Home Business IT Security Microsoft security boss proposes websites block unhealthy PCs

Following controversy surrounding his proposal for a global ISP-led quarantine of infected PCs last year, Microsoft security chief Scott Charney told the cyber security community today he has adjusted his recommendations.


The proposal now is to by-pass ISPs and let websites decide if your PC is healthy enough to do business with them. In other words, reverse engineer web browsing to make trusted transactions a two-way street.

Infected devices and those without an effective anti-virus would be turned back from transacting with websites. Banks, for example, might block account access or allow only low-value transactions until a device is 'fixed'. People ringing emergency services via VoIP would not be affected.

Before his highly anticipated keynote address at the RSA Conference in San Francisco overnight the Microsoft's Corporate VP Trustworthy Computing told ITWire exclusively that an API attached to the Windows firewall or anti-virus software could send a 'health certificate' to websites indicating its patches were up-to-date and it was not infected.

'It's prevention. We tell people to wash their hands, to vaccinate their kids. We do those things for a reason. We've given people the advice before, but sometimes telling them is not enough,' he said.

Charney's proposal is also aimed at US law makers at a time when governments around the world are grappling with cyber threats and growing cybercrime perpetrated by botnets. Millions of individual unsuspecting computers are believed to controlled by criminal gangs to execute spam, phishing and other attacks.

Howard Schmidt, cyber security coordinator at the White House, said Charney's 'self-healing, self-detection, self-solving of consequences model' had merit.

'Looking at a model that helps facilitate that is a big plus,' Schmidt said.

Charney's change of strategy comes as Australian ISPs adopted the volunteer icode (www.icode.net.au) in December. The code works along the lines he proposed last year.

Then he proposed unprotected and out-of-date PCs be quarantined from the internet by ISPs until they had been returned to an optimum state.  ISPs would then tell their customers the PCs needed fixing.

This is how the icode works in Australia with the additional requirement that ISPs tell Australian authorities if their client traffic is distributing malicious code or threatening the networks.

Charney applauded the Australian scheme but said there was opportunity to do more.

'It's still a reaction model because the ISPs wait until there is a problem. Vaccines work before there is a problem. It is important to be reactive and kudos for the Australian ISPs for doing that, but there's also an opportunity to be proactive so why don't you tell us you're passed the hygiene test?'

Symantec CEO Enrique Salem told ITWire 'everyone has to have a role'.

'The website has to absolutely have a role in it, but the user has to have some control. I also think the ISPs also have a tremendous key role because they have absolute visibility of what's on their network,' Salem said.

When pointed out that a reason for 'unhealthy' PCs is unpatched Windows vulnerabilities, Charney said the company had reduced them but achieving zero vulnerability was unrealistic.

'Absolutely reducing vulnerabilities is important. Since our adoption of the security product lifecycle our products have been reducing the number of vulnerabilities. We will not reduce vulnerability to zero. Systems are designed by people - just like we still have defects in cars.

'Secondly, as we've got more secure the attackers have moved up to application layer stacks and as we and Adobe and everyone else got more secure, they've moved up to people into social engineering.

'Even if we got it to zero, we still wouldn't solve the malware problem.'

 

FREE CLOUD BACKUPS MANAGEMENT WEBINAR

Are your technicians spending too much time just managing your clients cloud backups?

Backups are an important part of any IT business but they should not consume more than their fair share of time and money.

Discover how to reduce the amount of time & money spent managing your Cloud Backups during this Free Webinar.

REGISTER FOR FREE WEBINAR!

FREE NETWORKING SERVICES CASE STUDY

As one of the world’s largest social networking services, Facebook handles a lot of user information, and requires input from an astounding range of stakeholders 24 hours a day, 7 days a week — from both inside and outside the business.

Discover how Facebook was helped to connect remote employees, vendors, consultants, and partners to applications and web services quickly and reliably - without risking sensitive data.

GET CASE STUDY!

GET THE IT BUDGET YOU WANT

Explore your Network Treasure Trove to get the IT Budget you want

With Australian businesses projected to spend over $78.7 Billion why does it feel like you can never get the budget you need?.

In most cases your budget will get approved because the proposals are not only technically correct, but also provide good, credible evidence on how the spend aligns with key business objectives.

Did you know that your Network Monitoring tool can help you build a comprehensive business case without an MBA?

HERE ARE 8 TIPS TO GET THE IT BUDGET YOU WANT.

CLICK HERE!

Connect

 

 

 

 

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities