

Should governments vaccinate computers the same way they vaccinate children? - araneae
http://www.newscientist.com/article/dn18635-innovation-sending-botnets-the-way-of-smallpox.html

======
CWuestefeld
Upvoted because it's interesting that they're thinking like this, and relevant
to HN. But it's still a horrible thought.

 _He says internet service providers (ISP) should have the power to sever
internet connections if they detect a subscriber has infected computers_

They have that potential now. They just need a service contract that allows
them to do so, and it's as good as done. I can only interpret the fact that
they're not doing so to mean that ISPs believe the cost of doing so exceeds
the costs of dealing with spam, etc.

 _When an ISP detects that traffic flowing across its infrastructure bears the
hallmark of a botnet - such as data being directed to a blacklisted address or
sudden torrents of email traffic from a single machine - they would be
empowered to quarantine their subscriber, destroy any malware found on the
user's machine, and vaccinate it by installing the latest security software._

What a horrible idea. Cutting the user off is one thing. Forcibly applying
security software is something else entirely.

Without a knowledge of how my system is set up, they're as likely to destroy
it as to fix it.

For them to do this in the first place, they'd need root access to my system.
I can't even begin to enumerate the ways this is bad.

And it's probably not effective anyway. If there's an official security
software, or even a small list of them, it creates an easy target for the bad
guys to work around. They'll build their attack code with the knowledge of
what they need to avoid.

~~~
arohner
_And it's probably not effective anyway. If there's an official security
software, or even a small list of them, it creates an easy target for the bad
guys to work around. They'll build their attack code with the knowledge of
what they need to avoid._

Virus writers already do this _today_. They acquire a bunch of current AV
programs, and test the virus on boxes with up-to-date AV. They don't ship the
virus until it passes that test case.

~~~
CWuestefeld
That's true, but this would exacerbate the problem. Right now there's a
relatively large list of possible AV programs that they need to get around.

But if it were known that, e.g., Comcast has a contract with McAfee to provide
AV software, then the list becomes shorter, and may make it easier to target
specific populations.

~~~
arohner
I think we're in "violent agreement". I absolutely agree the suggestion is a
bad idea, and this will make it worse. My original comment was intended to
bolster your argument.

I can't find the link right now, but a story claimed that the top 3 AV
programs covered 75% of the market. I don't think dropping to 1 program to
test against strains the virus writers significantly.

------
fierarul
I don't know any statistics but I would say that the number 1 problem here is
Windows and the almost-mandatory need for an antivirus they are trying to
enforce.

So on one hand you have a widely-used but broken product (Windows) that needs
another usually costly product (the antivirus). Both need to be kinda up-to-
date in order to have this run smoothly and virus free.

So I'm not certain the government could just "vaccinate computers" (by
upgrading Windows/antivirus): just think of the user-level applications
incompatibilities.

But the governments might think about what does it mean to have a critical
global infrastructure product that depends only on one (foreign) company:
Microsoft. I wouldn't like that... So while nationalizing stuff doesn't sound
really nice, perhaps the government(s) should start defining some regulations
on the quality of Windows as well as a control body. But this is an even less
reliable, corruption-sensitive, bureaucratic situation.

In the end perhaps it's best we leave things the way they are.

~~~
eru
In Germany there have been some initiatives to use open source in the
government.

If nothing else, more diversity is good against class action breaks.

------
stuff4ben
I think a better option would be mandatory training before being allowed to
use a computer. Just like we certify you to be able to drive, you should be
technically competent enough to use a computer. Taking the driving metaphor
further, the gov't could enforce the use of security products to protect
yourself much like we enforce the use of seat belts here in the US. We don't
force you to wear seatbelts but if you're caught without one you get a ticket.
No antivirus and running Windows? That'll be a ticket and a fine. Oh yes, I
said "fine". Never underestimate the governments willingness to "tax" it's
citizens.

~~~
wendroid
over 40 million people have died in car crashes. That license thing doesn't
work so well.

------
allenp
The difference is that with a human you vaccinate at a much lower frequency.
With a computer you have weekly anti-virus updates, many different software
programs to patch (not just the OS), and all the complexity of running a huge
variety of software on a huge variety of hardware.

The simplest solution would be to compel operating system manufacturers (not
consumers) to provide adequate safeguards similar to what the FCC does to the
airwaves.

~~~
eru
Consumers already have that choice. They tend to prioritize different things.
(Though you could argue that we should interalise the externalities of running
a bad system.)

------
erikwiffin
As far as I know, something along these lines already exists in Canada. Not
the "vaccinating computers" part, but I had a few friends in college who had
their internet cut off until I ran a virus scan on their computer.

It was a pain in the ass, but I'm sure the ISPs appreciated being able to cut
off infected PCs from their networks.

------
jcnnghm
It's too bad the author is writing for a prominent website, instead of
terrorizing a homeowners association somewhere. It should be abundantly clear
to anyone that has ever dealt with the government in any capacity that the
incompetence is thorough and complete, yet people continuously invent new
brilliant ideas to inject them into everything.

