Thursday, October 14, 2010

Will Government Quarantine Our Computers?

Contained in the article below is the suggestion by Microsoft's Scott Charney concerning new security regulations that Microsoft, other software companies, and many government agencies are now proposing. And this article is a must read for anyone who owns or uses a computer.

For with this article finally a major player with a major software company states publicly what has been talked about for a long time, quarantining privately owned computers that are determined to be infected by Malware, Botnets, and Viruses from the internet.

If Scot and all the others proposing this idea have their way all of our computers will be at risk of being blocked from the internet, being shut down, or both. All in the name of security they cry, “Let’s just keep those infected computers off the net and thus stop any problems they might cause”.

The problem with this approach however is multi-faceted.

First, Who can we trust to decide that our computer should be kept from being allowed to access the internet, or worse still deserves to be shut down? I would hope most would see that we can't trust government with that job. How would we ever be certain that any "check" of our computers would be only be a check for infections and not a quick look at our data. And even if it weren't that in the beginning how would we keep that from being the final goal of government. For if there is one thing that history has taught us it’s that governments never give up any powers they assume they only push to increase those powers. So any action to “protect us” soon turns into much more.

Second, How would such a system be implemented on what is an open worldwide network work like the internet? For to ever make any kind of quarantine truly have any effect it would have to be worldwide just as access to the internet is. I can only imagine how much countries like China and Iran would love to have a hand in deciding just what an “infected” dangerous computer does or contains that justifies blocking access to the internet.

Third, Why should we as users have to worry that then next piece of buggy software, errant update, or unusual action results in our mistakenly being blackballed from the internet? Current most of the problems we have with security are related to software and hardware weaknesses that are the result of poorly written software or social engineering. These problems should be addressed by writing better software and public education not trying to impose more controls.

Fourth, If the current software companies can’t provide security for the systems and programs they already have why I’m am I suppose to believe that more such systems will provide more security? As I see it the more complexity you add to a system the more areas for problems you introduce.

So Mr. Charney I will tell you that I’ll willingly allow you and all your software and government buddies to block or miss around with my computer about the time you allow me to access yours. And I would suggest that you and the rest of this bunch of control from the top advocates make your software, hardware, and networks safer by doing your jobs and fixing the problems you foster onto us that cause most of the problems in the first place.

Amplify’d from
Microsoft Official Suggests Quarantining Infected PCs
Infected PCs should be quarantined by government action, Microsoft's Scott Charney told a security conference in Germany. Charney's quarantine recommendation is especially aimed at botnets. The Microsoft vice president said voluntary efforts are preferred, but then government should act while preserving privacy. Charney cited existing models.

Charney also made the recommendation on his blog and in a paper published by Microsoft. His recommendation is based on lessons from public health, where quarantining people can be an effective response to a virulent virus outbreak.

'Considerable Paralysis'

His solution is particularly directed at combating botnets, where organized cybercriminals control entire networks of computers.

On Microsoft's TechNet blog, Charney wrote that most computer-security experts believe "a persistent adversary will more often than not be successful in attacking systems," particularly if "raising defenses" is the only response.

Because of this, he argued, attention needs to be paid to deterring these attacks -- especially by government agencies, which have the power Relevant Products/Services to investigate criminal activity and utilize a wide range of tools and resources. But, he added, neither governments nor industries are "well-positioned" to respond to such a complex threat, and, as a result, "there is considerable paralysis."

The implementation of public-health models, Charney argued, could be the best approach. Firewalls, antivirus tools, and automatic updates for security patches can reduce risk, but many consumer computers still become unwitting participants in a botnet or malware hosts.

"To realize this vision," he wrote, "there are steps that can be taken by governments, the IT industry, Internet access providers, users and others to evaluate the health of consumer devices before granting them unfettered access to the Internet and other critical resources."

Privacy Measures

He wrote that voluntary efforts and market forces for such quarantining are preferred, but, "if those means fail, then governments should ensure these concepts are advanced." Charney added that privacy must be maintained, even in the event of a quarantine of computers. "Examining health is not the same as examining content," he wrote, adding that communication of health is separate from communicating identity, and privacy measures should be maintained.

Charney pointed to several existing models for industry and government action to improve the health of Internet-connected systems.

France's Signal Spam is a database used by public and private entities to help clean up the e-mail ecosystem. Japan's Cyber Clean Center is a core organization which works with Internet service providers to analyze the characteristics of botnets, clean infected computers, and prevent their re-infection.

The Finnish National Computer Emergency Response Team manages an aggregation service that automatically compiles information on malware and security incidents on Finnish networks and reports them to network owners, which can then choose to act. Charney also noted that enterprise Relevant Products/Services IT departments already often quarantine infected computers.


No comments: