quarantine is a process by which any pathogen like virus is made still –neither further growth not any reduction) the said computer and doesn’t allow it to access internet till it is infection free and fully protected to venture into internet.

Charney wants governments and ISPs to treat endangered computers in the same way as officials would treat a public health crisis --- implementing not only quarantine but also pushing on “Prevention is better than cure” adage.

Charney, while giving a speech at the International Security Solutions Europe (ISSE) Conference in Berlin, adds that although Cyber defenses such as firewalls, antivirus, and automatic updates for security patches can reduce risk, but they're not enough.

He suggests that the Govts should ensure that machines have acceptable protection before being a part of web. The acceptable machines consist of a "health certificate" that proves their conformity with security requirements. The IT industry, Governments, Internet access providers, users, and others must "evaluate the health of consumer devices before granting them unfettered access to the Internet or other critical resources, he adds.

France and Japan both the countries already have models for security including their Signal Spam and Cyber Clean Center programs, respectively. Charney accentuated that with their own increased PC protection, other countries should follow the same.

Going by the way web functions, where irrespective of having good or bad intentions, enterprises (hackers included) want to save resources it can be believed that compromised machines pose sizable security threat not only to selves but also to the others; but equally true is that an ordinary pc user in most countries will not be able to go for a licensed software and protection for two reasons 1) steep prices and 2) Lack of payment options (what is the reach of credit cards in a country).

Many experts tend to highlight the privacy concerns and the freedom of an ordinary web user; but I think that’s unnecessarily skewing the debate; as paying for something a person uses can never be debated.

That said, do you think, there are any better ways at dealing with the issue? --------

No comments