Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft VP Suggests 'Net Tax To Clean Computers

Posted by kdawson on from the sure-to-go-over-well dept.

Ian Lamont writes "Microsoft's Vice President for Trustworthy Computing, Scott Charney, speaking at the RSA conference in San Francisco, has floated an interesting proposal to deal with infected computers: Approach the problem of dealing with malware infections like the healthcare industry, and consider using 'general taxation' to pay for inspection and quarantine. Using taxes to deal with online criminal activity is not a new idea, as demonstrated by last year's Louisiana House vote to levy a monthly surcharge on Internet access to deal with online baddies."

3 of 577 comments (clear)

  1. I see how this works by SoTerrified · · Score: 5, Interesting

    Police: "This is a fine store you have here"

    Shop Owner: "Yes, I'm quite proud of it."

    P: "It would be a shame if something happened to your store... But for only 20% of your gross, we could protect it."

    SO: "But, I have no crime in my store. I have state of the art security cameras, proximity alarms, private security guards. I've spared no expense and made sure my store is secure"

    P: "True, but you see there's another shop down the street and it gets broken into every week. Someone has to pay for that."

  2. Re:I'm paying for WHAT? by Zencyde · · Score: 5, Interesting

    But I DON'T benefit from an educated and healthy society! Have you seen our society? It's only healthy and educated by society's standards. But not MINE. Fuck you and your Internet tax I know how to freshly install a damn operating system when I need to.

    --
    What day is it? Could you please tell me?
  3. Re:Free anti-virus with Internet service purchase! by dweller_below · · Score: 5, Interesting

    Maybe the route some universities have taken of fines and downtime for those caught spreading malware or spam, knowingly or not, is what we need.

    I do IT security for one of those universities. Our IT is extremely decentralized. There are some central services. The network is managed centrally. But the majority of the computers are managed by individuals, departments, and colleges in whatever way they see best.

    We charge a reconnect fee as part of our standard network security incident response. When we determine that a system is compromised, we disconnect it, and notify the owner. We reconnect it as soon as the owner pays the reconnect fee. The fee is $25 for the first reconnect and $50 for each reconnect after the first time. The fee is not kept by Security. It is transfered to the university Service desk.

    It may sound silly, but we can demonstrate that the reconnect fee is our single, most effective security measure. We have detailed data on detected compromise for years before and after the beginning of the reconnect fee. When we started imposing the reconnect fee, our rate of detected compromise dropped to 1/10th the prior level. We believe that prior to the reconnect fee, people really felt that there was no reason to worry about compromise.

    In the years that we have been doing this, it has always amazed me that such a small irritation can lead to so much behavioral change.

    Charging the entire university for each compromise would not have the same effect. By charging the university entity that owns the compromised computer, we change that entity's behavior. Even when we are effectively moving money from 1 pocket to another. The reconnect fee is always an unanticipated expense. The reconnect fee is always an irritant. In effect, we have created an institutional pain response to compromise. We can tell it is still working, because the university's community is still complaining about it. Once they stop complaining, we may have to up the fee.

    Miles