Microsoft VP Suggests 'Net Tax To Clean Computers

Ian Lamont writes "Microsoft's Vice President for Trustworthy Computing, Scott Charney, speaking at the RSA conference in San Francisco, has floated an interesting proposal to deal with infected computers: Approach the problem of dealing with malware infections like the healthcare industry, and consider using 'general taxation' to pay for inspection and quarantine. Using taxes to deal with online criminal activity is not a new idea, as demonstrated by last year's Louisiana House vote to levy a monthly surcharge on Internet access to deal with online baddies."

Tax Credit?

[Chris+Lawrence]

Do Mac or Linux users get a tax credit?

Re:Free anti-virus with Internet service purchase!

[snowraver1]

Microsoft Security Essentials is free too, and works pretty good.

I totally agree

[pilgrim23]

Considering 99% of all infected machines out there in userland are running some Microsoft product; Microsoft SHOULD be taxed for each and every one of them, It is fortunate we have such an industry leader as Microsoft, fessing up to their own damn foolishness and offering to make good.

I see how this works

[SoTerrified]

Police: "This is a fine store you have here"

Shop Owner: "Yes, I'm quite proud of it."

P: "It would be a shame if something happened to your store... But for only 20% of your gross, we could protect it."

SO: "But, I have no crime in my store. I have state of the art security cameras, proximity alarms, private security guards. I've spared no expense and made sure my store is secure"

P: "True, but you see there's another shop down the street and it gets broken into every week. Someone has to pay for that."

Re:I'm paying for WHAT?

[Sponge+Bath]

Everyone benefits from an internet largely free of infected machines. Just as everyone benefits from an educated and healthy society.

Re:Free anti-virus with Internet service purchase!

[Lendrick]

Can't be bothered?

Have you *used* anti-virus software lately? It takes over your computer and bogs everything down by scanning at irritating times, like every file access.

I don't use anti-virus software, except for the occasional one-off malware scan. I don't get viruses because I don't do stupid shit.

* I don't trust free downloads unless they're open source, or a google on "$SOFTWARE spyware" comes up clean.
* I don't browse porn (or anything else) on internet explorer.
* I don't browse porn with adblock turned off.
* I don't download stupid free desktop frills, like smileys and crap.
* I don't open obvious spam, even if it appears to be from my friends.
* When a webpage informs me that it has SCANNED MY COMPUTER and VIRUS DETECTED, I remember that I did not, in fact, install a virus scanner, and that the message is fake, and I do not have to install their special software to fix it. Instead, I close the web page.
* When doing p2p file-sharing, I use clients that are well known and spyware free.
* I don't put audio CDs into my machine when I'm running Windows, because they might install rootkits.
* I always click the "advanced" button when I install software, because that's where they hide the fact that they're installing a bunch of extra shit I don't want.
* Under no circumstances do I *ever* install Norton, which in my experience is far worse for performance than any virus.

Re:I'm paying for WHAT?

[Zencyde]

But I DON'T benefit from an educated and healthy society! Have you seen our society? It's only healthy and educated by society's standards. But not MINE. Fuck you and your Internet tax I know how to freshly install a damn operating system when I need to.

How about we tax MS instead?

[Dracos]

The company who is nearly single handedly the reason why there is an anti-virus industry wants a tax to pay for malware removal? F#$% off.

We should fine MS $1000 for every infection on systems running their software. IE and Outlook exploits could probably pay off the US national debt in 10 years.

Re:Free anti-virus with Internet service purchase!

[Anonymous+Psychopath]

Microsoft Security Essentials is free too, and works pretty good.

AFAIK, it doesn't work on pirated Windows, nor does it work on Win2K.

It does work on pirated Windows. Not that I would know, myself. But some guy told me. I think he lives in Canada but I don't remember.

Re:Free anti-virus with Internet service purchase!

[pookemon]

See I read your rant, and the one above it as "I used Norton's once so all virus scanners are bad".

I've been using Avast for the last few years. Free for home use and a damn good product.

A) Sure it updates almost every day - but it has almost no impact on my network (and I'm from Oz where "Broadband" means a bit faster than dial up).
B) Its impact when scanning is not noticable. It scans the file you modify or try to open.
C) WTF? What defaults? The "I can download and run viruses by default" defaults?
D) Avast 99% of the time is a pair of icons in your system tray. If the look and feel of your virus scanner is one of you concerns then your worried about the wrong thing...
E) Avast doesn't constantly use CPU time. A decent virus scanner of any kind would us OS Hooks to identify when it needs to look at files/processes. It won't need to be doing anything unless you are and then it only needs a quick look at the file/process to see if it recognises it.
F) Avasts free license expires every 12 months. It takes around a minute to renew. Big deal.
G) *sigh* Seriously. There are millions of gamers around the world that have virus scanners installed. There's also quite a number of game developers with virus scanners installed. When was the last time that you read that your virus scanner should be disabled before playing game ? Sure the downloads of updates can cause a few moments of lag - but big deal.
H) I'm sorry but WTF? Sure Sony's rootkit can be considered a threat. But REAL threats are actually more things like Confiker, Trojans etc. Viruses etc. that (a) might destroy your PC, (b) be used as part of a botnet, (c) steal your personal data etc.

You're worried about how you virus scanner looks, and a slight interruption to your gaming, but not about the impact of having a virus. The fact that that virus may wipe your machine, cause your machine to be responsible for attacking other machines, or cause masses of SPAM e-mail to be sent out doesn't concern you? I take it then that your ISP doesn't care that you might be responsible for infecting other machines, sending SPAM etc.

Take your tinfoil hat off and go out and get some sunshine.

Re:Free anti-virus with Internet service purchase!

[dweller_below]

Maybe the route some universities have taken of fines and downtime for those caught spreading malware or spam, knowingly or not, is what we need.

I do IT security for one of those universities. Our IT is extremely decentralized. There are some central services. The network is managed centrally. But the majority of the computers are managed by individuals, departments, and colleges in whatever way they see best.

We charge a reconnect fee as part of our standard network security incident response. When we determine that a system is compromised, we disconnect it, and notify the owner. We reconnect it as soon as the owner pays the reconnect fee. The fee is $25 for the first reconnect and $50 for each reconnect after the first time. The fee is not kept by Security. It is transfered to the university Service desk.

It may sound silly, but we can demonstrate that the reconnect fee is our single, most effective security measure. We have detailed data on detected compromise for years before and after the beginning of the reconnect fee. When we started imposing the reconnect fee, our rate of detected compromise dropped to 1/10th the prior level. We believe that prior to the reconnect fee, people really felt that there was no reason to worry about compromise.

In the years that we have been doing this, it has always amazed me that such a small irritation can lead to so much behavioral change.

Charging the entire university for each compromise would not have the same effect. By charging the university entity that owns the compromised computer, we change that entity's behavior. Even when we are effectively moving money from 1 pocket to another. The reconnect fee is always an unanticipated expense. The reconnect fee is always an irritant. In effect, we have created an institutional pain response to compromise. We can tell it is still working, because the university's community is still complaining about it. Once they stop complaining, we may have to up the fee.

Miles