Why don’t we do for our personal computers what we do for our personal vehicles?
Everyone agrees that polluting cars are a public menace. They use more gas, more oil, foul the air, and help destroy the ozone layer.
So we, as a society, agree to both “tax” and “trouble” to ensure our cars are running cleanly for the collective good (especially here in California).
Tax: We pay biennial service station and smog abatement fees for the privilege of having our cars checked by State certified mechanics and registered with the State.
Trouble: We go to the trouble of scheduling and complying or we lose the public privilege of driving a car on the roadways we all share.
Why don’t we do the same for Computer Bots?
Certainly computer bots are a known and acknowledged public menace.
According to Norton, “Bots are one of the most sophisticated types of crimeware facing the Internet today. Bots are similar to worms and Trojans, but earn their unique name by performing a wide variety of automated tasks on behalf of their master (the cybercriminals) who are often safely located somewhere far across the Internet. Tasks that bots can perform run the gamut from sending spam to blasting Web sites off the Internet as part of a coordinated “denial-of-service” attack.”
And millions upon millions of our computers are infected. According to the APWG Phishing Activity Trends Report for Q3 of 2009, 48.35% of computers scanned were infected. That means that if you have two in your home, odds are tilting in favor of one being infected.
Mandatory Bot Checks for the good of All?
So why not impose a Tax and Trouble for our community of computers running on the public Internet – just like we do for our smoggy cars?
Let us propose that if you have Internet access from any publicly accessible Internet service provider (ISP), your computer must be “certified” bot and virus-free annually.
Oh the hue and cry!
Is it really that much to ask?
Imagine an annual $10 fee imposed on every computer connected to the public Internet through commercial ISPs. The ISPs would collect the fees and pass a portion on to the State. Users would have to run State-certified software to remove bots and viruses which would in turn update the State data base with the “verified” status of the computer’s MAC address.
The ISPs already know the MAC addresses of our Internet connected computers (except of course, of those owned by folks with sophisticated firewalls – and those folks are more likely to have already taken measures to minimize infection by viruses and bots).
Each time a computer attempts to connect to the internet, the ISPs would simply check a State data base before allowing Internet access for that MAC address. The State would manage the annual certification program to be administered by the ISPs on behalf of the State. The State would maintain a centralized database to manage the verification tracking program allowing users to switch ISPs freely.
Does everyone win in this scheme? It seems so.
Users pay for the privilege of connecting the public Internet on accounts registered to addresses with a specific State physical address. This compensation is collected by the ISPs who share the compensation with the State to cover operating and administrative costs. Users who do have bots or viruses end up having their computers cleaned up. Users who do not have bots or viruses benefit by the reduction in spamming bots and communications from virus laden neighbors.
Is the problem big enough?
Just follow the latest in cyber crime – state-sponsored or driven by illegal cartels. The problems are both real and big.
As I was writing this post, news broke that $2.7 Million was funneled by hackers in a cyber crime against Citigroup. Is this a direct result of personal computer infections – perhaps not. It’s not been revealed whether bots played a role in the crime.
Is this solution technically feasible and would it be effective?
Let’s assume that for some significant portion of the population this proposal is both feasible and would be effective. The U.S., Western Europe, and Japan account for about 58% of the world’s approximately 1,500,000,000 computers. Verifying no bots or viruses once a year in only 25% of the 48% infected U.S. computers could eliminate infection of as many as 36,000,000 computers (1.5B x 20% [20 of 58] x 48% x 25%).