Scott Charney of Microsoft’s ‘Trustworthy Computing’ effort wrote a blog post recently discussing the threats presented by botnets and other malware installed on users machines, where the user is unaware of or apathetic about the presence of that software.
Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society. In the physical world, international, national, and local health organizations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others. Simply put, we need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk. To realize this vision, there are steps that can be taken by governments, the IT industry, Internet access providers, users and others to evaluate the health of consumer devices before granting them unfettered access to the Internet or other critical resources.
I have argued previously against the “there’s nothing important on my computer, so I don’t care” response that some have to the discovery of malware on their machines, and I certainly believe that it is an irresponsible attitude that contributes to these greater threats.
But I am concerned about some of the solutions which Scott proposes — particularly those that might seek to create legislation and obligations on individual computer users.