Microsoft Official Suggests Quarantining Infected PCs

Infected PCs should be quarantined by government action, Microsoft's Scott Charney told a security conference in Germany. Charney's quarantine recommendation is especially aimed at botnets. The Microsoft vice president said voluntary efforts are preferred, but then government should act while preserving privacy. Charney cited existing models.

Infected computers should be quarantined. That's the recommendation of Scott Charney, vice president for Microsoft's Trustworthy Computing effort, in a speech Tuesday at the International Security Solutions Europe Conference in Berlin, Germany.

Charney also made the recommendation on his blog and in a paper published by Microsoft. His recommendation is based on lessons from public health, where quarantining people can be an effective response to a virulent virus outbreak.

'Considerable Paralysis'

His solution is particularly directed at combating botnets, where organized cybercriminals control entire networks of computers.

On Microsoft's TechNet blog, Charney wrote that most computer -security experts believe "a persistent adversary will more often than not be successful in attacking systems," particularly if "raising defenses" is the only response.

Because of this, he argued, attention needs to be paid to deterring these attacks -- especially by government agencies, which have the power to investigate criminal activity and utilize a wide range of tools and resources. But, he added, neither governments nor industries are "well-positioned" to respond to such a complex threat, and, as a result, "there is considerable paralysis."

The implementation of public-health models, Charney argued, could be the best approach. Firewalls, antivirus tools, and automatic updates for security patches can reduce risk, but many consumer computers still become unwitting participants in a botnet or malware hosts.

"To realize this vision," he wrote, "there are steps that can be taken by governments, the IT industry, Internet access providers, users and others to evaluate the health of consumer devices before granting them unfettered access to the Internet and other critical resources."

Privacy Measures

He wrote that voluntary efforts and market forces for such quarantining are preferred, but, "if those means fail, then governments should ensure these concepts are advanced." Charney added that privacy must be maintained, even in the event of a quarantine of computers. "Examining health is not the same as examining content ," he wrote, adding that communication of health is separate from communicating identity, and privacy measures should be maintained.

Charney pointed to several existing models for industry and government action to improve the health of Internet-connected systems.

France's Signal Spam is a database used by public and private entities to help clean up the e-mail ecosystem. Japan's Cyber Clean Center is a core organization which works with Internet service providers to analyze the characteristics of botnets, clean infected computers, and prevent their re-infection.

The Finnish National Computer Emergency Response Team manages an aggregation service that automatically compiles information on malware and security incidents on Finnish networks and reports them to network owners, which can then choose to act. Charney also noted that enterprise IT departments already often quarantine infected computers.