Microsoft's tax-for-hacks 'horrible' idea, say security experts
Suggestion that Internet users pay tax to fight malware, botnets gets thumbs down
Computerworld - Microsoft's idea that the fight against malware could be funded by an Internet tax is "horrible," an analyst said Thursday as other experts weighed in on a recent comment by the company's security chief.
Earlier this week, Scott Charney, Microsoft's vice president for its Trustworthy Computing group, said that while there are plenty of ways to combat malware, scrub infected PCs and take down botnets, no one wanted to foot the bill.
"Maybe markets will make it work," Charney said, but then added that an Internet usage tax might be the solution. "You could say it's a public safety issue and do it with general taxation," Charney said.
"The idea of a general Net tax is a horrible idea," said John Pescatore, Gartner's security analyst. "Why not a tax on all retail goods for a standard antishoplifting service all merchants would have to use?" A business, he said, can now select what it thinks is the best anti-malware solution, but that choice would presumably vanish if funding for battling the bad guys went national.
"A general tax would reduce the services to the lowest common denominator," Pescatore contended.
Wolfgang Kandek, chief technology officer at security company Qualys, agreed. "I have a hard time seeing [a tax] work. The Internet is an international body; you can't regulate it, and you cannot levy a tax. ISPs might have to up their fees to pay for something like this, I can see that, but a tax that brings government into play -- I can't see that."
Others who disagreed with Charney's proposed Net tax argued that Web users would end up paying, tax or no tax, to fight hackers.
"A tax may be a bad idea, but people will pay for it one way or another," said Randy Abrams, director of technical education at ESET Security, ticking off higher ISP fees or, if not that, then the lack of any price cuts by ISPs as the inevitable consequences of such anti-malware efforts.
Some security pros questioned not only the concept, but also the mechanics of a taxation-for-mitigation scheme.
"I don't have a problem with charging a fee and giving it to good works for the whole," said Andrew Storms, director of security operations at nCircle Network Security. "The problem is that one, you have to find a big, smart and trustworthy organization to handle this. And most people will agree that's not the government, and that's not Microsoft."
More likely, suggested Storms, is that an ISP will take the plunge, charge its users a little extra to keep their machines clean, and prove that it's possible. "Then I could see a consortium of ISPs getting together to do that," he said.
- Security execs express surprise over CISO's firing following RSA talk
- Security industry faces attacks it cannot stop
- Pennsylvania fires CISO over RSA talk
- Google attacks, Web 2.0 fuel FUD at RSA
- Analysis: Does the storm over cloud security mean opportunity?
- Microsoft's tax-for-hacks 'horrible' idea, say security experts
- FBI Director: Hackers have corrupted valuable data
- CISOs rain on cloud-computing parade at RSA
- FBI embeds cyber-investigators in Ukraine, Estonia
- Tweet this: Social network security is risky business
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts