Infected PCs Should be Quarantined

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, thinks removing infected computers from the internet until they can be scanned / cleaned is the way to go. Good idea but, the question is, can it be done and how?

In a follow-up interview afterward, Charney elaborated on his vision for reducing the damage from botnets and explains how infected computers should be kept off the Internet just like doctors quarantine sick people and smokers are restricted as to where they can light up in public.
Click to expand...
 
The universities I've studied at have had policies in place that required PC users to verify that antivirus software was installed prior to accessing the network. The school I attended for my Masters had a quick download that checked your AV and its status against a whitelist and offered the school-sponsored download (Symantec Corporate) if you didn't have a qualifying product. I don't understand why ISPs don't have similar policies in place.
 
Ok, but if i'm kicked offline, how will i download software to fix the issue if i don't have another PC?
 
What and how are they going to be able to check for false positives scenarios. Secondly hes talking about a tax for people who use the technology.So the ones who look after their machines will subsidize the ones that don't.Thirdly he says we should allow outfits to access our computers with the hope that they will regulate themselves and not check for other things that might interest them. My answer is a BIG NO to my second and third statements. Unless someone can convince me that that is the way to go for the collective good for all.
 
Talk about creating a new security threat. Furthermore, I'm sure it'll work just great and there won't ever be a problem of false problems, back doors, false negatives, etc.

This has disaster written all over it.
 
k1pp3r said:
Ok, but if i'm kicked offline, how will i download software to fix the issue if i don't have another PC?
Click to expand...

your not kicked offline per-say but more moved in to a "walled garden" were you would be given a link to down load what ever AV your ISP gives you or a selection of free ones like MSE or Avast etc...
 
sfsuphysics said:
If you didnt fix the problem when did have access, why would that matter?
Click to expand...

For example, i'm running AVG free (i'm not, cause it sucks) but lets say i was. If i got a virus that AVG has not release a definition for how long is it until my PC is kicked offline? is it immediatly? If so, how can i get updated AV to get rid of it
 
Elios said:
your not kicked offline per-say but more moved in to a "walled garden" were you would be given a link to down load what ever AV your ISP gives you or a selection of free ones like MSE or Avast etc...
Click to expand...

Oh awesome. "Look here black-hats, a whole garden ripe with people who don't have AV installed! Furthermore, all you have to do is fake being infected by something to get your self thrown in with them then you can pillage all you want!"
 
sfsuphysics said:
If you didnt fix the problem when did have access, why would that matter?
Click to expand...

Um so what's the time frame? You get infected and 1 second later you're walled off. Or should it be a day? A week? What's the magic time frame? Furthermore, how do you plan to detect how long a computer has been infected?
 
vengence said:
Oh awesome. "Look here black-hats, a whole garden ripe with people who don't have AV installed! Furthermore, all you have to do is fake being infected by something to get your self thrown in with them then you can pillage all you want!"
Click to expand...

you seem to not know how a walled garden works do you
ever hooked up a cable modem when you didnt have service? it redirects you to the site to setup your account no matter what URL you use
same thing no one can see any one elses PC in this only the server that your redirected to
 
In Canada rogers cable does this. Once stupid people are kicked off, they are less likely to donwload one of those things that makes matters many times worse than they would be. (fake antivirus) in their attempts to fix things themselves.
 
DeFex said:
In Canada rogers cable does this. Once stupid people are kicked off, they are less likely to donwload one of those things that makes matters many times worse than they would be. (fake antivirus) in their attempts to fix things themselves.
Click to expand...

this is why they should use a walled garden setup give the use a selection off approved AVs most ISPs in the US give you one for free any way put a download of that and some others like Avast AVG and MSE
 
would be nice but most healthcare desks are not onsite. as citrix and cloud pcing becomes more popular in businesses, so does remote tech support that requires vnc/gotoassist to fix them. take them off the internet and wish the user goodluck.
 
jroe52 said:
would be nice but most healthcare desks are not onsite. as citrix and cloud pcing becomes more popular in businesses, so does remote tech support that requires vnc/gotoassist to fix them. take them off the internet and wish the user goodluck.
Click to expand...

again WALLED GARDEN in a lan like that you putt them on a Vlan with no out side access and only access to the VNC/tech support ect:rolleyes:

this isnt hard to do
 
Ok... MSE = free... and it works. I am not an MS fan boy but based on all the security reports and reviews I have seen, it is in the top 3 AV products available. I can also attest from experience that it is small and no noticeable impact on a system's performance. It has been very good at preventing redirects and executables from hurting systems. With something like this openly and freely available to Windows based (majority) of users out there, there is no valid excuse for not using an AV application. If you aren't using something and your ISP kills your connection because you are stupid then I have no sympathy for you.
 
The way I see it, when your computer is virused, you're not likely to visit sites you intended on visiting anyways. You'd constantly be redirected to malware sites.

So it would be at least a lot more helpful for the average Joe and Jane out there if they were redirected to a sandbox, or walled garden as Elios calls it, and give you a chance to fix your computer, or find information on how to do so.

Sure, I can see that you guys wouldn't like it, but Microsoft has to pay attention to the other 99.9% of Windows users, not us.

As for false positives, perhaps in the walled garden there's an option similar to MSE's function where you can submit the unknown file's information and check "I'm pretty sure this is safe", and be on your merry way.
 
Virgin media in the UK, used to put you in a walled garden if they detected that your network activity mimicked that off a compromised machine (ie. sending out spam to multiple ip's, or connecting to a bot network). From what i read on the forums it did drop 1-2 people into there accidently, but im sure such tech like this would be great once they work out the bugs.

The only problem is the asshats at the RIAA whatever, are likely to push for something similar......oh using a bittorrent port, you must be pirating music....into the garden you go :(. Pay $50 to get out.
 
The NSA through thier wiretapping of us all has the ability to ID and turn over to the ISP's the list of those machines that need to be isolated.

From there it is just handing over the IP of the infected machine and the ISP blocking it from the internet. Setting up a fake world for that machine to see, using the DNS servers to misinform the rogue machines, etc, etc. Think about it, it shouldn't be very difficult.

For ISPs in other country's that refuse to comply.... simply cutoff that country's internet access entirely.

The weakness of being part of the botnet is .... being part of it, so your online signature of behavior gives you away.

Given the threat to worldwide bandwidth of an infinite expanse of spam, using up valuable resources we all share, at least do SOMETHING useful with this spy program while its ongoing.

As for the assholes behind this shit.... when AQ is on the run and defeated, we can unleash special forces worldwide to hunt down and kill the spammers with impunity.
 
Azhar said:
The way I see it, when your computer is virused, you're not likely to visit sites you intended on visiting anyways. You'd constantly be redirected to malware sites.

So it would be at least a lot more helpful for the average Joe and Jane out there if they were redirected to a sandbox, or walled garden as Elios calls it, and give you a chance to fix your computer, or find information on how to do so.

Sure, I can see that you guys wouldn't like it, but Microsoft has to pay attention to the other 99.9% of Windows users, not us.

As for false positives, perhaps in the walled garden there's an option similar to MSE's function where you can submit the unknown file's information and check "I'm pretty sure this is safe", and be on your merry way.
Click to expand...
Once you've introduced a method to bypass the walled garden then the malware installed will automatically do this for the user.
 
xX_Jack_Carver_Xx said:
The NSA through thier wiretapping of us all has the ability to ID and turn over to the ISP's the list of those machines that need to be isolated.

From there it is just handing over the IP of the infected machine and the ISP blocking it from the internet. Setting up a fake world for that machine to see, using the DNS servers to misinform the rogue machines, etc, etc. Think about it, it shouldn't be very difficult.

For ISPs in other country's that refuse to comply.... simply cutoff that country's internet access entirely.

The weakness of being part of the botnet is .... being part of it, so your online signature of behavior gives you away.

Given the threat to worldwide bandwidth of an infinite expanse of spam, using up valuable resources we all share, at least do SOMETHING useful with this spy program while its ongoing.

As for the assholes behind this shit.... when AQ is on the run and defeated, we can unleash special forces worldwide to hunt down and kill the spammers with impunity.
Click to expand...
I hope this was satire.
 
vengence said:
Awesome! So now all I have to do is to emulate people being put into a walled garden with a malware based DNS hi-jack and they'll automatically assume the site they are being sent to is legit!
Click to expand...

you could do that now with most cable systems make it look like they are late on there bill and ask for CC number
no change there
 
vengence said:
Once you've introduced a method to bypass the walled garden then the malware installed will automatically do this for the user.
Click to expand...

I'm sure there are other ways to protect a user. Perhaps a second DNS cache that's sandboxed within some protected mode that activates when your computer detects an infection.

Or maybe a locked read-only user profile your computer logs into when it detects an infection with it's own system files, including the DNS required to direct you to this walled garden.

We've come a long ways from XP's poor security implementations.
 
That dude has a great idea, but he needs a better plan. First, no tax is needed since the computer security companies would have the highest interest in this, so they can fund the entire thing themselves. Imagine having a company where your demograph connects to your website only when it's online.
 
I love the idea. This would have very very little effect on us, but the common user it will hit hard. If someone suddenly looses internet, they call support. Support tells them "Our system detected a virus on your computer, please go 2 the store and buy an anti virus". Its very simple. The Walled Garden will also direct you to a web page to download free anti-virus or purchase products. You can also leave the anti-virus update port open so once the AV is installed, it can update.

The problem is, 90% of the users are dumb as dirt. They have Windows 98, with no patches, running IE6 and no anti-virus. Not only is this for there own good, but all of ours. The biggest threats on the net are from Botnets on these users!!! Something MUST be done. Its sad when you need to forcefully educate people, but its not uncommon in other aspects. Like a hair dryer warning label that says "Do not use in shower". Yes, most people are smart enough NOT to dry there hair in the shower, but the fact is that there are people out there too stupid to understand common sense. At least with those stupid people, they just take them self out of the gene pool. With stupid internet users, they put US at risk.
 
xX_Jack_Carver_Xx said:
The NSA through thier wiretapping of us all has the ability to ID and turn over to the ISP's the list of those machines that need to be isolated.

From there it is just handing over the IP of the infected machine and the ISP blocking it from the internet. Setting up a fake world for that machine to see, using the DNS servers to misinform the rogue machines, etc, etc. Think about it, it shouldn't be very difficult.

For ISPs in other country's that refuse to comply.... simply cutoff that country's internet access entirely.

The weakness of being part of the botnet is .... being part of it, so your online signature of behavior gives you away.

Given the threat to worldwide bandwidth of an infinite expanse of spam, using up valuable resources we all share, at least do SOMETHING useful with this spy program while its ongoing.

As for the assholes behind this shit.... when AQ is on the run and defeated, we can unleash special forces worldwide to hunt down and kill the spammers with impunity.
Click to expand...

AMERICA F YEAH! Haha.

Well, you make a good point, if the NSA can see all this from happening, then it wouldn't be that hard to stop it. So what's the problem?
 
provoko said:
AMERICA F YEAH! Haha.

Well, you make a good point, if the NSA can see all this from happening, then it wouldn't be that hard to stop it. So what's the problem?
Click to expand...

fun fact wile the NSA could if they wanted to track every thing they dont have the time money or man power to track every thing
NSA has got some cool shit but there not as all seeing all knowing as some people think they are and imo they i think they like the reinforce the myth makes them look more powerfull then they are

fact is theres tons of automated systems that sift out this data out and then and on then does a real analyst ever look at it 90% of the data gathered is thrown out
 
+1 I'm all for walled gardens. Is it possible that they could be exploited via social engineering? Well anything is possible, but that doesn't mean it would be easy and it would be quashed just like any other expolit.

IMHO, the benefits of using a walled garden far out weigh the potential risks. Of course a good chunk of the zomibes would go bye-bye if XP users would just upgrade to...well anything else, even just migrating to a fully patched new Windows XP SP3 machine with MSE would be an improvement.
 
Yeah right, if quarantining pc's is anything like quarantining the community cold I keep catching at the office then we're all digitally doomed!
 
jwalk6 said:
Yeah right, if quarantining pc's is anything like quarantining the community cold I keep catching at the office then we're all digitally doomed!
Click to expand...

hell, I'd welcome quarantining people with colds and flu. One of my pet peeve is when I get on the train in the mornings to go to work, I see someone coming on the train coughing,sneezing and sniffling. There should be a law against that :-P
 
The solution is simple.

Create a virus that turns off internet connection, and spread it out to every computer on the internet. (Just put it up on google.com)

So, until you scan with Malwarebytes, your internet will be off. :p
 
Well now I'm all perplexed.

The NSA is spying on all electronic communications within and coming in/out of the USA.

They tell us they are doing this to thwart terrorists and its all for our safety. Sovereign immunity, national security letters, fisa warrants, etc, etc. EFF and ACLU lawsuits over illegal wiretapping have been thwarted due to "State Secrets". All in the name of protecting us from the terrorists and defeating AQ.

Now, you come along and tell me they don't actually have the capacity to do that, and they are lying.

So which is it, they can monitor it all and are actively hunting terrorists OR they can't and its all a lie? We have put aside our rights under the 4th amendment for a LIE!!!???

Now, if they can and do monitor everything, and they use pattern recognition to seek terrorist-speak, etc.... then they can also use it to track all "botnet-speak". Everytime it catches a spam, log the IP address and report it to the ISP. Congress can easily mandate the ISP to cutoff the customer in question until the matter is fixed. Repeat offenders would be blackballed.

That is unless some ahole Senator blocks the legislation. :eek::rolleyes::p
 
Not news. Most providers do this, especially when one of their "subscriber" (read: the guy on their network with a virus) is shooting out a shiatload of spam or various other offenses. You get a nasty letter threatening to blacklist your domain until the offender is taken down. After that you find the person whom leased that IP (or IP's) and bounce their account / modem and leave them a message to call. You don't give them access back until they get their machine cleaned up. Part of the TOS allows them to do this (have a nice day!)

Been going on for a long time, and even though I'm out, I bet it continues to this day.
 
You must log in or register to reply here.
Back
Top