Home Business IT Security Microsoft security boss proposes websites block unhealthy PCs

Following controversy surrounding his proposal for a global ISP-led quarantine of infected PCs last year, Microsoft security chief Scott Charney told the cyber security community today he has adjusted his recommendations.


The proposal now is to by-pass ISPs and let websites decide if your PC is healthy enough to do business with them. In other words, reverse engineer web browsing to make trusted transactions a two-way street.

Infected devices and those without an effective anti-virus would be turned back from transacting with websites. Banks, for example, might block account access or allow only low-value transactions until a device is 'fixed'. People ringing emergency services via VoIP would not be affected.

Before his highly anticipated keynote address at the RSA Conference in San Francisco overnight the Microsoft's Corporate VP Trustworthy Computing told ITWire exclusively that an API attached to the Windows firewall or anti-virus software could send a 'health certificate' to websites indicating its patches were up-to-date and it was not infected.

'It's prevention. We tell people to wash their hands, to vaccinate their kids. We do those things for a reason. We've given people the advice before, but sometimes telling them is not enough,' he said.

Charney's proposal is also aimed at US law makers at a time when governments around the world are grappling with cyber threats and growing cybercrime perpetrated by botnets. Millions of individual unsuspecting computers are believed to controlled by criminal gangs to execute spam, phishing and other attacks.

Howard Schmidt, cyber security coordinator at the White House, said Charney's 'self-healing, self-detection, self-solving of consequences model' had merit.

'Looking at a model that helps facilitate that is a big plus,' Schmidt said.

Charney's change of strategy comes as Australian ISPs adopted the volunteer icode (www.icode.net.au) in December. The code works along the lines he proposed last year.

Then he proposed unprotected and out-of-date PCs be quarantined from the internet by ISPs until they had been returned to an optimum state.  ISPs would then tell their customers the PCs needed fixing.

This is how the icode works in Australia with the additional requirement that ISPs tell Australian authorities if their client traffic is distributing malicious code or threatening the networks.

Charney applauded the Australian scheme but said there was opportunity to do more.

'It's still a reaction model because the ISPs wait until there is a problem. Vaccines work before there is a problem. It is important to be reactive and kudos for the Australian ISPs for doing that, but there's also an opportunity to be proactive so why don't you tell us you're passed the hygiene test?'

Symantec CEO Enrique Salem told ITWire 'everyone has to have a role'.

'The website has to absolutely have a role in it, but the user has to have some control. I also think the ISPs also have a tremendous key role because they have absolute visibility of what's on their network,' Salem said.

When pointed out that a reason for 'unhealthy' PCs is unpatched Windows vulnerabilities, Charney said the company had reduced them but achieving zero vulnerability was unrealistic.

'Absolutely reducing vulnerabilities is important. Since our adoption of the security product lifecycle our products have been reducing the number of vulnerabilities. We will not reduce vulnerability to zero. Systems are designed by people - just like we still have defects in cars.

'Secondly, as we've got more secure the attackers have moved up to application layer stacks and as we and Adobe and everyone else got more secure, they've moved up to people into social engineering.

'Even if we got it to zero, we still wouldn't solve the malware problem.'

 

FREE REPORT - IT MONITORING TOOLS COMPARISON

Are you looking to find the most efficient IT Monitoring tool available?

IT Monitoring is an essential part of the operations of any organisation with a significant network architecture.

Multiple IT monitoring platforms are available on the market today, supporting the various needs of small, medium-sized, and large enterprises, as well as managed service providers (MSPs).

This new report studies and compares eight different IT monitoring products in terms of functionality, operations, and usability on the same server platform with 100 end devices.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

Download your free report to find out.

DOWNLOAD!

Connect