homepage Welcome to WebmasterWorld Guest from 54.198.224.121
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Home / Forums Index / Microsoft / Microsoft Corporate
Forum Library, Charter, Moderators: bill

Microsoft Corporate Forum

    
Microsoft: Bot Infected PCs Should Be Quarantined
engine




msg:4091519
 4:54 pm on Mar 4, 2010 (gmt 0)

Microsoft: Bot Infected PCs Should Be Quarantined [news.cnet.com]
Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, suggested that the security industry should follow the health care model of quarantining infected PCs to prevent them from being used to send spam and conduct denial-of-service attacks.


Scott Charney: When people get diseases and they run the risk of contaminating other people the medical community has devised mechanisms to help ensure the public's health. It's a combination of inspection, quarantine, and treatment.


In the enterprise in computers we do it today, we have Network Access Protection...The theory is if a machine is known to be infected do you want it to connect to the network and infect everyone else?

 

kaled




msg:4091569
 5:47 pm on Mar 4, 2010 (gmt 0)

I said much the same thing in a discussion a couple of years ago. ISPs could easily detect when spam is being sent, revoke send-mail rights, notify the user and tell them to fix the problem and use webmail to send urgent emails.

Detecting computers taking part in DOS attacks may be trickier but in many cases, these computers will be used to send spam far more anyting else.

Kaled.

engine




msg:4091592
 6:10 pm on Mar 4, 2010 (gmt 0)

I've often wondered why, if these are PCs running Windows, why Microsoft cannot just shut down the PC on a Tuesday update.
Perhaps there's the issue of a compromised machine won't allow itself to be shut down. Perhaps the machine is sufficiently hidden to avoid detection. It can't be a privacy issue, because the machine is already compromised.

JS_Harris




msg:4091631
 7:15 pm on Mar 4, 2010 (gmt 0)

Bot infected PC's should be deloused by their owners, I don't buy into the notion that 3rd parties should have any access or rights to control anything on my machine.

lammert




msg:4091636
 7:20 pm on Mar 4, 2010 (gmt 0)

The ISP I often use blocks client connections if the ISP detects that SPAM or DDOS attacks are originating from that connection. Their Abuse department then helps the customer with instructions about how to clean the PC. They also offer free virus scanners, and firewall software to all their clients and run server based virus scanners on all incoming and outgoing emails. I thought this was common practice with most ISPs...

g1smd




msg:4091638
 7:22 pm on Mar 4, 2010 (gmt 0)

Once there's a shut down mechanism in place, there's many more things it can be used for by whoever is in control.

kapow




msg:4091645
 7:29 pm on Mar 4, 2010 (gmt 0)

why Microsoft cannot just shut down the PC on a Tuesday update
That is my interpretation of this.
If Microsoft could be trusted with such power it would be a great idea. But how long before they use that power to shut down a suspect terrorist, then to shut down a parking offender, then someone whos windows licence isn't up to date, then someone who doesn't like the latest special offer.

incrediBILL




msg:4091684
 8:50 pm on Mar 4, 2010 (gmt 0)

Since MS opened the door on this...

Using the health care model as a metaphor, MSIE should be destroyed, put down like a rabid animal, as it's highly susceptible to infections with no hope of any cure in sight.

IanKelley




msg:4091696
 9:13 pm on Mar 4, 2010 (gmt 0)

You might say that MSIE itself is the infection, it being the primary cause of so much PC sickness. Similar to an autoimmune virus...

The quarantine idea makes a lot of sense but there are some issues...

First, less than scrupulous ISPs (read Comcast) could use it as a way around neutrality.

Given their track record they would almost definitely flag file sharers and other users who they felt were using too much bandwidth as "infected".

Second, the extra packet sniffing could raise ISP's costs significantly and privacy advocates are never going to like the idea of individual packet inspection and the logging that tends to go along with it.

Hugene




msg:4091734
 9:44 pm on Mar 4, 2010 (gmt 0)

Home users don't have the financial means nor the time or spare machines to do this. I know my PC at home is infected with something, so it's turned into a streaming / downloading machine only. I don't even use it access emails. I switch to Linux for anything remotely personal.

rise2it




msg:4091780
 11:18 pm on Mar 4, 2010 (gmt 0)

"Bot infected PC's should be deloused by their owners"

True...but just as there are some that sit back and for the 'gubment' to fix all of their problems, they also expect Microsoft and their antivirus to solve/fix all of their computer problems.

artek




msg:4091782
 11:26 pm on Mar 4, 2010 (gmt 0)

The quarantine idea makes a lot of sense but there are some issues...


... like who is going to pay for it. [webmasterworld.com]

incrediBILL




msg:4091790
 11:42 pm on Mar 4, 2010 (gmt 0)

Home users don't have the financial means nor the time or spare machines to do this.


Not a problem.

Some people can't maintain their autos either and when they go belching down the road they get sent home by the police until they can afford to repair the car.

If you're an egregious polluter, either on the road or the internet, and can't afford to fix the problem then you don't get to come out and play.

Quite simple really.

Another alternative to cleaning the PC is simply reload it with Ubuntu, Firefox or Chrome, and Open Office.

Problem solved and it'll run faster.

UserFriendly




msg:4091811
 12:18 am on Mar 5, 2010 (gmt 0)

About time, but it'll never actually happen.

People know they're not supposed to turn up to the office when they're infectious, but they do anyway. The problem is, people are morons (on average). And there's no FDA-approved cure for that.

graeme_p




msg:4091918
 5:15 am on Mar 5, 2010 (gmt 0)

I know my PC at home is infected with something, so it's turned into a streaming / downloading machine only. I don't even use it access emails. I switch to Linux for anything remotely personal.


You are part of the problem, and demonstrate exactly why we need measures like this. You protect yourself by limiting use of the infected PC, but it is still sending spam to the rest of us, taking part in DDOS attacks, or whatever.

If Microsoft could be trusted with such power it would be a great idea. But how long before they use that power to shut down a suspect terrorist, then to shut down a parking offender, then someone whos windows licence isn't up to date, then someone who doesn't like the latest special offer.


Rather like the British government using investigatory powers it took to "fight terrorism" to gather evidence in cases of failure of clear up after dogs?

If you're an egregious polluter, either on the road or the internet, and can't afford to fix the problem then you don't get to come out and play.


Exactly, and,as I said on the thread on who should pay for it, fine them, or allow the victims to sue them (if the victim of a DDOS attack could sue any owner of a participating machine for statuary damages of , say a few thousand dollars, it would create a good incentive to keep your PC secure)

ppc_newbie




msg:4091937
 6:38 am on Mar 5, 2010 (gmt 0)

The Aussies are already considering it, but would you really trust a government to run their programs on your computer.

And of course Joe Public that just plugs in a computer & surfs away will never become technically savy enough to even know something is wrong.

Computers with viruses could lose their internet access
A new industry code that has been designed to control and prevent the spread of PC contamination throughout Australia could see any computer infected with a virus being refused access to the internet.

It has been reported that an operate-or-legislate ultimatum to identify computer systems that have become “zombie” computers and are being used for cyber-crime has been issued to the internet industry by the Federal Government.
[broadbandexpert.com.au...]

The ISPs are already complaining about costs & killing network speeds with the current proposal for an internet filter which looks to be expanded to millions of blocked sites. Adding more load on the ISP networks will only make things even worse.

IanKelley




msg:4091939
 7:02 am on Mar 5, 2010 (gmt 0)

Letting the government "solve" problems inevitably just makes things more expensive.

graeme_p




msg:4091951
 8:30 am on Mar 5, 2010 (gmt 0)

Adding more load on the ISP networks will only make things even worse.

Blocking zombies will remove load. ISPs are reluctant to act for fear of losing customers, if they can say the law forces them to, and any ISP will do the same, it will reduce that threat.

IanKelley




msg:4091974
 9:25 am on Mar 5, 2010 (gmt 0)

And increase the price of connectivity. Forcing ISPs to do extra processing on every single packet would create far more load than botnets are adding to the network... and that's assuming it would even get rid of zombies, which it wouldn't, it would just be another step in the arms race.

piatkow




msg:4092001
 10:22 am on Mar 5, 2010 (gmt 0)


I don't buy into the notion that 3rd parties should have any access or rights to control anything on my machine.

Quite right, but neither do we have the right to put infected machines on the net. It is down to ISPs to quarentine infected locations until the owners fix them.

engine




msg:4092086
 2:36 pm on Mar 5, 2010 (gmt 0)

Blaming Microsoft, or removing Microsoft will not provide the solution. If it's not Microsoft's O/S, it'll eventually be someone elses.

For sure, governments are not going to be the ones to deal with this, though legislation or advice.

It should be possible to identify the offending machines, via the ISP. as the average Joe surfer may not even know their machine is infected.

How are we to leave it, as it is or find a solution?

jdMorgan




msg:4092167
 4:31 pm on Mar 5, 2010 (gmt 0)

I think the cost argument is a red herring; I would think that an ISP could simply "sample" packets from each of their customers over time -- for example, sample packets for a few randomly-scheduled minutes a week, and notify those whose machines seem to be zombied using an ISP-side redirect on initial connection. If the customer doesn't respond, then the ISP could rightly decide whether they wanted to retain that customer, or perhaps limit that machine's bandwidth and/or access to mail services.

With all of the free malware detectors and fixers available on-line today, there's simply no excuse to allow a compromised machine on-line.

Jim

yaix2




msg:4092214
 5:23 pm on Mar 5, 2010 (gmt 0)

Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, suggested that the security industry should follow the health care model of quarantining infected PCs to prevent them from being used to send spam and conduct denial-of-service attacks.


Or, you could do your job and publish software without so many known security holes.

Blaming Microsoft, or removing Microsoft will not provide the solution. If it's not Microsoft's O/S, it'll eventually be someone elses.


No, it actually is MS. It is the underlaying software architecture of Windows. It is teaching the Windows users to click on any executable to "install" a program (that's the OS's job!). It is the not fixing of known bugs in MS software (especially their browser).

I am not a "MS hater", but it actually is them to blame. Too much marketing tricks, to few technology.

engine




msg:4092221
 5:39 pm on Mar 5, 2010 (gmt 0)

FYI [blogs.zdnet.com...]

It happens to Apple O/S, too. ;)

Someone will exploit some other dominant O/S if it wasn't Microsoft.

kapow




msg:4092256
 6:31 pm on Mar 5, 2010 (gmt 0)

Rather like the British government using investigatory powers it took to "fight terrorism" to gather evidence in cases of failure of clear up after dogs?

Exactly! Power is too big a drug to be trusted to the powerful (think Smeagol).

I really like the idea of remote isolation of infected machines. But such power should only be in the hands of those who cannot gain from it (not corporates, not governments...).

How about voluntary signup to an open non-profit 'Keep my computer safe' system? On detection of high volume spam or DDOS activity: "This computer is infected and is not allowed on the internet until safe. You may access any of the following neutral cleaning tools in the meantime"

Now I start to think about it. It is probably critical that an open neutral org does this BEFORE governments say they 'have to'. You just know what governments would say its for and then what they would later use it for. I would pay a few pounds to support such an open neutral org, and I bet a few million others would too.

JS_Harris




msg:4092312
 7:41 pm on Mar 5, 2010 (gmt 0)

Home users don't have the financial means nor the time or spare machines to do this.


I'm a home user with means and spare time so that statement is inaccurate. The point however was that 3rd parties shouldn't have access to home computers for ANY reason unless explicitly authorized by the home user. Heck, many major security holes are happening because of 3rd party interactions to begin with!

wrgvt




msg:4092408
 11:54 pm on Mar 5, 2010 (gmt 0)

How do you fix an infected machine? You need to download something from the internet.

Last infection I had, I did enough research online to figure out that I needed to download HitMan Pro. The infection before that, I needed Malwarebytes. My McAfee and Ad-Aware installations couldn't find or fix either of these problems.

I'm pretty tech savvy. When your non-savvy user loses his internet access because he has an infected machine, who is going to help him? The ISP? Surely, you're not serious. Their AV company? Useless if their software doesn't find the problem. Microsoft? Laughable.

What you'll end up with is lawsuits by the score and ISPs backing down with time and money wasted.

incrediBILL




msg:4092485
 3:05 am on Mar 6, 2010 (gmt 0)

who is going to help him?


Geek Squad - and the ISP should give them a $50 coupon toward the service ;)

yaix2




msg:4092575
 10:50 am on Mar 6, 2010 (gmt 0)

It happens to Apple O/S, too. ;)


They only speak about updates there, not exploits. And even if an Apple user clicked on some Trojan Horse program, it would only infect that user, not the system.

Seb7




msg:4092709
 9:58 pm on Mar 6, 2010 (gmt 0)

I recently discovered a couple machines here frequently sending out emails. AVG was up-to-date, and a complete scan was finding nothing. I happening to know this because I can see the blocks of SMTP use every 10mins in our modem log files.

One of my first thoughts was, how long has thing been going on? Our ISP had already charged us quite a lot extra for over internet usage, how much of this was SMTP?. Any teckie working at an ISP looking at traffic would already know this is happening everywhere, why do they let this happen?

The problem is, if an ISP did block this, they would not be able to cope with the large amount of support calls, and the misery put on the customers to sort it out would be quite a problem.

I do feel ISPs could easy setup an automated service that warns customers of excessive SMTP use. Or the modem they supply could easy have this function built in.

Personally, I’m still unable to find the processes within our machines which is presumably sending out spam, so I blocked port 25 on our modem. Like most people, we use web mail anyhow.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft Corporate
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved