RSA 2010: Microsoft suggests quarantining botted PCs

One of Microsoft's leading security executives has said that consumers running infected PCs are like smokers exhaling chemicals to those around them.

"You're not just accepting [the risk] yourself," Charney, corporate vice president for trustworthy computing, said during a morning keynote at the RSA Conference in San Francisco. "You're contaminating everyone around you."

Charney spent some time discussing preventative and disruptive measures that should be taken to rid computers of botnet infections.

Drawing on statistics that there are 3.8 million compromised computers responsible for 87 percent of all email, Charney suggested using "inspection and quarantine" to clean infected home computers. He did not go into specifics.

"Just like we do defence-in-depth in IT, we have to do defence-in-depth in response," he said. "We need to use social and political mechanisms to reinforce value."

Microsoft recently spearheaded efforts to bring down the prolific Waledac botnet. A court order was granted last week that ordered the botnet's command-and-control domains to be severed.

Charney also used some of his address to discuss the security implications of cloud computing. He said the issue of identity "becomes amplified" in the cloud. To combat these threats, providers and end-users must accept shared accountability. Meanwhile, governments must define "normative behavior" of how they plan to extract data from the cloud, Charney said.

See original article on scmagazineus.com