Microsoft wants 'sick' PCs banned from the internet

Posted by Emma Woollacott

Microsoft is calling for infected PCs to be quarantined from the internet, with access denied unless they can produce a 'health certificate'.

In a position paper published this week, Scott Charney, the company's corporate vice president for trustworthy computing, argues that the world needs a common health policy that would prevent malware-infected machines from connecting to the internet.

"This approach involves implementing a global collective defense of internet health much like what we see in place today in the world of public health," he explains.

Charney cites school policies such as compulsory vaccination for students and quarantining of infected people as an example of the sort of thing he has in mind.

"To improve the security of the internet, governments and industry could similarly engage in more methodical and systematic activities to improve and maintain the health of the population of devices in the computing ecosystem by promoting preventative measures, detecting infected devices, notifying affected users, enabling those users to treat devices that are infected with malware, and taking additional action to ensure that infected computers do not put other systems at risk," he says.

He says this should include the creation of a 'health certificate' system, whereby a machine is checked to make sure that software patches are applied, a firewall is installed and configured correctly, an antivirus program with current signatures is running, and the machine is not currently infected with known malware.

He doesn't say who should be issuing these health certificates.

"Society needs to explore ways to implement collective defenses to help protect consumers who may be unaware that their computers have been compromised, and to reduce the risk that these comprised devices present to the ecosystem as a whole," says Charney in his paper.

Take a look at the paper, Collective Defense: Applying Public Health Models to the Internet, here.