Infected PCs
A Microsoft blogger has been flamed for suggesting that something is done about infected PCs on the Internet.
The point he makes is a valid one. We're all at risk because people are unable to protect their computers from malicious infection. Botnets are powerful because they use innocent bystanders as hosts.
But on the other hand, most IT professionals want undiluted access to the Internet.
I have suggested for a long time the idea of an Internet driving license (much like the BCS' EDCL). If you can prove the basics for keeping your computer secure online (e.g. difference between incoming and outgoing connections, firewalls, virus types and behaviour, how to identify and clean malware) then you get your license to use the Internet unassisted.
For the casual users who do not need the raw Internet there connections are managed by their ISP. This could include measures such as blocking incoming connections, restricting certain service to their own servers (e.g. SMTP); and yes, suspending (or maybe locking down their connection to only via a HTTP proxy) if their system is showing signs of being breached.
With such a model you can also give a certain amount of liability along the tiers. ISPs are licensed, if their network is a source of nastiness then they are slapped on the wrist. If in-turn that the ISP recognises that the nastiness is from a License holding user, they are slapped on the wrist.
The point he makes is a valid one. We're all at risk because people are unable to protect their computers from malicious infection. Botnets are powerful because they use innocent bystanders as hosts.
But on the other hand, most IT professionals want undiluted access to the Internet.
I have suggested for a long time the idea of an Internet driving license (much like the BCS' EDCL). If you can prove the basics for keeping your computer secure online (e.g. difference between incoming and outgoing connections, firewalls, virus types and behaviour, how to identify and clean malware) then you get your license to use the Internet unassisted.
For the casual users who do not need the raw Internet there connections are managed by their ISP. This could include measures such as blocking incoming connections, restricting certain service to their own servers (e.g. SMTP); and yes, suspending (or maybe locking down their connection to only via a HTTP proxy) if their system is showing signs of being breached.
With such a model you can also give a certain amount of liability along the tiers. ISPs are licensed, if their network is a source of nastiness then they are slapped on the wrist. If in-turn that the ISP recognises that the nastiness is from a License holding user, they are slapped on the wrist.