The Need for Global Collective Defense on the Internet

Posted by Scott Charney
Corporate Vice President, Trustworthy Computing
 
For more than two decades, people have struggled to understand the cyber threat, evaluate the risks to individuals, organizations (including nation-states), and society at large, and craft appropriate responses. Although many organizations have invested significantly in information assurance, most computer security experts believe that a well-resourced and persistent adversary will more often than not be successful in attacking systems, especially if raising defenses is the only response to an attack. For this reason, increasing attention is being paid to deterring such attacks in the first instance, especially by governments that have the power to investigate criminal activity and use a wide range of tools to respond to other public safety and national security concerns.
 
Notwithstanding this emerging discussion, it appears to many people that neither governments nor industry are well-positioned to respond to this highly complex threat and that, from a policy and tactical perspective, there is considerable paralysis. In my Rethinking Cyber Threats and Strategies paper I discuss a framework for categorizing and assessing cyber threats, the problem with attribution, and possible ways for society to prevent and respond to cyber threats.
 
In my speech today at the International Security Solutions Europe (ISSE) Conference in Berlin, Germany, I proposed one possible approach to addressing botnets and other malware impacting consumer machines.  This approach involves implementing a global collective defense of Internet health much like what we see in place today in the world of public health. I outline my vision in a new position paper Microsoft is publishing today titled “Collective Defense: Applying Public Health Models to the Internet.”
 
In the paper I discuss how commonly available cyber defenses such as firewalls, antivirus and automatic updates for security patches can reduce risk, but they’re not enough. Despite our best efforts, many consumer computers are host to malware or are part of a botnet. “Bots,” networks of compromised computers controlled by hackers, can provide criminals with a relatively easy means to commit identity theft and also lead to much more devastating consequences if used for an attack on critical government infrastructure or financial systems.
 
Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society.  In the physical world, international, national, and local health organizations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others.  Simply put, we need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk.  To realize this vision, there are steps that can be taken by governments, the IT industry, Internet access providers, users and others to evaluate the health of consumer devices before granting them unfettered access to the Internet or other critical resources.
 
Cyber security policy and corresponding legislation is being actively discussed in many nations around the world and there is a huge opportunity to promote this Internet health model.  As part of this discussion, it is important to focus on building a socially acceptable model. While the security benefits may be clear, it is important to achieve those benefits in a way that does not erode privacy or otherwise raise concern. 
 
With both security and privacy in mind, the following statements reflect proposed principles for progress outlined in my paper and are intended to help guide stakeholders’ efforts, promote action, address challenges, and influence future initiatives. 
 
•         The risk that botnets present to Internet users and critical infrastructures must be addressed.
•         Collective defense can and should be used to help improve the security of consumer   devices and protect against such cyber threats.
•         A public health model can empower consumers and improve Internet security.
•         Voluntary behavior and market forces are the preferred means to drive action but if those means fail, then governments should ensure these concepts are advanced. 
•         Privacy concerns must be carefully considered in any effort to promote Internet security by focusing on device health.  In that regard, examining health is not the same as examining content; communicating health is not the same as communicating identity; and consumers can be protected in privacy-centric ways that do not adversely impact freedom of expression and freedom of association.
 
Within the current legal and political landscape, and with the current state-of-the-art in technology, there are collective defense actions we can take now and we should commit to continued cooperation, collaboration and investment to fully leverage current tools and technology.  With examples like France’s Signal Spam or Japan’s Cyber Clean Center as models, industry and governments need to build upon the successes to more systematically help improve and maintain the health of Internet connected systems and to disrupt cybercrime and other threats to individuals and society. 
 
For its part, Microsoft looks forward to continuing to provide and promote research and development that will make system scanning and cleanup more cost effective, along with looking to solve current technical barriers. We will also advocate for legislation and policies worldwide that help advance the model, but does so in a way that advances principles supporting user control and privacy.

Comments

• Anonymous
  October 05, 2010
  Oh no you didn't just go there! Thanks for the blog fodder for my website! Microsoft touting removing unsecure PCs from the Internet and networks?? By that logic we need to remove every machine running Windows!  Great job Microsoft!

• Anonymous
  October 05, 2010
  The comment has been removed

• Anonymous
  October 05, 2010
  If Microsoft isn't competent enough to make software that is safe, how are they going to be able to make an Internet quarantine that works?

• Anonymous
  October 05, 2010
  There are many false positives for malware or your computer parts especially in older comps. This idea is plainly absurd because of privacy and the unethical taking away of our freedom. Microsoft I demand that you throw away this plan and then quit your jobs. This idea shouldn't have gotten farther then the trash can where it belongs. First of all semantec has problems with windows firewall and other parts of the system. Some people cannot afford go buy one or really need one for rare Internet uses. If this is put in place all free anti-malware services will most likely dissapear because of some stupid regulations. How about you go and actually make laws in Spain where bot nets are allowed to operate? Pathetic microsoft but of course your next OS will only be leased to buyers because like most companies you are controlling and corrupt.

• Anonymous
  October 05, 2010
  "Lead by example". You can't just ask a "digital quarantine" of all infected devices when almost 100 per cent of all systems that are part of a botnet are using Windows as their main operating system. You want isolation? Fine, integrate it in the next version of Windows and: 1) Try to convince the consumers that this is necessary, and 2) Deal with the fact that you'll have to lock-down your own product to keep the Web "safe". Do it yourself Microsoft, do it if you dare, just don't go around asking for a "global solution". There's one tiny little thing called "net neutrality", and no, you can't mess with it.

• Anonymous
  October 06, 2010
  Good idea! Get all Microsoft machines off the internet once and for all. How did you manage to type all that without getting the blue screen of death at least three times?

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  Why not? When Police can shut down your car because it is not safe for traffice anymore, why not do it for computers too? People should take some responsibility and maintain their computers. Like they do for their cars.

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  I wonder if the author believes his own tripe, or is cynically pushing these ideas out there on behalf of his superiors. It is no secret that certain groups are now desperately grasping for any control they can impose over the internet, and any "threat" they can invent to justify it. Of course it must be a "global" threat, so we can impose a "global solution." Gee, where have I heard that before? Your repeated use of terminology such as "global" and "collective" gives you away, sir. And the vaccine analogy as well. Very tasteless, especially considering the staggering loss of credibility suffered by vaccine manufacturers and public health officials in the last couple of years. I remember that talking point from the old H1N1 hysteria last year. "Un-vaccinated people make everyone else unsafe." Sounds reasonable, until you actually think about it and realize how ridiculous it is. If the vaccines protect you, you have nothing to fear from the un-vaccinated. If anything, the vaccinated are making the un-vaccinated less safe, because in many cases they become carriers. Sounds like you've been listening to Mr. Gates a little too much. Have you attended any CFR meetings recently? Do you share his opinions on population reduction? PS. the irony of a Microsoft representative complaining about the threat of infected PCs is not lost on me either. The leading cause of infection? Microsoft products. You engineer the problem then you propose the solution. Sooooooo typical.

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  As a Linux user, could you explain to me why I need to be running A/V and a firewall to be 'allowed' onto the internet?  My O/S of choice works just fine with IP Tables built into the kernel and a tried and proven 'user access control' setup.  (Unixlike permissions.)

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  MICROSOFT FIRST MAKE YOUR OS SECURE AND PROVIDE ANTIVIRUS IF YOU DO NOT KNOW WHAT TYPE OF CODE YOU ARE WRITTING : IT'S ALL YOUR FAULT YOU SHOULD BE BANNED FROM RELEASING VAUNRABLE OS/SOFTWARE

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  Just install Ubuntu Linux on your PC and forgot about Microsoft Windows. http://www.ubuntu.com/

• Anonymous
  October 06, 2010
  Well congratulations. Yuu had to know this would be a magnet for every MS-hating moron and troll on the web. And they haven't let you down.

• Anonymous
  October 06, 2010
  I assume this ties in with the signed driver model. I read this and see: WGA DRM WGA DRM WGA DRM And added bonus, we can get governments to subsidize it!

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  @ brent. Is it any wonder there are MS haters out there when a scheme like this gets proposed.  Instead of producing decent products, MS these days resorts to abusing flawed software patents to blackmail smaller companies and competitors and then come out with this plan to force every non MS approved computer off the internet.  I hope they go the way of SCO and soon!

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  I propose a better solution:

1. MS produce a Un*x based Windows with a 'Windows' interface - much like Apple have done with Mac OS X.
2. Include something like Rosetta that will provide the required crossover for the legacy apps. Let's face it, Wine is already out there and doing just that.
3. Sell it for a reasonable price - a buy in if you will - so that the majority of Windows users migrate to the more secure system. Perhaps $75?
4. As someone already pointed out, remove the user's default admin setup - ensure that a password is required for all privilege elevation. Instantly, you lose all of the current malware on the planet as it is unable to manifest itself on Un*x type machines. You get a more secure OS. Happier users and the Internet is a better place for all. Won't make the AV vendors happy, but hey - you gotta break some eggs after all... Comments?

• Anonymous
  October 06, 2010
  @PK: problem with that is that as soon as MS do that, the people who create viruses will start targeting UNIX based system (which include Linux, Mac OS X, And this new "Windows" you propose), Which means more PC's infected which means they'll have failed. Again.

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  @PK - Viruses exist for both Linux and Apple (I also assume for more flavors of *nix operating systems).   www.newswiretoday.com/.../72642 They just aren't talked about as much.

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  Simple do not use MS use Linux. Problem solved

• Anonymous
  October 06, 2010
  The comment has been removed

• Anonymous
  October 06, 2010
  There are indeed some viruses for Linux -BUT they've never succeeded in spreading due to the vastly more secure nature of the OS AND the more knowledgeable ( on average) user group. Any fool on the other hand can give themselves admin privs and install a ddodgy program - only defence against that is education. What you can't do on Linux is infect your system by clicking on a link or just browsing to a web-page or directory.

• Anonymous
  October 06, 2010
  First MS spreads the good word about computers. Then, as its star rises and it makes a fortune, a lot of other things become cheaper and cheaper. Now you would want to establish rules for who is allowed in and who is forbidden (I read my Huxley, thank you). What about you FINALLY put toteher a program that works rather than use all of us as guinea pigs? I am still running XP on an old machine (and I wish I had Win '95!!), because 4 experts I know say that it is still better than anything MS has produced thereafter. My wife has Vista, it has been a catastrophe from day one, I have spent weeks trying to get basic stuff going. By the way, folks: try to avoid arguing by analogy. That is always flawed--- automobiles and vaccinations are different from computers.  You can't argue that because we have inspections, on cars, we should have inspections on computers. It does not make any sense because of the other differences.

• Anonymous
  October 07, 2010
  So... if you take infected machines off the Internet, how do they download the security patches/updates required to rectify their vulnerabilities? Or will MS finally put out a version of Windows that won't need patching every week?

• Anonymous
  October 07, 2010
  The comment has been removed

• Anonymous
  October 07, 2010
  Upgrading the infected Windows machines to Ubuntu will solve the malware problem and make the users far more productive.

• Anonymous
  October 07, 2010
  The comment has been removed

• Anonymous
  October 07, 2010
  The comment has been removed

• Anonymous
  October 07, 2010
  Pne more thought: How about this: All you softwaristas take a vow: "We will not add on, write , or "improve" anything until we have the basic machinery going" In other words: a 5-year mopratorium on anything called new, red-flag the word "innovative" and when you have something that really is a solution, call it a solution. Don't call quickfixes to an "oops-I-forgot-that-detail" problem a solution. It is not. Oh, I am dreaming.... sorry.

• Anonymous
  October 07, 2010
  @ BRAWL: You don't. You simply chuck your PC into the boot/trunk of your car and take it to the nearest computer retailers where they will happily charge you an arm and a leg to let you take it home and use it again. However, nice one Microsoft. Given that you weren't that bothered about embracing the internet in the first place. Then you come along with your web unfriendly standards like Active X which, incidentally, gives hackers and malware writers a key to the door. Everything since XP has been a kludge. Although Win7 has gone a little way to restore faith in your ability to provide trouble free computing. I'd still like to reinstall my O/S without penalty on the machine that it was purchased with without going through the Spanish Inquisition.

• Anonymous
  October 07, 2010
  The comment has been removed

• Anonymous
  October 07, 2010
  Elevates blaming the victim to new levels. Way to go MS, abdicating your responsibility to secure your own products. You're Sorry Development Liecycle is not nearly enough.

• Anonymous
  October 07, 2010
  MS, are you going to sell security certificates for inherently unsecure machines, i mean, those running MS OSes? That may be a goldmine!

• Anonymous
  October 07, 2010
  The comment has been removed

• Anonymous
  October 07, 2010
  A other good reason to switch to Linux

• Anonymous
  October 07, 2010
  This is a terrible idea.  Instead, try educating computer users about how to surf the internet safely, set up OSs with the capability (easily found and implemented, please) to adjust user permissions so random executables are not permitted to run (something Linuxrich alluded to), and provide security fixes on a timely basis (along with information about why they are a good idea and how to install them). Microsoft should not be the gatekeeper, and when the bulk of the offending computers are running Microsoft OSs, pardon me for my skepticism about their idea for a "solution".

• Anonymous
  October 07, 2010
  While it is necessary to take measures both when micro- and macro-managing computers (connected or not, infected or not, doesn't matter), we are far from having a competent means to achieve so. At best, we could come up with a privacy-invasive scheme which would only delay the inevitable, while at the same time aggravating users. One needs to focus more on micro-managing computer malware, and achieve certain success, before trying to macromanage more.

• Anonymous
  October 07, 2010
  Although I agree with the desired result, I think it would be better if Microsoft would not go it alone on this one.  To work with the ISPs.....yes, I know, huge undertaking....but the best approach.  Possibly an intermediary who can coordinate with both Microsoft and ISPs, contact the customer, and do an orderly cleanup of the machine.  This approach may also enhance Microsoft's image a bit, make them seem a bit more human.

• Anonymous
  October 07, 2010
  @Brian 6 Oct 2010 9:33 AM "Absolutely unbelievable that the company directly responsible for making life easy for criminal types is now trying to have infected machines removed from the net." Sure it's Microsoft's problem if people don't update their software. Also Adobe's etc. And don't forget open source providers too! I really think that Microsoft itself would burn their earlier software which are not secure and this is suggestion for that. That includes XP/IE6 and so on which are STILL in use because of lazy people who simply don't update anything. There are lots of fresh options nowdays for those which are more secure.

Anyways, I actually do like this idea. Every bit of your internet connection is controllable by your ISP. If there are some major viruses spreading which uses uncommon ports or so and they can monitor it's activity, it's fairly easy to shutdown connection if it causes 'illegal traffic'. No matter what anyone says, it's doable and it should be done by every ISP. Like 90% of spam email are caused by these infected machines. It simply won't go down if something major doesn't happen in whole internet structure. This would be at least one step forward.

• Anonymous
  October 07, 2010
  The comment has been removed

• Anonymous
  October 07, 2010
  @Gerhard Goeschl "When Police can shut down your car because it is not safe for traffice anymore, why not do it for computers too? People should take some responsibility and maintain their computers. Like they do for their cars." But unlike cars, software doesn't require regular maintenance because of mechanical wear & tear so your analogy is a little weak. However, and along the same lines, I assume you'd be happy paying to have the wheels fixed back onto your car after they've dropped off - again - and would happily continue buying cars from the same manufacturer, despite the wheels dropping off every other model they've released and despite assurances with every new model appearing that this is the safest one ever. There comes a point where you have to seriously consider just how much of this you can reasonably be held responsible for fixing when really, none of it is your fault or responsibility: it's a design problem with the car itself which the manufacturer is demonstrably incapable of resolving. Me?  I simply don't drive a car from that manufacturer because I have better things to do with my time than waste it by applying sticky tape in an attempt at resolving the manufacturer's problem.

• Anonymous
  October 07, 2010
  Scott Charney should be fired immediately from Microsoft. If this is what Microsoft considers R&D, then MSFT will go down another 20% next year. What Scott Charney wrote is laughable and Steve Ballmer should fire him by 5 p.m. today.

• Anonymous
  October 07, 2010
  It's much simpler than what he suggests. If a PC running windows connects to the Internet, block it. No need for Health checks, just a simple OS detection at ISP level.

• Anonymous
  October 07, 2010
  @futurama "Sure it's Microsoft's problem if people don't update their software" If Microsoft had any real answer to the security problems designed into Windows and if the software update process worked reliably (instead of often creating more issues than it resolves) then this discussion wouldn't be taking place and there would be no malware/botnet problem. That there is still a massive Windows-related problem - after all this time - and that Microsoft is apparently serious about this health certificate/quarantine idea should only serve to indicate that it has totally lost control of its own software and is intent on blaming the user. I find this admission of defeat incredibly arrogant but hey; this is Microsoft we're talking about. Also, to quote that thoroughly over-used Microsoft buzzword - it is at least innovative to make it all the user's problem.

• Anonymous
  October 07, 2010
  MS is reinventing the wheel, that has been products on the market for years that already do it! Look at Bradford Networks ANS it has done this and more for years.

• Anonymous
  October 07, 2010
  The comment has been removed

• Anonymous
  October 07, 2010
  I have tried and tried to get hold of microsoft to find way for disabled and low income elderly to upgrade their old machines to windows 7 , but microsoft is totally unresponsive to the elderly and disabled low income segment of population.

• Anonymous
  October 07, 2010
  The comment has been removed

• Anonymous
  October 07, 2010
  Wow. Simply WOW!! It takes HUGE sized genitalia to actually work for Microsoft and claim this. Stuxnet, Conflicker and all the usual cast of viruses arent a problem on my Macbook Pro nor on the older computers in the house that were once WinXP and that we have since changed to Linux. Most tech sensible people know the truth about viruses and Microsoft's role and incompetence. Its just appaling that the BBC is running these kinds of stories. I do agree that dangerous and potentially dangerous machines should be quarantined from the net. I just dont think your bosses are going to agree to it.

• Anonymous
  October 07, 2010
  Just run Linux or Unix....Problem Solved!!

• Anonymous
  October 07, 2010
  You disgust me.  Your real motives are transparent and beneath contempt.  You propose a scheme that, as if by coincidence, implies that nobody should be allowed to access the internet without regularly paying money to Microsoft.  This has nothing to do with protecting internet users or increasing internet security and everything to do with rent-seeking. Oh, and you also believe that government should help enforce your private taxation scheme?  Your greed and sense of entitlement is sickening.  I'll do everything I can by way of political action to help ensure your vicious corrupt and wicked scheme never gets beyond square one.

• Anonymous
  October 07, 2010
  Hilarious article. Simple solution to the problem: Ditch MS Windows and run Linux. Free as in Freedom.

• Anonymous
  October 07, 2010
  The analogy with a human quarantine process is flawed. If a sick person is quarantined they are given medical assistance to help cure them, not abandoned to thier fate. Its time for some joined up thinking microsoft. You are supposed to employ some really clever people. Its a shame you don't let them out once in while.

• Anonymous
  October 08, 2010
  If we could get all PC's to run in a secure UNIX style configuration with a a bit of user education at the same time, that  would surely eliminate most problems... after reformatting and re-installing any  infected systems of course.

• Anonymous
  October 08, 2010
  Perhaps users should demand Microsoft revise its EULA (End User Licensing Agreement) to accept responsibility for Microsoft code which compromises systems and causes provable damages. You can't have it both ways: no responsibility for Microsoft and putting the government deeper into our personal lives.

• Anonymous
  October 08, 2010
  YES! I agree! But we should go further - we should cut off from the Internet, any computer on which you installed the operating system which is potentially vulnerable to computer viruses.

• Anonymous
  October 08, 2010
  YES! I agree! But we should go further - we should cut off from the Internet, any computer on which you installed the operating system which is potentially vulnerable to computer viruses.

• Anonymous
  October 08, 2010
  The comment has been removed

• Anonymous
  October 08, 2010
  >> Just as when an individual who is not vaccinated puts others’ health at risk, This makes no sense at all. If others are vaccinated, they won't be at risk. Unvaccinated people only put other unvaccinated people at risk.

• Anonymous
  October 08, 2010
  @ Anonymous 7 Oct 2010 3:32 AM "The main reason you don't see many viruses for UNIX today is because there aren't enough users on the platform for it to be worth it for those writing them." Newsflash - UNIX is the Internet, and Microsoft's activity on it is an annoying background noise - much like a petulant child. UNIX users can only hope that the child receives some much-needed discipline very soon and finally grows up.  Then it can come play with the big boys.

• Anonymous
  October 08, 2010
  The comment has been removed

• Anonymous
  October 08, 2010
  The comment has been removed

• Anonymous
  October 08, 2010
  The comment has been removed

• Anonymous
  October 08, 2010
  The comment has been removed

• Anonymous
  October 08, 2010
  The comment has been removed

• Anonymous
  October 08, 2010
  The comment has been removed

• Anonymous
  October 08, 2010
  The comment has been removed

• Anonymous
  October 08, 2010
  Don't touch my linux with your "Windoze" godammit

• Anonymous
  October 09, 2010
  Scotty you are so fired from job:)  you tool  :D

• Anonymous
  October 09, 2010
  open net join ; new topic : THE COMPANY LTD CENTER INSTITUTION ;A.B.C.D.E,& F ORGANIZATION

• Anonymous
  October 09, 2010
  dear Mic, this proposal is very interesting but there are somme issues I can't deal with , first let's start with the case i have a single PC and this PC has been Internet access denied , How could I get INFO to resolve it While I'm traveling ? Second U trying to compare the PC health world to our real world, I think It's good for some point, but U should Know that malicious code are written by smart guys and those smart guys their next target will be the certificate health, it can take longer than expect but they will find a way to by pass this.

• Anonymous
  October 10, 2010
  The comment has been removed

• Anonymous
  October 10, 2010
  The comment has been removed

• Anonymous
  October 11, 2010
  @ we-willie Bear in mind when migrating from Windows to Linux that you are used to doing things the Windows (Wrong!) way.  Therefore, make sure you plan your migration properly and have support (Either from your local Linux Users' Group or a good internet forum.) in place.  Chances are if you don't go into using Linux with your eyes open you'll become disillusioned and turn back to MS lock-in.  There is plenty of help available for the new Linux user and modern distributions are really very good!

• Anonymous
  October 11, 2010
  The comment has been removed

• Anonymous
  October 11, 2010
  The comment has been removed

• Anonymous
  October 11, 2010
  The comment has been removed

• Anonymous
  October 11, 2010
  no company has good record on computer security, it is just that apple applies its updates without the user knowing it, giving the impression that their operating system is more secure

• Anonymous
  October 11, 2010
  @George You are wrong George. Apple updates are not applied without the user knowing. The user is informed, and usually enters the administrators password to apply security update.

• Anonymous
  October 11, 2010
  If every PC was switched to the latest version of Ubuntu overnight, with everyone running as user, tomorrow there would be no malware whatsoever. Microsoft know this perfectly well. Writing successful malware for Linux is much more difficult - the file permissions system and architecture of Linux are concrete compared with the marshmallow security of Windows.

• Anonymous
  October 11, 2010
  The comment has been removed

• Anonymous
  October 12, 2010
  Tell me something MS... Why is it that every single application installed for all users requires admin to install? While when I use MacOS, most applications can be installed by simply dragging an icon from a disk image to the Applications folder, no need to enter a password at all. In fact, I don't remember the last time I had to enter my password on MacOS. Funny how one of the few apps I've installed that required admin privileges to install was your own Microsoft Office for Mac. I've even seen a few Linux apps that can be installed without an admin password too. So why does Windows need admin for every last thing? You guys seriously need to start again from scratch with Windows. NT was a start (looking at Win 9x here) but it really is NOT good enough. Start again. Base it on *nix.

• Anonymous
  October 12, 2010
  Bot attacks are not going to go away. Everyone cannot or will not change to Linux I do not care that the Internet connections all run on Unix or that Macs never get viruses in real life. The majority of people use Windows and are happy enough not to change. For the foreseeable future, bot DDoS attacks will occur, so Scott's comments are welcome in that he has at least opened up the discussion. Equally so, having the government force compliance to allow connection will never happen. It is not wanted and the benefits are outweighed by the effort and efficiency. Antivirus is only good for a limited amount of time before it is out of date and the next zero day exploit occurs.  You either have to lock down everyone on the planet's PC or not allow others to join your protected zone. ISPs could drop connections if they seem a threat until proof is supplied or even limit speed and full access to just their help forums. That way people would have an opportunity to fix systems and prove they are clean. It is all about whom do you trust? A big scary government that you have no control over or an ISP who you can always change.

• Anonymous
  October 12, 2010
  So Microsoft and State say I must have their permission to go online, but it is my fault if any damage occurs through lack of knowledge or negligence. They have no responsibility but all the control. I assume I will also have to pay again for this service, but I no comeback if my business is harmed as a result of an attack. I have just seen my IT boy and he says he can put Debion on my new laptop. He is always saying how easy it is to use, so we have a small gamble about it not being up to the job. If it is good enough to carry on without major business problems I will convert the whole of my business just to protect it from Microsoft control. The second option is to convert to Apple and a new machine is now on order just in case I lose the bet. I do not want any more outside help in running my comapny. I do not need yet another consultant telling me that I need to pay or that they must audit me for my own good.

• Anonymous
  October 12, 2010
  The comment has been removed

• Anonymous
  October 12, 2010
  The comment has been removed

• Anonymous
  October 12, 2010
  The comment has been removed

• Anonymous
  October 13, 2010
  The comment has been removed

• Anonymous
  October 13, 2010
  Let's check:

• most of computers banned from internet would be with Windows
• if the rule is applied to servers, your services will be not available. If hosting is your job, all mail, sites and services of your customers would be cut from Internet. And if you di hosting you don't have few sites/services on each of your server.
• Viruses and threats generically try to hide themselves. Do you remember viruses which were making spoofing on maill sender ? I mean, for a similar principle, how can you safely find one host as infect ? And if you ban a computer which instead is clean, then the owner should demonstrate his computer is clean ?
• extend the rule to big companies network, where behind a public IP there is a network with thousands computers, and only one computer could be infect: as result an entire company is cut off from Internet  .... I could continue the list, but this is enough for Mr Charney to think a little..

• Anonymous
  October 13, 2010
  The comment has been removed

• Anonymous
  October 14, 2010
  The comment has been removed

• Anonymous
  October 15, 2010
  The comment has been removed

• Anonymous
  January 02, 2011
  i would like to update windows seven on my computer but can't do it help                                    thank you

• Anonymous
  June 21, 2012
  You should read this article about a Botnet and spammers that are ruining people. www.scribd.com/.../97504724-Kelly How come they don't get shut down?

• Anonymous
  January 03, 2014
  Pingback from Menu