Microsoft Security: Infected PCs Should be Banned

Viruses get their name because, like human diseases, they can spread and multiply quickly. Now, Microsoft believes some of the tactics used to protect public health should be applied to the world of technology.

Computer Virus Prevention is Key to Deterring Further Infections

The idea comes from Scott Charney, a senior figure in Microsoft's security team. He's just published a paper named "Collective Defense: Applying Public Health Models to the Internet."

In Charney's paper, he argues that while preventing individual machines from getting infected -- for example through security software -- is important, but it's not enough to tackle the problem. (Source: technet.com)

That's because once a machine is infected, it immediately poses a security risk to any other machine it connects to -- which can be millions of machines when that computer has access to the Internet.

According to Charney, the online community as a whole needs to take steps to prevent computer infections from spreading, rather than simply relying on individuals to protect their own computers.

Isolation Policy Favored by other Organizations

He likens one solution to the way schools and workplaces either encourage sick people to stay at home, or even ban them from coming in for fear that they might infect others. In turn, he argues that there's a need to "evaluate the health of consumer devices before granting them unfettered access to the Internet or other critical resources."

In the case of organizations, this already exists. Most companies or public bodies with a sensible security policy will not allow users to hook up a laptop or other device to the network unless it has been checked for viruses.

Charney goes a step further though: he believes the Internet itself should be able to scan computers for viruses when they attempt to get online and, if they discover a virus, block the machine from access. (Source: bbc.co.uk)

Policy Presents Practical, Privacy and Profit Problems

While the idea makes sense, Charney acknowledges that there are some major obstacles.

From a practical standpoint, it's hard to see how an entire machine could be scanned without causing an unacceptable delay. There's also an inevitable privacy concern when any company gets access to a private computer.

That said, it's very difficult to foresee how this could actually work. Any Internet Service Provider (ISP) that brought in such a policy would risk losing customers. That's prompted Charney to argue that "voluntary behavior and market forces are the preferred means to drive action but if those means fail, then governments should ensure these concepts are advanced."