http://www.bbc.co.uk/news/technology-11483008
QuoteVirus-infected computers that pose a risk to other PCs should be blocked from the net, a senior researcher at software giant Microsoft suggests.
The proposal is based on lessons from public health, said Scott Charney of the firm's trustworthy computing team.
It is designed to tackle botnets - networks of infected computers under the control of cybercriminals.
Putting machines in temporary quarantine would stop the spread of a virus and allow it to be cleaned........ (more)
I think they are right, the only downside would be a false positive detection.
So who pulls the plug? I don't think ISPs will want to deal with irate customers in such a fashion. Can't see it happening.
I've long thought that Windows should prevent users connecting online if they don't have up to date security and virus protection, so this would be a step in the right direction, in my opinion.
Where is it proposed the computer is blocked?? If Windows decides locally, then maybe it should be clever enough to download and run the appropriate cleaning tool. If remotely, prehaps the user should be redirected to the appropriate tool and not allowed anywhere else.
*shudders at the thought*
Virus detected on drive C:.
Preparing to Format this volume to correct.
Access to the internet will be lost on this pc during this 'fix'.
Press any key to continue...
Good job I've not got an 'any' key! :P
I think this is a sales pitch to get ISPs to take up Windows Server 2008 R2 and the Network Access Protection feature which 'quarantines' a PC while patches are downloaded to it and applied.
Ironically, it's usually Microsoft OS that are sick. :eek4:
They are much better than they used to be
QuoteWindows-infected computers that pose a risk to other PCs should be blocked from the net, a senior researcher at software giant Microsoft suggests.
The proposal is based on lessons from public health, said Scott Charney of the firm's trustworthy computing team.
It is designed to tackle botnets - networks of infected computers under the control of cybercriminals.
Putting machines in temporary quarantine would stop the spread of a virus and allow it to be cleaned........ (more)
I thought this quote might have come from Linux and Apple users. :evil:
To make this work every ISP would have to have a server with the latest OS patches and virus defininitions on it that the auto updaters would be redirected to or alternatively the routing could be restricted to the OS vendor and AV company update servers.
I don't see the ISP community going a bundle on the former.
Quote from: cavillas on Oct 07, 2010, 13:17:13
I thought this quote might have come from Linux and Apple users. :evil:
That's a bit cynical,Alf. :whistle:
I did think that first myself Mick
Quote from: cavillas on Oct 07, 2010, 13:17:13
I thought this quote might have come from Linux and Apple users. :evil:
Well Microsoft do use both............ :evil:
In principle, I agree with the concept. I've long thought that the only safe way to let some people online is to give them a dumb terminal.
I suspect the network quarantine concept will take off in time but will require the big ISP router vendors to co-operate on a standard (or most likely Cisco will create the standard and have it adopted through the IETF) and of course ISPs will have to purchase new kit or apply a new licence key to the OS to unlock the feature.
To be honest, if it did go ahead, they'd have to proceed in the same manner companies like NC do with identifying cheaters in games.
First there is a report; in games this is usually from other users, in this case we can have some flags throw up from a large amount of spam being sent, or significant data flow to particular sites or ports.
Second, there has to be a monitoring of this. It can't be trigger happy like BT's profiling. If it is repeated over a period of time this user should then be flagged to ISP staff by various monitoring computers.
Third, most importantly, most expensively, and probably the slowest of all three steps, a Real Person (tm) will have to investigate this to ensure this is not an erroneous flag and there is indeed potentially malicious activity going on. Difficulty arises with potential spam mail -- for example, where do ISP staff stand legally at looking at customers email? I don't know. What about packet monitoring? I think there are ways to be reasonably sure dodgy activity is going on without actually looking at the packet contents of course, but you cannot be 100% sure. Once the Real Person (tm) has confirmed this red flag, warnings should be sent to the customer and given a reasonable period to respond and or fix this. In a set time period, the IP should be checked again, and then appropriate action taken.
Like the law system, I'd rather have a few infected systems avoid the net than catch lots of innocent users with a slightly imperfect algorithm banning users with abandon.
Um. Yes, brilliant idea. Block a pc from the only possible place to cure it, seeing as MS are not happy to send their updates via the post. ;)
Get ahead of the game - install Ubuntu, Mint, Suse, Redhat, or whatever Linux distro takes your fancy before M$ make it a part of patch Tuesday :whistle:
Steve
Quote from: Technical Ben on Oct 07, 2010, 22:06:41
Um. Yes, brilliant idea. Block a pc from the only possible place to cure it, seeing as MS are not happy to send their updates via the post. ;)
I guess the idea is that the 'cure' is downloaded via another machine. Everyone has another machine, don't they? :whistle:
I can see their point. An acquaintance of mine has been infected with a virus and I'm getting spam from their email account. I told them about it and their reply? "We've run a scan and nothing was found", which basically means "We can't be bothered to do anything with our computers security".
My reply. Fine. Remove my email address from your contacts list and I'll block you with a spam filter.
Got right up my nose their poor attitude to their computers security. I'll be damned if I fix that one for them.
Tell them it is sending out their bank account numbers, they'll soon move then :evil:
:rofl: