In his keynote at the RSA security conference on Tuesday, Scott Charney, Microsoft corporate vice president of Trustworthy Computing, called for a model of quarantining infected PCs. Charney proposed a system that would prevent infected computers from accessing the Internet, so they can't be used to send spam and conduct denial-of-service attacks. More info at CNET.
The Internet is so many things for consumers. It's a way to engage in free speech, to engage in online commerce, to get education, to seek health care information. Their lives center around this technology in so many important ways. And they're used to the PC being in their home. It's considered a very private device in a way. And it may be storing a lot of private sensitive data, like your diary or your tax records. But what we've seen is that when people get infected they may not be the ultimate victim. They are a victim. The ultimate victim might be the person who receives the spam directed by the botnet or the site or service shut down by the denial-of-service attack. I'm a big fan of consumer education and we've been doing it for 20 years, but it doesn't work at scale. You can tell people make sure you've updated your machines, you're running antivirus, and you're backing up your data. Yet we still see a lot of people just don't do that. So, the question becomes how do you create a less infected Internet?