One of the benefits of being an 800-pound gorilla in this world is that you can use your strength and influence to help others.
So, apparently, seems to be the altruistic thinking at Microsoft these days. Not content to rule the world — or at least try to — with its Windows desktop dominance, the software behemoth has now apparently paused to propose a way to tackle the Internet’s malware problems too.
Isn’t that thoughtful?’Joint Responsibility'”The Internet is a shared domain and users worldwide, governments, and industry need to take joint responsibility for developing collective defenses that help ensure Internet citizens are protected from threats,” asserted [http://www.microsoft.com/mscorp/twc/endtoendtrust/vision/internethealth.aspx] Scott Charney, corporate VP of Microsoft’s “trustworthy computing,” in his keynote at ISSE in Berlin.
Oh, so it’s a global, government and industry problem! It’s so nice to have that made clear. We just knew it couldn’t be any reflection on Windows — certainly not!
Or could it? Linux bloggers, as might be expected, weren’t so sure.
‘Improve Their OS Instead’
“If we are to apply public health models to the Internet, that is seriously apply them, then what we really need to do is remove the infection vector…. Microsoft Windows,” wrote tracyanne on LXer, for example.
Similarly: “It’s been said before — pull all Windows PCs offline, and instantly there are no more botnets, hardly any spam, phishes, malware, and an instant 90% increase in carrying capacity of the entire Net,” asserted tuxchick.
And again: “If they wanted to do something about botnets, perhaps Microsoft could improve the security of their OS instead,” echoed rmxz on Digg.
There soon seemed to be a theme emerging across the Linux blogosphere, so Linux Girl knew it was time to learn more. She set up camp at the seedy Broken Windows blogobar and ordered the first of many Peppermint Penguins to come.
‘Ohhh, Bad Idea’
“While the principle is good, this is the ultimate in hypocrisy,” blogger Robert Pogson exclaimed. “We could increase the security of the Internet a thousand-fold just by banning M$’s products.
“No doubt M$ will find a way to increase licensing revenue with their interpretation of a healthy web,” Pogson added. “I prefer to have a healthy web without their clutter.”
“BAD IDEA… ohhhh, bad idea,” agreed Slashdot blogger hairyfeet. “Heck, I’m a Windows guy but even I know not to give MSFT the keys to the Internet!
“Do we really want to go to, ‘You aren’t running the latest Windows so our scanner won’t work — until you upgrade so we can check your status for PC health, we’re afraid no Internet for you’? Yeah, bad idea,” he said.
“As much as I disagree with RMS on pretty much everything, his listing of trusted computing as treacherous computing was RIGHT ON,” hairyfeet concluded. “It is MY PC, I built it, it’s mine. I’m a firm believer in the free market, and a MSFT-plus-Apple world just doesn’t appeal to me.”
‘Never Trust Microsoft’
Indeed, “they lost me as soon as they said, ‘Microsoft’s trustworthy,'” began Barbara Hudson, a blogger on Slashdot who goes by “Tom” on the site. “Those two words simply don’t belong side by side.”
Microsoft is “like the abusive person who says, ‘trust me, this time it’s different, I promise, I’ve changed, give me another chance, be reasonable, just this one last time, you won’t regret it …,'” Hudson explained. “And sure as night follows day, if you give them another chance, you’ll regret it; worse, they’ll blame YOU for their failures.”
Bottom line: “Never trust a druggie, an alcoholic, a gambler or Microsoft,” Hudson concluded. “For all of them, you’re just a means to an end.”
‘This Has More to Do With Piracy’
Montreal consultant and Slashdot blogger Gerhard Mack agreed with the idea of isolating infected PCs to a restricted network; nevertheless, “Microsoft’s Internet ‘Health Plan’ suffers from the author taking a very Windows-centric approach to the problem,” he said.
“The downside to this plan is that forcing every device to issue a ‘health certificate’ before being allowed to connect anywhere will restrict the OS market to corporate-backed players only,” Mack explained. “No more Linux, *BSD or any experimental OS because they won’t be able to generate the certificate.”
That, of course, just might be part of the idea, Mack noted, and “it is worth mentioning that this paper was written by someone from the department that wants to shove DRM down all of our throats and that they list the IPTV and Media center people as reviewers, leading me to suspect that this has more to do with a crackdown on piracy than protecting the internet at large.”
In short, “they have started with a reasonably good idea and turned it into an absolutely terrible one,” Mack concluded.
‘Could Be a Step in the Right Direction’
Not everyone saw it that way, however.
Microsoft’s proposal may actually be too weak, Slashdot blogger David Masover told Linux Girl.
“It isn’t terribly hard to secure a computer, and one easy way to motivate it would be to make the owner of any computer used to commit a crime an accessory to that crime,” he suggested. “That is, if someone manages to use my computer to launder money, I should be found guilty of money laundering, or I should at least be an accessory (through negligence) to the person who actually initiated the attack.”
Still, the plan “could be a step in the right direction, if done right,” he added. “The simple solution would be for the ISP to simply cut the user’s Internet access until the problem is resolved, and many ISPs are willing to do this.
“As soon as there’s an actual consequence for an infection other than your computer running slightly slower, people will start to care more about securing their computers — which should drive demand for real solutions, as well as the education to use those solutions,” Masover explained. “As long as there are no real consequences, botnets will flourish.”
Of course, “if done wrong, there are a ton of unanswered questions, like, how do you know it’s the same computer?” Masover acknowledged. “Any answer is likely to have serious privacy implications, at the very least.”