Microsoft VP Suggests 'Net Tax To Clean Computers

Ian Lamont writes "Microsoft's Vice President for Trustworthy Computing, Scott Charney, speaking at the RSA conference in San Francisco, has floated an interesting proposal to deal with infected computers: Approach the problem of dealing with malware infections like the healthcare industry, and consider using 'general taxation' to pay for inspection and quarantine. Using taxes to deal with online criminal activity is not a new idea, as demonstrated by last year's Louisiana House vote to levy a monthly surcharge on Internet access to deal with online baddies."

Free anti-virus with Internet service purchase!

[LostCluster]

Most of the major ISPs in the US are providing a free brand-name anti-virus product if users will just download it. Even if you don't get that, it's about $15/year to stay up to date at Best Buy. The problem here isn't that people can't afford anti-virus... it's that they can't be bothered to use it.

Maybe the route some universities have taken of fines and downtime for those caught spreading malware or spam, knowingly or not, is what we need.

Re:Free anti-virus with Internet service purchase!

A) Waste? 200k a week or so was easily bearable on a 56k modem and it hasn't gotten bigger.
B) Every file? I can choose to scan on access, on modify, on create, or never (i.e. only on systemwide scans). And I can blacklist/whitelist certain types of files to always or never be scanned.
C) Huh? I have no idea what this even purports to mean.
D) Uh.. http://itcweb.ecsu.edu/portal/images/symantec01.jpg looks like normal Windows theme to me..
E) Constantly? Thunderbird, my system clock/temp monitor, my IM client, etc all pop up to the top of my cpu for tiny moment and disappear again. My AV sits at 0% all the time unless it's actively scanning a file, and even then it uses typically less than 2% cpu time.
F) Lifetime subscription, never once saw a popup, lrn2powerpoint noob.
G) Wha? I can't ever recall a single time that my AV interfered with my gaming in any way. Windows firewall, punkbuster version mismatching, etc, but never my AV.
H) Right, because blaster et al that exploit such vulnerabilities aren't real, only something that has no payload whatsoever is a real threat. I'm honestly not even sure that if I had the heuristic protections on (that would increase, perhaps, the problems in a-g) that it wouldn't catch that.

How can you whine about network use for AV but dismiss the exact same thing (sending spam) when it's a virus? My AV generally works in the background. Have you ever tried to use a computer infected with Vundo?

Either you're an epic troll or you're just braindead. (Oblig PA: http://www.penny-arcade.com/comic/2003/9/19/)

Re:Free anti-virus with Internet service purchase!

[dweller_below]

Maybe the route some universities have taken of fines and downtime for those caught spreading malware or spam, knowingly or not, is what we need.

I do IT security for one of those universities. Our IT is extremely decentralized. There are some central services. The network is managed centrally. But the majority of the computers are managed by individuals, departments, and colleges in whatever way they see best.

We charge a reconnect fee as part of our standard network security incident response. When we determine that a system is compromised, we disconnect it, and notify the owner. We reconnect it as soon as the owner pays the reconnect fee. The fee is $25 for the first reconnect and $50 for each reconnect after the first time. The fee is not kept by Security. It is transfered to the university Service desk.

It may sound silly, but we can demonstrate that the reconnect fee is our single, most effective security measure. We have detailed data on detected compromise for years before and after the beginning of the reconnect fee. When we started imposing the reconnect fee, our rate of detected compromise dropped to 1/10th the prior level. We believe that prior to the reconnect fee, people really felt that there was no reason to worry about compromise.

In the years that we have been doing this, it has always amazed me that such a small irritation can lead to so much behavioral change.

Charging the entire university for each compromise would not have the same effect. By charging the university entity that owns the compromised computer, we change that entity's behavior. Even when we are effectively moving money from 1 pocket to another. The reconnect fee is always an unanticipated expense. The reconnect fee is always an irritant. In effect, we have created an institutional pain response to compromise. We can tell it is still working, because the university's community is still complaining about it. Once they stop complaining, we may have to up the fee.

Miles

Re:Free anti-virus with Internet service purchase!

[HermMunster]

I clean this stuff off computers every day in my business as part of doing business in my shop. You can't honestly say that Security Essentials is top notch. It is a good product in that it doesn't nag you like AVG does and it isn't as heavy on the system as AVG, Norton, and McAfee. As far as malware detection goes it only knows so much and what it does know isn't that much. I use it as a final scan not as the main scan because it doesn't have the teeth of some of the other free products.

It's an OK product but you have to have a compliment of products to clean your machine. It is lightweight for monitoring to ensure some detection of infection and removal.

Re:Free anti-virus with Internet service purchase!

[MikeFM]

Or you can just avoid using Microsoft OSes and products and you'll be more secure. I say lets go for a tax. $100/yr per Windows machine.

Tax Microsoft operating systems

[Animats]

A special "insecure software" levy on software responsible for more than 10% of "owned" machines on the net would be more appropriate.

Re:Tax Credit?

[LostCluster]

New Hampshire believes in an environment where tolls, gas taxes, and registration fees pay for the roads, property taxes pay for police and fire protection, those who get lost in the woods are billed for their rescue, hunting licenses pay for the regulation of hunters....

Basically, they have no sales or income tax, but you've got to pay for what you use. Want to save money? Stop doing wasteful things!

I see how this works

[SoTerrified]

Police: "This is a fine store you have here"

Shop Owner: "Yes, I'm quite proud of it."

P: "It would be a shame if something happened to your store... But for only 20% of your gross, we could protect it."

SO: "But, I have no crime in my store. I have state of the art security cameras, proximity alarms, private security guards. I've spared no expense and made sure my store is secure"

P: "True, but you see there's another shop down the street and it gets broken into every week. Someone has to pay for that."

WTF?

[Darkness404]

Approach the problem of dealing with malware infections like the healthcare industry, and consider using 'general taxation' to pay for inspection and quarantine.

First off, there are two separate issues, one is that anyone can get sick, and in general, only badly configured -Windows- machines get malware. Yes, you -can- make Mac/Linux malware but other than a few isolated issues they aren't big deals.

Secondly, the computer industry and the internet should not be taxed! I don't mind paying for -some- taxes because I get benefits because of it, defense, roads, etc. But what positive government involvement in the internet has occurred post-1990? Other than trying to regulate it, crushing internet freedoms and privacy the government hasn't done shit.

Taxes should be akin to buying something in the store, you pay money, you get benefits. I pay taxes, I get protection, freedom to bear arms, unrestricted freedom of expression, etc. Just like I pay $200 and get a new Wii console.

Re:I'm paying for WHAT?

[Zencyde]

But I DON'T benefit from an educated and healthy society! Have you seen our society? It's only healthy and educated by society's standards. But not MINE. Fuck you and your Internet tax I know how to freshly install a damn operating system when I need to.

Re:In other words,

[HalfFlat]

Thanks to Microsoft, the typical computer user believes that sporadic crashing is unavoidable, machines and programs must be restarted periodically if they are to maintain efficiency, and that the threat of viruses is the price paid for the convenience of email. It has come to the point that recently, when trying to explain that it was important for long-running (scientific number-crunching) code to be careful about memory management, the people I was talking to refused to believe it was possible that a program could run for over a week without slowing down. Trying to convince people that the overhead of ECC in cost and speed for computers destined for number crunching is worthwhile is hard when they believe crashes and instability are as manageable and predictable as bad weather.

Remember the days of breathless warnings about emails, which if read, would destroy your computer? And how Microsoft made the dream come true?

I should not be surprised at the gall of Microsoft to suggest that this world-wide problem, born from their neglect and short-sightedness, should be addressed with public money.

Re:I totally agree

[Jeng]

Cause Microsoft never let a zero-day exploit just sit around till they felt like patching it?

Sometimes they can be goaded into releasing a patch early.

Yes, most infections are for an exploit that is already patched, but not always.

Ah.. the registry.

[0ld_d0g]

Actually the registry was a rather benign concept. It was originally designed to host OS settings in a convenient central location (with redundancy ofcource) to enable easier migration from PC to PC, easier group policy management, etc

Apps ofcource were too lazy to come up with their own damn 'INI files'-equivalent and abused the registry to store their own mess. System "tweaker" and other "cleaner" programs started to fuck with internal windows settings that Microsoft had no plans to expose to the end user causing even more problems. Thus its became this giant cluster-fuck that it is now, primarily because of backwards compatibility and previous strategic mistakes on the part of MS.

They should have kept the registry API hidden and not allowed apps to write their shit all over the place (ofcource 95 was a shitty OS and didn't have ACL like features, therefore forcing MS to have XP run as Admin by default to allow access to the entire object manager namespace for all programs)

This backlog of poor decisions finally caught up with them and they had to 'take a hit' (PR wise) finally with vista and the draconian UAC forcing app vendors to write apps w/o assuming admin privileges. Better late than never I'd say...

Re:Alot of free anti-virus options

[__aasqbs9791]

You know, I was going to point out that most people have some idea of how their car works, and how to do so safely, even if not the actual details, but then I recalled all the crazies driving down the freeway putting on make up, or shaving (I saw some guy doing that last week, talk about asking for a 'close shave'!), etc.

And then there's my wife, whose car's engine seized a couple of months after we moved into together. When I asked her when her last oil change was, she said (with a straight face), "Two years ago, I think." So I guess I can't really argue with you at all. Sadly.

Re:Tax Credit?

This is straight to the point. Having a 'Windows tax' on every computer sold isn't enough for Microsoft to fix their crummy operating system. They want a REAL tax instituted by government.

And who gets the money to investigate these viruses / malware? Hmmm, would it be the company that makes the software which hosts the viruses and malware?

This 'Trustworthy' leader from Microsoft is trying to get the government to fund Microsoft because their operating systems are so crummy. Do you see Toyota getting government funding for their on-board drive by wire software? Let the market decide. When people *finally* (been looking forward to this for 20 years) get sick of using crummy Windows, we can all live on a safe and happy internet.