Skip the navigation

Microsoft pitches PC isolation ward to defeat botnets

October 7, 2010 06:49 AM ET

But it's unlikely Charney's ideas will curtail botnets or even pass muster with users, said Joe Stewart, director of malware analysis at Atlanta-based SecureWorks, and a well-known botnet expert.

"If you don't address the human behind the botnet, you'll fail," Stewart said.

"Technical solutions just haven't worked," Stewart said, referring to Charney's health certificate concept. Criminals are simply too adaptable, too clever to be long stymied by any technology-based defense, whether certificates -- which even Charney acknowledged would have to be counterfeit-proof -- or antivirus software, firewalls and patches.

"Plenty of people get infected by a bot who have all the patches, who have a firewall, who have antivirus," Stewart said. "They don't even know they've been infected." How, then, would one explain to them that they can't get on the Internet? he asked.

Instead, more resources should be dedicated to other initiatives. "First, we need much better global communication and collaboration" between researchers and law enforcement, he said, as well as an enforceable way to hold ISPs accountable for hosting botnets' command-and-control servers, no matter where they're located.

"And we need more what I call 'offense in depth,'" Stewart added, explaining the strategy as one where researchers and law enforcement agencies hound a botnet until its gang of controllers is driven out of business or arrested.

Stewart has proposed that before. Last April he laid out an anti-botnet approach in which teams of paid security researchers, similar to a police department's major crimes unit, would stalk and disrupt specific criminal gangs or botnets.

Even if Charney's technology-based proposal worked, Stewart was skeptical that people would buy into the idea.

"I just don't see how you could make it happen with the current paradigm of computing," said Stewart. People are accustomed to the idea that they can do what they want with their personal computer -- put any software on the machine, jump on the Internet at a moment's notice -- and a radical departure from that will have a tough time finding supporters.

The only way to block botnets from getting on PCs is if the PC industry adopted a closed ecosystem, similar to Apple's App Store, said Stewart, where only certain applications are allowed to be installed.

"But everything would have to be fundamentally redesigned," he said. "I don't think people have reached the point yet with botnets where they would agree to that. Maybe in 20 years. But for now we're locked into this mentality that we can do anything we want."

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer or subscribe to Gregg's RSS feed Keizer RSS. His e-mail address is gkeizer@computerworld.com.

Read more about Security in Computerworld's Security Topic Center.



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!