Microsoft Wants the Easy Way Out of Botnets

Isolating zombies does more to strand end users than halt virus infections

The suggestion Microsoft made this week to isolate PCs that have been infected with malware that lets them be controlled remotely as part of botnet armies, theoretically takes its model from the best-practices manualon preventing the spread of infectious disease in humans.

There are a whole range of reasons it's a bad idea -- ranging from the potential for false positives to the Catch-22 of isolating an infected machine so its owner can't get help -- aside from taking lessons not from epidemiology best-practices, but from medieval plague models that require locking in victims until they're all dead.

Aside from the much greater likelihood of success from taxing the instigators, arresting them, (though even successful law enforcement isn't a complete solution) the most important reason is that there is so much overlap between personal computing and corporate computing that any effort Microsoft or anyone else makes to 'fix' the virus problem by isolating victims will have an immediate impact on corporations.

It's much easier to impose anti-virus and security policies within a corporation, and set gateways to not only scan for viruses, but reject or restrict connections from PCs that aren't demonstrably clean.

When a home computer is cut off from the 'net for a virus infection, though -- assume it's one a child used for homework and to download a virus-laden anime -- where is the kid going to go to finish that project? Mom and dad's laptops, which can be infected just as easily by moving over documents on a flash drive as an ISP could be by connecting to an infected machine.

Cutting off victims because it's easier to let them die than risk spreading the disease went out of fashion in medicine a long time ago, and it's far easier to isolate a whole person than it is to make sure no stream of data escapes from an infected PC through any interface, when the human owning it wants to get back online and refuses to leave the PPT of the TP3 report or the book report or the anime behind.

Keeping up with the viruses, trojans and exploits of the many tiny security gaps in its tens of millions of lines of code keeps a lot of Microsofties busy, and spends a lot of its billions in revenue. It's not surprising or unreasonable that Microsoft wants to slow down that leak of cash a bit.

This isn't the way to do it.

ITWorld DealPost: The best in tech deals and discounts.
You Might Like