The Cyber Clean Center in Japan is comprised of more than 70 ISPs (Internet Service Providers) that together, contacts PC users whose computers have become infected with viruses. The CCC thereafter keeps the user’s PC up-to-date with security software; France and Austria have similar initiatives to keep infected PCs off the Internet.
All of the mentioned countries have universal healthcare. What Microsoft is now attempting to do is begin such a healthcare system for the PCs of America.
Many Libertarians and the like will likely be very angry, but let’s not make this political just yet.
Microsoft’s Healthcare Bill
Microsoft’s proposal would be designed to hunt down botnets (networks of infected computers and the hunting grounds of cybercriminals). Typically, computers become infected by a virus via an e-mail attachment or message or via a software download disguised as a legitimate program, and thereby drawn into a network manipulated by cybercriminals. These networks vary in size but some can contain millions of PCs.
The proposed PC healthcare initiative would temporarily quarantine infected PCs to stop the spread of a virus. This is much like the procedure for people infected with viruses—they are quarantined, treated, and released. “When an individual is not vaccinated [it] puts others’ health at risk,” said Scott Charney of Microsoft’s Trustworthy Computing team in a blog post. “Computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society.”
“Commonly available cyber defenses such as firewalls, antivirus, and automatic updates for security patches can reduce risk, but they’re not enough,” continues Charney. He presented his proposal at the International Security Solutions Europe (ISSE) Conference in Berlin; with it, every PC would have a “health certificate” to prove its health before connecting to the Internet.
Bugs with the Bill
Some heat has been felt over the event of something trying to contact emergency services via an infected computer. In this case, much like a cell phone that, though requiring a password, allows one to call emergency services, an infected computer may still access the Internet for such purposes.
For Microsoft, this means that it would need to:
- Define a “healthy” computer,
- Create a trusted system for health certificates,
- And find a way for ISP to process and act upon them.
Some doubt Microsoft’s ability, even its authority on the matter, however. “Microsoft doesn’t have a faultless record when it comes to security,” Mr. Graham Cluely of the security firm Sophos rightfully doubts. He wonders whether Microsoft should clean up its own corridors before bringing their brooms and dustpans into other houses, but only time will tell.