Using the same logic as when its earlier server products disallowed connections to the office intranet when certain PCs were not using up-to-date protections and other current software, Microsoft is now stating that all PCs should be given a test to assess suitability for connection to the internet.

Microsoft states that this method mirrors designs used by public health organizations, and would stop the botnets that are currently prevalent in parts of the world.

From the BBC Technology website we see a story about the access of information being granted by a medical style gateway, and the warning that botnets can contain millions of machines.

Virus-infected computers that pose a risk to other PCs should be blocked from the net, a senior researcher at software giant Microsoft suggests.

The proposal is based on lessons from public health, said Scott Charney of the firm’s Trustworthy Computing team.

No one wants bad things to happen on the internet (well, almost no one), but the problem is that too many times Microsoft’s proposals are as difficult to implement and as costly as many of the U.S, government’s ideas on immigration. There is a limit to what can be done in each case before costs and time considerations become a stopping point, and everything clogs, like a misbehaving drain in a Drano commercial.

It is designed to tackle botnets – networks of infected computers under the control of cybercriminals.

Putting machines in temporary quarantine would stop the spread of a virus and allow it to be cleaned.

"Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society," he said in a blog post.

The problem, as always in schemes like this, is assigning who, or what, will be the final arbiter of when the machines will be checked for compliance, how often, and who will oversee the process. Agreements on terms are difficult, and always full of trepidations about unfair exclusions and possible advantages of others.

"In the physical world, international, national, and local health organisations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others.

"Simply put, we need to improve and maintain the health of consumer devices connected to the internet in order to avoid greater societal risk."

And, as the current runaway status of several diseases shows, the best efforts of men to curtail them does not work – simple as that.

Health test

Botnets have become the scourge of the internet and a favourite amongst cybercriminals.

Computers are recruited into a network when they become infected with a virus. These are commonly distributed by criminals as attachments in e-mail messages, and as software downloads masquerading as legitimate programs.

Networks can consist of a few hundred to a few thousand Windows machines. However, some can contain millions of PCs.

The networks are usually under the control of criminals who commonly hire them out to others for various means including pumping out spam or mounting "denial of service" attacks against websites.

I have to ask how many have been directly affected by a machine that could be easily identified as infected, or controlled by an infected machine.  The current scare tactics used are fine for those selling antivirus solutions, as they aid in sales of the products, but when it comes to brass tacks, there are no figures we can really rely upon – all the estimations are nebulous.

"Commonly available cyber defences such as firewalls, antivirus and automatic updates for security patches can reduce risk, but they’re not enough," wrote Mr Charney. "Despite our best efforts, many consumer computers are host to malware or are part of a botnet."

This is usually because the machines affected have not had the scrupulous use of the above mentioned items – careless operation of almost anything can lead to major difficulties. There is no panacea, but education could certainly do as much as the type of control that this Microsoft blogger is suggesting, and for less expense.

His proposal, presented at the International Security Solutions Europe (ISSE) Conference in Berlin, Germany, is for all computers to have a "health certificate" to prove that it is uninfected before it connects to the net.

"Although the conditions to be checked may change over time, current experience suggests that such health checks should ensure that software patches are applied, a firewall is installed and configured correctly, an antivirus program with current signatures is running, and the machine is not currently infected with known malware," he wrote in the accompanying paper.

If the health certificate indicates a problem the computer could be prompted to download a missing patch or update its anti-virus settings.

"If the problem is more serious (the machine is spewing out malicious packets), or if the user refuses to produce a health certificate in the first instance, other remedies such as throttling the bandwidth of the potentially infected device, might be appropriate."

However, he said, that cutting people off the internet entirely "could well have damaging consequences".

"An individual might be using his or her internet device to contact emergency services and, if emergency services were unavailable due to lack of a health inspection or certificate, social acceptance for such a protocol might rightly wane.

"But much like a cell phone may require a password but still allow emergency calls to be made even without that password, infected computers may still be permitted to engage in certain activities."

This is far too “Big Brother-y” for my tastes, as once again, someone or something controlled by that someone, is the final arbiter of access to something that should be free. It is too important. It is like stating that people who have an airborne illness should have their access to air removed. Throwing out the baby with the bathwater is not a solution we can live with.

Perhaps the internet is one place where a “wild west atmosphere” should prevail – simply because infringing on anyone’s ability to get to it can have dire affects.

Global attacks

Graham Cluely, of security firm Sophos, said that some ISPs had previously throttled some users suspected of having infections.

"They knock off users who look like they are sending large numbers of spam e-mails – an indication of being part of a botnet," he told BBC News.

Whilst it solves the problem, he said, it can cause problems for computer users.

"The challenge then is what the poor old user does," he said.

"They can’t get on the net to download fixes."

He also said that there was a danger that many people would think that any message telling them that they had an infection on their machine was a scam.

The approach is used around the world. In Japan, for example, more than 70 ISPs have formed the Cyber Clean Center, which contacts users and provides security software to prevent further infections.

Other initiatives exist in France and Australia.

Microsoft said that to make its plan work it would need four steps, including defining a health computer, creating a trusted system for health certificates and finding a way for ISPs to process and act on them.

Relevant legal frameworks would also be needed, it said.

There, as the saying goes, is the rub…

But Mr Cluley questioned whether Microsoft was best placed to recommend such security measures.

"Microsoft doesn’t have a faultless record when it comes to security," he said.

"It has improved over the years, but every month they have to release a package of updates.

"There may be some who would say that Microsoft shouldn’t be on the internet until they get their own house in order."

No, Microsoft is hardly in a place to be the arbiter of any of this, and not based solely upon security considerations. Finding, or selecting, a group to do this, and monitoring its progress, would be possibly more costly than allowing the wild west atmosphere to continue.

The calculations of what might happen either way are far too difficult, with too many variables, and as in multivariable calculus, not everyone is equipped to help with the answers.


Be nice to people on your way up because you’ll meet ’em on your way down.

Wilson Mizner

Download Opera – A faster and more secure Web browser.