Microsoft: Ban infected PCs from the web

Microsoft Senior Executive Scott Charney in an address at the Information Security Solutions Europe (ISSE) Conference in Berlin, suggested that ISPs ban users whose computers have detected virus infections.

The industry should implement a global collective defence of Internet health much similar to practice in the world of public health, he said.

Mr. Charney also discusses his proposals for a framework to categorise and assess online cyber threats in a white paper — Collective Defense: Applying Public Health Models to the Internet — published by Microsoft in PDF format and downloadable here:

In the paper, Mr Charney discusses how commonly-available cyber defences such as firewalls, antivirus and automatic updates for security patches can reduce risk, but contends that they're not enough, and that despite best efforts, many consumer computers are
still infested with malware or part of botnets that can provide criminals with a relatively easy means to commit identity theft or to facilitate attacks on government infrastructures or financial systems.

In a blog entry entitled "The Need for Global Collective Defense on the Internet," Mr. Charney
says that just as individuals who are not vaccinated put others' health at risk, computers that are not protected or have been compromised with a bots put others at risk and pose a threat to society.

He notes that in the health field, international, national, and local health organisations identify, track and control the spread of disease, and can where necessary quarantine people to avoid the infection of others.

Implementation of a "public health model", he says, is needed to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk, providing governments, the IT industry, ISPs, users and others the wherewithal to assess the health of consumer devices before granting them unfettered access to the Internet or other critical resources. And that, while voluntary behaviour and market forces are the preferred means to address this issue, should those means prove inadequate, then authorities should be empowered to impose collective mandatory defence and pre-emption measures.