Microsoft VP Suggests 'Net Tax To Clean Computers

Ian Lamont writes "Microsoft's Vice President for Trustworthy Computing, Scott Charney, speaking at the RSA conference in San Francisco, has floated an interesting proposal to deal with infected computers: Approach the problem of dealing with malware infections like the healthcare industry, and consider using 'general taxation' to pay for inspection and quarantine. Using taxes to deal with online criminal activity is not a new idea, as demonstrated by last year's Louisiana House vote to levy a monthly surcharge on Internet access to deal with online baddies."

Free anti-virus with Internet service purchase!

[LostCluster]

Most of the major ISPs in the US are providing a free brand-name anti-virus product if users will just download it. Even if you don't get that, it's about $15/year to stay up to date at Best Buy. The problem here isn't that people can't afford anti-virus... it's that they can't be bothered to use it.

Maybe the route some universities have taken of fines and downtime for those caught spreading malware or spam, knowingly or not, is what we need.

Re:Free anti-virus with Internet service purchase!

[snowraver1]

Microsoft Security Essentials is free too, and works pretty good.

Re:Free anti-virus with Internet service purchase!

[Lendrick]

Can't be bothered?

Have you *used* anti-virus software lately? It takes over your computer and bogs everything down by scanning at irritating times, like every file access.

I don't use anti-virus software, except for the occasional one-off malware scan. I don't get viruses because I don't do stupid shit.

* I don't trust free downloads unless they're open source, or a google on "$SOFTWARE spyware" comes up clean.
* I don't browse porn (or anything else) on internet explorer.
* I don't browse porn with adblock turned off.
* I don't download stupid free desktop frills, like smileys and crap.
* I don't open obvious spam, even if it appears to be from my friends.
* When a webpage informs me that it has SCANNED MY COMPUTER and VIRUS DETECTED, I remember that I did not, in fact, install a virus scanner, and that the message is fake, and I do not have to install their special software to fix it. Instead, I close the web page.
* When doing p2p file-sharing, I use clients that are well known and spyware free.
* I don't put audio CDs into my machine when I'm running Windows, because they might install rootkits.
* I always click the "advanced" button when I install software, because that's where they hide the fact that they're installing a bunch of extra shit I don't want.
* Under no circumstances do I *ever* install Norton, which in my experience is far worse for performance than any virus.

Re:Free anti-virus with Internet service purchase!

[haruchai]

M$ are the last people who should be calling for a tax since it's their broken shit that caused decades of headaches.
Yes they've gotten better but that doesn't wipe out all the crap we'd had to live with all these years.

  However, I think the real issue for a lot of users who aren't savvy is that they might be fed up of the bloatware
crap like Symantec / Norton / McAfee which (used to?) suck so much in terms of CPU usage and disk activity.

Better, cheaper alternatives have been around for years - AntiVir, AVG, Kaspersky, for example.
And I must say that Microsoft Security Essentials isn't half bad.

Instead of their stupid EULA, perhaps M$ should put up a warning during install or first run that a security product
is required and used the lack of one as an automatic shutdown after 2 weeks instead of their activation.

Re:Free anti-virus with Internet service purchase!

[tukang]

Do you view pdf files or flash content?

Re:Free anti-virus with Internet service purchase!

[Anonymous+Psychopath]

Microsoft Security Essentials is free too, and works pretty good.

AFAIK, it doesn't work on pirated Windows, nor does it work on Win2K.

It does work on pirated Windows. Not that I would know, myself. But some guy told me. I think he lives in Canada but I don't remember.

Re:Free anti-virus with Internet service purchase!

[armyofone]

No, 2009 is still correct, if that's when he copyrighted his sig, (hah!). It will still be the correct copyright date in 2011 and 2012 and 2013... no scratch that last one. The world will (apparently) not likely make it past 2012.

Re:Free anti-virus with Internet service purchase!

[init100]

M$ are the last people who should be calling for a tax

I suggest a special cleanup tax on Microsoft software.

Re:Free anti-virus with Internet service purchase!

[pookemon]

See I read your rant, and the one above it as "I used Norton's once so all virus scanners are bad".

I've been using Avast for the last few years. Free for home use and a damn good product.

A) Sure it updates almost every day - but it has almost no impact on my network (and I'm from Oz where "Broadband" means a bit faster than dial up).
B) Its impact when scanning is not noticable. It scans the file you modify or try to open.
C) WTF? What defaults? The "I can download and run viruses by default" defaults?
D) Avast 99% of the time is a pair of icons in your system tray. If the look and feel of your virus scanner is one of you concerns then your worried about the wrong thing...
E) Avast doesn't constantly use CPU time. A decent virus scanner of any kind would us OS Hooks to identify when it needs to look at files/processes. It won't need to be doing anything unless you are and then it only needs a quick look at the file/process to see if it recognises it.
F) Avasts free license expires every 12 months. It takes around a minute to renew. Big deal.
G) *sigh* Seriously. There are millions of gamers around the world that have virus scanners installed. There's also quite a number of game developers with virus scanners installed. When was the last time that you read that your virus scanner should be disabled before playing game ? Sure the downloads of updates can cause a few moments of lag - but big deal.
H) I'm sorry but WTF? Sure Sony's rootkit can be considered a threat. But REAL threats are actually more things like Confiker, Trojans etc. Viruses etc. that (a) might destroy your PC, (b) be used as part of a botnet, (c) steal your personal data etc.

You're worried about how you virus scanner looks, and a slight interruption to your gaming, but not about the impact of having a virus. The fact that that virus may wipe your machine, cause your machine to be responsible for attacking other machines, or cause masses of SPAM e-mail to be sent out doesn't concern you? I take it then that your ISP doesn't care that you might be responsible for infecting other machines, sending SPAM etc.

Take your tinfoil hat off and go out and get some sunshine.

Re:Free anti-virus with Internet service purchase!

[dweller_below]

Maybe the route some universities have taken of fines and downtime for those caught spreading malware or spam, knowingly or not, is what we need.

I do IT security for one of those universities. Our IT is extremely decentralized. There are some central services. The network is managed centrally. But the majority of the computers are managed by individuals, departments, and colleges in whatever way they see best.

We charge a reconnect fee as part of our standard network security incident response. When we determine that a system is compromised, we disconnect it, and notify the owner. We reconnect it as soon as the owner pays the reconnect fee. The fee is $25 for the first reconnect and $50 for each reconnect after the first time. The fee is not kept by Security. It is transfered to the university Service desk.

It may sound silly, but we can demonstrate that the reconnect fee is our single, most effective security measure. We have detailed data on detected compromise for years before and after the beginning of the reconnect fee. When we started imposing the reconnect fee, our rate of detected compromise dropped to 1/10th the prior level. We believe that prior to the reconnect fee, people really felt that there was no reason to worry about compromise.

In the years that we have been doing this, it has always amazed me that such a small irritation can lead to so much behavioral change.

Charging the entire university for each compromise would not have the same effect. By charging the university entity that owns the compromised computer, we change that entity's behavior. Even when we are effectively moving money from 1 pocket to another. The reconnect fee is always an unanticipated expense. The reconnect fee is always an irritant. In effect, we have created an institutional pain response to compromise. We can tell it is still working, because the university's community is still complaining about it. Once they stop complaining, we may have to up the fee.

Miles

Re:Free anti-virus with Internet service purchase!

[hairyfeet]

Actually I would recommend Comodo AV over MSS, and here is why. I have seen several PCs come across my desks in the past few months with users complaining that "something was wrong but I don't know what" and come to find that after several hours, some after specific actions, some for no reason at all, MSS would go "runaway" and consume nearly all the CPU and thrash the hell out of the drive, even though no scan was scheduled or new files added.

Now don't ask me why it did that, fuck if I know, I'm not an expert on security scanning engines, just a humble PC repairman. I gave up finally on MSS when I myself experienced a "runaway" on my own PC. I had done the same thing I had done a thousand times before-loaded some files into IMGBurn for backup, when MSS went runaway and started sucking up nearly 90% of all 4 cores and thrashing the hell out of my hard drive. Since I had a service call to do I figured "well I'm sure it will be finished doing whatever by the time I get back" but when I got back nearly 3 hours later MSS was still thrashing away. I tried excluding the folder IMGBurn was to burn files from, no luck. The only way I got it to stop was to uninstall it. That's when I decided to go Comodo for my Windows 7 like I had for my XP machines and stop recommending MSS.

So I don't know if an update borked it or what, but I'd stay away from MSS for the time being. As for this "tax"? Total bullshit, as it is NOT the users fault! I repeat it is NOT the users fault, as every damned OEM kills autoupdates at the factory and the users don't realize when they buy a new machine it is crippled. All of the machines that have crossed my desk in...oh it must be at least since SP2 for XP, have been pre-activated with some lame "HP_User" style account with autoupdates turned off, and often a horribly out of date AV POS trialware that was useless before the customer even opened the box. Every customer that leaves my shop has a full working AV and autoupdates turned on and I almost never see them for virus problems, the few that do let their kids run wild or are the "must click on teh buttons!" types and there really isn't anything you can do about PEBKAC.

If the OEMs didn't cripple their machines before they even left the factory I'm sure the number of infected PCs would drop right off the charts. Why in this day and age they are allowed to get away with such intentional crippling of PCs is beyond me. To use a /. car analogy, nobody would expect their brand new car to have the locks tampered with at the factory, would they? So how come the poor user is expected to be an IT guy when sane policies from the factory would get rid of a huge amount of problems?

Taxes are already paid.

[HungryHobo]

Taxes are already being paid on online transactions and a cut of every bill from your ISP.

The government can't handle the internet due to incompetence, not lack of money,

Re:Taxes are already paid.

[nurb432]

Personally, id rather the government stay out of my business.. If you demand they 'fix the problem', then they will be in your face every second you are online and you wont like the result.

Tax Credit?

[Chris+Lawrence]

Do Mac or Linux users get a tax credit?

Re:Tax Credit?

[LostCluster]

New Hampshire believes in an environment where tolls, gas taxes, and registration fees pay for the roads, property taxes pay for police and fire protection, those who get lost in the woods are billed for their rescue, hunting licenses pay for the regulation of hunters....

Basically, they have no sales or income tax, but you've got to pay for what you use. Want to save money? Stop doing wasteful things!

Microsoft wants others to pay for its mistakes?

Who do they think they are, bankers?

I totally agree

[pilgrim23]

Considering 99% of all infected machines out there in userland are running some Microsoft product; Microsoft SHOULD be taxed for each and every one of them, It is fortunate we have such an industry leader as Microsoft, fessing up to their own damn foolishness and offering to make good.

Re:I totally agree

[Entropius]

Windows Update, by default, installs random DRM bullshit, Windows Media bullshit, WGA bullshit, and lots of other things that are not security patches. That motivates a lot of people to turn it off.

Tax Microsoft operating systems

[Animats]

A special "insecure software" levy on software responsible for more than 10% of "owned" machines on the net would be more appropriate.

In other words,

[overshoot]

Get the rest of us to underwrite cleaning up after Microsoft's sloppy software.

It's not so much the principle of the thing as it is writing into law Microsoft's PR message that bugs in their software are "Computer Problems" or "Internet Problems."

On the other hand, if the charges were discounted for running non-MS systems, I might change my mind.

Re:In other words,

[HalfFlat]

Thanks to Microsoft, the typical computer user believes that sporadic crashing is unavoidable, machines and programs must be restarted periodically if they are to maintain efficiency, and that the threat of viruses is the price paid for the convenience of email. It has come to the point that recently, when trying to explain that it was important for long-running (scientific number-crunching) code to be careful about memory management, the people I was talking to refused to believe it was possible that a program could run for over a week without slowing down. Trying to convince people that the overhead of ECC in cost and speed for computers destined for number crunching is worthwhile is hard when they believe crashes and instability are as manageable and predictable as bad weather.

Remember the days of breathless warnings about emails, which if read, would destroy your computer? And how Microsoft made the dream come true?

I should not be surprised at the gall of Microsoft to suggest that this world-wide problem, born from their neglect and short-sightedness, should be addressed with public money.

Like all new government programs

[operagost]

1. Start a new program
2. Institute a new tax
3. Collect the tax, but don't put it in a lockbox.
4. Taxes are thrown into the general fund, where they're used to buy favors from senators and congressmen.
5. Program has no funding, is cut back and made useless except for an overpaid bureaucracy that does nothing.
6. When fiscal conservatives propose scrapping the program, they are instead blamed for the shortfall and taxes are raised to "fix" it.
7. Repeat from step 3.

I see how this works

[SoTerrified]

Police: "This is a fine store you have here"

Shop Owner: "Yes, I'm quite proud of it."

P: "It would be a shame if something happened to your store... But for only 20% of your gross, we could protect it."

SO: "But, I have no crime in my store. I have state of the art security cameras, proximity alarms, private security guards. I've spared no expense and made sure my store is secure"

P: "True, but you see there's another shop down the street and it gets broken into every week. Someone has to pay for that."

Re:I'm paying for WHAT?

[Sponge+Bath]

Everyone benefits from an internet largely free of infected machines. Just as everyone benefits from an educated and healthy society.

why not a fine instead

[NiteShaed]

Why is it if you drive a car that's unsafe to operate and something happens, nobody thinks twice about the fact that it's the owner's responsibility and when they are hit with a fine everyone just nods, but if it's a computer that's in poor condition (ie: infected), it's an issue that the community must bear to clean up. I realize that not everyone is technically adept and able maintain their machines adequately themselves, but I don't want to pay for them. They can hire someone to maintain their machines for them, much like most people do for their cars now, and perhaps the fine could be waved or reduced if they prove that they were current on their maintenance and somehow still got hit. Hell, it'd be a potentially decent revenue stream for repair-shops and even ISPs that want to offer some kind of maintenance package.

Of course, the problem here is that people don't feel they should pay for anything to do with a computer other than the price-tag they see when they go to BestBuy. They'll scream blue-murder if they're told that they actually have a responsibility, both financially and in how they operate their machine. Most people want to treat a computer the way they do their microwave oven, buy it, and if it breaks, replace it, but never, ever have to spend any time or money on maintenance.

So long as I get a tax credit

[h4rr4r]

I support it if I get a tax credit for not having any windows machines.

Re:I'm paying for WHAT?

[Zencyde]

But I DON'T benefit from an educated and healthy society! Have you seen our society? It's only healthy and educated by society's standards. But not MINE. Fuck you and your Internet tax I know how to freshly install a damn operating system when I need to.

How about we tax MS instead?

[Dracos]

The company who is nearly single handedly the reason why there is an anti-virus industry wants a tax to pay for malware removal? F#$% off.

We should fine MS $1000 for every infection on systems running their software. IE and Outlook exploits could probably pay off the US national debt in 10 years.

Ah.. the registry.

[0ld_d0g]

Actually the registry was a rather benign concept. It was originally designed to host OS settings in a convenient central location (with redundancy ofcource) to enable easier migration from PC to PC, easier group policy management, etc

Apps ofcource were too lazy to come up with their own damn 'INI files'-equivalent and abused the registry to store their own mess. System "tweaker" and other "cleaner" programs started to fuck with internal windows settings that Microsoft had no plans to expose to the end user causing even more problems. Thus its became this giant cluster-fuck that it is now, primarily because of backwards compatibility and previous strategic mistakes on the part of MS.

They should have kept the registry API hidden and not allowed apps to write their shit all over the place (ofcource 95 was a shitty OS and didn't have ACL like features, therefore forcing MS to have XP run as Admin by default to allow access to the entire object manager namespace for all programs)

This backlog of poor decisions finally caught up with them and they had to 'take a hit' (PR wise) finally with vista and the draconian UAC forcing app vendors to write apps w/o assuming admin privileges. Better late than never I'd say...

Re:Alot of free anti-virus options

[__aasqbs9791]

You know, I was going to point out that most people have some idea of how their car works, and how to do so safely, even if not the actual details, but then I recalled all the crazies driving down the freeway putting on make up, or shaving (I saw some guy doing that last week, talk about asking for a 'close shave'!), etc.

And then there's my wife, whose car's engine seized a couple of months after we moved into together. When I asked her when her last oil change was, she said (with a straight face), "Two years ago, I think." So I guess I can't really argue with you at all. Sadly.