View Single Post
Old 03-17-2010, 03:17 AM   #1
TigaHawk
Avalon Senior Member
 
Join Date: Jan 2010
Location: Brisbane
Posts: 18
Default Government pushing for "computer vaccines"

Taken from New Scientist (Aussie Magazine? 13th March Page 21)

What a lame excuse to give themselves formal permission to stickybeak @ our pc's.




-----------------------------------------------------------------
Should we treat malicious software the same way as disease - using quarantine and mass vaccination? Scott Charney, Microsoft's security vice-president, thinks so. Otherwise the denial-of-service attacks, phishing and spam generated by botnets will never be brought under control, he says.

Last week, Charney told the RSA security conference in San Francisco that isolatin ginfected computers from the internet until they're malware free was the best way to protect the wider internet population. Quite what that would inovlve, and who would pay for the "vaccination" by antivirus software is unclear, but Charney says its an approach that is already interesting the US government.

But Ray stanton, head of security at BT in the UK says such measures won't work because the internet service provider (ISP) cannot know everything about a subscriber's computer, such as its avaliable memory and the applications its running. "How do you know it has enough memory to run the vaccine?" he says.

Quarantine-and-vaccinate measures alone won't be enough to make the internet secure, agrees Lilian Edwards, an internet lawyer at the University of Sheffield in the UK. She fears greater invasions of privacy are on the way, with individuals computers subject to some form of third-party inspection - perhaps from the ISP.

A study by Sujeet Shenoi at the Univsertiy of Tulsa, Oklahoma, bears this out. His team examined a range of possible security measures that the government could introduce, including enforced antivirus programmes and feedback sensors installed on all home computers.

The team concluded that given a sufficiently servere threat, such proposals would be entirely constitutional - even if they were unpopular (International Journal of Critical Infastructure Protection - DOI:10.1016/j.ijcip.2010.02.002)

However, Ian Brown of the Oxford Internet Institute in the UK believes that for effective internet security, the responsibility should lie with the PC makers, not the users. Government-enforced inoculation programmes would be "enormously controversial", he says. "A less intrucive alternative exists: the use of product liability to drive up the security of key software such as operating systems."
TigaHawk is offline   Reply With Quote