Microsoft pitches PC isolation ward to defeat botnets
But it's unlikely Charney's ideas will curtail botnets or even pass muster with users, said Joe Stewart, director of malware analysis at Atlanta-based SecureWorks, and a well-known botnet expert.
"If you don't address the human behind the botnet, you'll fail," Stewart said.
"Technical solutions just haven't worked," Stewart said, referring to Charney's health certificate concept. Criminals are simply too adaptable, too clever to be long stymied by any technology-based defense, whether certificates -- which even Charney acknowledged would have to be counterfeit-proof -- or antivirus software, firewalls and patches.
"Plenty of people get infected by a bot who have all the patches, who have a firewall, who have antivirus," Stewart said. "They don't even know they've been infected." How, then, would one explain to them that they can't get on the Internet? he asked.
Instead, more resources should be dedicated to other initiatives. "First, we need much better global communication and collaboration" between researchers and law enforcement, he said, as well as an enforceable way to hold ISPs accountable for hosting botnets' command-and-control servers, no matter where they're located.
"And we need more what I call 'offense in depth,'" Stewart added, explaining the strategy as one where researchers and law enforcement agencies hound a botnet until its gang of controllers is driven out of business or arrested.
Stewart has proposed that before. Last April he laid out an anti-botnet approach in which teams of paid security researchers, similar to a police department's major crimes unit, would stalk and disrupt specific criminal gangs or botnets.
Even if Charney's technology-based proposal worked, Stewart was skeptical that people would buy into the idea.
"I just don't see how you could make it happen with the current paradigm of computing," said Stewart. People are accustomed to the idea that they can do what they want with their personal computer -- put any software on the machine, jump on the Internet at a moment's notice -- and a radical departure from that will have a tough time finding supporters.
The only way to block botnets from getting on PCs is if the PC industry adopted a closed ecosystem, similar to Apple's App Store, said Stewart, where only certain applications are allowed to be installed.
"But everything would have to be fundamentally redesigned," he said. "I don't think people have reached the point yet with botnets where they would agree to that. Maybe in 20 years. But for now we're locked into this mentality that we can do anything we want."
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- System and Data Protection, Recovery and Availability This white paper describes how ARCserve works and the benefits it can provide IT environments of all sizes.
- Simplifying Data Protection, Reducing Risk of Data Loss and System Downtime This white paper outlines what IT organizations should look for in a data protection solution, including simplicity and ease of deployment, comprehensive protection,...
- Complexity Ate My Budget When it comes to data protection, having multiple point solutions is not the answer. Find out how to gain a holistic view of...
- Three Best Practices to Help Government Agencies Overcome BYOD Challenges This paper highlightschallenges facing government IT in a BYOD environment and discusses strategies for network preparation, ongoing support, and securing information to enable...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them. All Privacy White Papers | Webcasts