Microsoft moots digital healthcare tax
Microsoft's Scott Charney believes that a possible solution to malware infected PCs is a digital healthcare service funded by general taxation.
As reported over on ITworld, Microsoft's corporate vice president for trustworthy computing - no, that's his actual job title - Scott Charney spoke to the RSA security conference to suggest a "health care model" for infected PC control.
Under such a model, malware infection would be treated in much the same was a viral infection in humans: a public education programme would alert people to the dangers and offer advice on avoiding infection, while a central service would offer free checkups and disinfection to those computers finding themselves part of the botnet du jour.
The biggest issue with such a solution is, of course, cost. With a programme such as that suggested by Charney likely to cost a significant amount, the suggestion of funding the project like the NHS - with all Internet-connected citizens paying a 'digital healthcare' tax to protect and treat the sick - and treating it as "a public safety issue and [using] general taxation."
With ISPs themselves unwilling to foot the bill to clean customers' computers - despite having their bandwidth eaten up by spam trojans, distributed denial of service attacks, and virus propogation - Charney may have a point: as the Internet become an integral part of every day life for many, the importance of keeping users safe can never be underestimated.
The idea won't be without its problems, however: chief amongst them will be the feeling that, as the majority of botnet members out there are infected due to security issues with the Windows operating system and related products, Microsoft itself - a company which made a profit of $4.17 billion (£2.8 billion) in the financial year ending on the 31st of December 2009 - should be footing the bill, rather than the consumer.
Charney's entire speech can be found on Microsoft's press site.
Do you agree that malware infection needs to become a public safety issue in the same way as general healthcare, or is taxation the wrong solution for this problem? Share your thoughts over in the forums.
Previous Article
39 Comments
Discuss in the forums ReplyCommon sense people! Stay out of sites that can install malware on your PC. Lacking that (and I suspect that would be a rather significant portion of average PC users) install an antivirus/malware program or get someone to do it for you.
i advise my customers to set 2 different profiles, 1 for the adults, and a limited 1 for the kids
i advise them to scan their computers with antivirus, and antimalware software, i advise them to at least check windows update the second tuesday of every month. etc etc
Naaaaa, just kidding. I've never heard such a terrible idea. It's up to us nerdier people to help out the less tech-aware. Also it's up to the computing department in companies to not get their companies PCs infected... DUH!
they could block known adware/spyware networks.
We work for ISP who disconnects such PCs from internet. People than have to "clean" their PC and make a call to ISP to get their PC connected to internet again. If it happens 3 times per month they have to pay for reconnecting. It actually makes these people do something about it and most of them buy a decent antivirus...unless they've got some "expert" friend who installs cracked antivirus infected with some deluxe malware and make them spend more money on reconnecting than on legal AV software :D ...
You already pay for the fact that people smoke, drink too much, don't exercise, drive badly or have kids knowing they will be ill from genetic diseases like asthma etc
/devils advocate.
yaaaaaayyyyWHAT?!
As for saying that it's MS's fault, come on now. Yes, there are security issues with windows, but the vast majority of infections happen because users are uneducated/greedy/cheap etc.
If you drive your car through a bed of nails and get a flat tyre, it's not Michelin's fault.
As long as the company has made/continues to make reasonable efforts to maintain/improve the security of its products, all is fine. The main reason Linux/Macs/ARM don't have as much malware as Windows/x86 is because they have a much smaller user base.
I would wager that most of the users on this forum, for example, run their windows/x86 based PC's for months or even years without getting viruses/malware. Therefore, it is possible, therefore, there is at least some user-component to most infections, therefore Microsoft isn't solely responsible and shouldn't have to foot the whole bill.
I was ranting about the average pc user the other day.. they really do need something that's idiot proof and fast like kaspersky- something that does it's job without any configuration
alot like gaming today =] the end user isn't the same as it was years back.. we could record demos and trade small demo files like in quake- allowed you to edit pov in editors.. today the console crowd can barely work a nice ui, they just want to play (can't wait to smash those buttons).. we don't see nice bucktooth features anymore
same thing with the people on the botnet.. they just use it for certain tasks and don't want/care to configure anything.. if we could somehow figure a way to protect those machines (force integrating av into windows update sounds like a good plan) with options for better users to do whatever they want.. it can only help imo
the tax part.. who knows what that's all about- like mentioned we get over taxed for almost everything
99% of Fake ware or botnet software that gets installed is there Own fault for letting it install even under XP you norm get at least 1-2 warnings under Vista or win7 you get 2-4 warnings (i am takeing the pop up blocker into account as well the run save cancel warning and windows UAC prompt )
Microsoft should not foot the bill for User fault actions, with Vista and win7 i call the UAC the do you wish to install this virus button Yes/No (most click Yes......), the User should Foot the bill not every one els when they do things that they should not do
at some point i may start to offer protected services for some of my customers, the admin account will be passworded and they have 2 limited accounts with Full UAC turned on
i have seen some ISPs that do that not sure who thought,
most anti virus should make it far more easier to report virus file's faster (like if you scan one file it should give you the option to remove it and then report it)
like the other day i just got an pc back on the internet (not virus related) and just as i was going to leave he was about to open an DHL virus nearly taken his head off as he was about to press RUN so had to stop him, did not want to waste 1 more hr having to remove that as well
just get soemthing like comodo that when set up properly will stop all viruses or malware in tracks
and software has gotten better, correctly written software doesn't need to trip uac and that leaves you with installers, trojans/virus.. and installers are a one time thing
actually uac isnt that great, it dosnt stop every thing thats why im a firm believer that on top of every antvisus/anti malware program you should have a hips (host-based intrusion protection system) this then stops all viruses and malware from working and infecting important files and this works even if it dosnt detect its a virus
for example my hips pop's up evertime a program tries to edit a system file or registry file (unless i set program to trusted during install or later) and the reason this works so well is becasue it treats all programs as untrusted untill you tell it otherwise
http://news.bbc.co.uk/1/hi/technology/8547453.stm
Hey Microsoft: How about you pay for every people that lose/have lost data and every office that has lost time because of computers crashing because of your unsafe/unstable OS and programs?
Sheesh :)
If people just use common sense in their web browsing, are careful about where their flash drives have been, and use antivirus (I wouldn't recommend my personal method to the common user), there is no need for any form of PC health plan.
actually it does.. windows 7 is another issue with it's whitelist- but vista and windows 7 with the uac all the way up will deny access to key parts of the registry and kernel- and programs from writing themself into other files.. microsoft started to see after vista that the crowd they cater too is pretty much incompetent so they set the default uac up with holes in it
you either run it full up or not at all :D
here's more details on the windows 7 uac exploit http://www.pretentiousname.com/misc/win7_uac_whitelist2.html
it's kinda sad, but when the userbase is so illiterate, can see why they did it
In the same way I like the idea of getting rammed repeatedly by a cactus infected with some sort of SuperSTD that can transfer between plants OR animals
This site by its very nature has a community of tech-savy people that think getting a virus is a sign of having a mental disorder. What you are not realizing is that you are not the majority.
You might be vocal, you might be an entire industry demographic (gaming, modding, gpu's), but you are not the majority.
Libraries and schools (public, private, college, etc) have hundreds of thousands of computers in use throughout the world. Then add in businesses. Not every 9-5 secretary that is checking her facebook while at work is going to realize that by streaming one of her friend's videos she might be infected with a flash-vulnerable virus.
If you ever had to teach your parents how to use a computer, if you remember your behavoirs when you first had a computer, if you stop and realize some people don't care because "its not mine anyway" (any public terminal)... well then you can see where I'm going.
Comparing it to a health-care tax is very very fitting. Think about all the money spent on AIDS, STD, and Teen Pregnancy informing, treatment, and prevention. Most people wouldn't want to pay a tax on THAT either because "I'm smart enough to take precautions against it." Low and behold sometime later, they get something and are the first to bawl that there's no affordable treatment. :(
Linux and Mac are not immune from stupid users either. Yeah, Windows has the marketshare, but that doesn't mean the others are immune. And idiot can wreck a mercedes as easy as a ford taurus.
Microsoft is monopolistic, and has made a TON of money, but I don't think that means they're obligated to foot this bill honestly. It would be cool if MS developed their own Windows Antivirus and shipped it with Windows so that all users could have AV protection and support by default. But beyond that why should Microsoft bear the burden?
Before you rape me for that, stop, and breathe. Windows is less stable then Mac and Linux and has more security flaws. Why? More users. Those who wish to exploit the weak will go where the weak are. Its not prudent investing to infect a Mac and get 100,000 users infected and get their credit information when producing a similar virus for a Windows machine will probably net you ten times that.
Obscurity is your friend. Every Mac and Linux user should tell every Windows user to keep their PC. It allows them to continue their ignorant and unsafe practices without fear because they aren't worth the time of hackers to go after.
If all this comes off sound snotty and snide, I'm glad, because I just read two pages of dreg. You aren't paying to clean everyone else as much as you are to protect yourself from those that aren't keeping themselves safe.
Car insurance, Health insurance, etc --are-- great if you have a brain-fart and somehow hurt yourself. But mostly, its to protect you from someone else and their idiocy. Bindibadgi said it best when he said that we already pay taxes like this.
Think about it. $1 a month, per computer, that is connected to the internet. This $1 goes to the Anti Digital-STD fund-thing that was proposed. Now just gestimate at how much money that is. If its a non-profit organization, imagine what could be done with that kind of funding. And that's for ONE DOLLAR PER COMPUTER. (Or one pound if you're across the way.)
Yet. People would bitch. Just like they bitch about universal healthcare / socialized medicine.
"I don't want to pay for other people's stupidity."
But no one, ever ever, stops to realize: They're paying in case you get hit with a zero-day attack or have a brain-fart and click a bad link, or wtfe that might happen.
You aren't a computer god. **** happens. Pay a dollar, cure digital-syphilis, and stfu. :(
Especially since they can not tell the difference between legal file sharing and copy wright infringement file-sharing and we want these idiots running our anti virus defense....
Add to this that even big name anti-virus and fire wall companies have very bad success ratings. Norton=fail, Bulldog=fail,
Nod32 ok and Sofos ok
I mean if these companies can not pay for programmers good enough then how can we trust a government agency to??
It will also make it a bigger target to infect PC because its now Against the GOV as well.
Just a bit of food for though.
Remember the old chernobyl virus. Even the tech idiots knew about it. Why? There was a cost to not knowing. And if it struck, there was the possibility of it being beyond repair. I bet they would never bother if it was the everyday garden variety virus.
I have to beg to differ on this point. The reason Linux based OS do not suffer nearly as much as Windows is because of how the OS
is designed and has absolutely nothing to do with the User base. *
The other reason which used to be more common, reason for hacks before organised crime got into hack is that Linux based OS's grow through community support and programing. This mean where in windows you have a problem with some part of the OS its tough luck Microsoft doesn't care. Red Hat as an example takes programmers "fixes" and works then in to future updates free of
charge. This all runs through their website.
*So in Windows xxxx the entire OS is open to viral attack. In Linux there is the Kernel (which has sub levels as well) which can not be change by any program running.
Also to install a program you either have to be logged in as "Super User" which you learn to do only when you are installing new programs or changing SU level setting. Or when you are logged in normally a window will pop up and ask for you to input the SU password to install xxxxx program. This means that there are practically no brain-farts and Linux is written totally differently then Windows so when you do get a windows virus it just sits there because it can not do anything.
Like some one who only speaks English wakes up in China, Not even the letters are the same.
The one good thing that came out of this article was that schooling in the use of PCs was suggested. I am 120% behind this as it
is massively important for all future generations. This schooling must be open and include an equal share of common and open source OS teaching. Other wise we will be limiting knowlage and procreating MS monopoly. Even when most will never use other OS it is important that they know of them and how they work. Who uses their Biology or chemistry knowlage after school? Does that
make it irrelevant to our general knowlage base?
These classes need to start early say year 1 where children are most vonerable to Social networks and Online predators. Basically
Each level / year needs to address different issues with using PCs and the internet while also teaching students, how and why a PC works the way it does.
How the xxxx works and what it does like Biology of the PC.
Now I can explain to a 6 year old child how a CPU works (about), but I would go into more detail with an 7-8 year old (just like any other class in school).
The other important thing we must not do is underestimate the abilities to understand technology, that children are thought to have.
Just because "we" didn't know how a CPU worked until we where say 16 for the sake of argument does not mean a 12 or even 10 year old can not comprehend how it works at a basic level.
As you can see this is a very complicated issue and I have not even addresses the OS's Issue yet. I pass that "touch" on to some one els as my knowlage in the matter is not deep enough to explain the importantce both straight forward and more abstract importance of having a large base knowlage.
(for one we do not need to give more power to MS on the grounds that, Oh I grew up on WINDOWS xxxx so why should I learn how to use anything els?) Not suggesting MS is all bad I just believe that is important to know the alternatives and their uses.
problem is the antivirus program can't stop the user from running exe from an web stie due to the site saying they have got 69 errors on the pc and then the user decides to install it now its no longer an free antivirus tool it wants $45 and has disable your real antivirus, active or not most anti-virus software do not pick up malware (80% are not detected {norton seems to be better at it as it even removes the reg keys as well} even ones that are months out that malwarebytes and spybot have been detecting for quite some time)
for the most part its users ignoring the boxs and installing them with out thinking or think its an good thing to install or want it to go away so they install it so the nag box goes away, i do not mind to much as it gets me money for fixing the pc's and it norm does not happen again as i norm explain to them on what not to do and keep an working antivirus on there pc
Well... M$ has created the Microsoft Security Essentials product that while it may not be shipped with the OS, it is free to download. Although, I don't think that there is widespread knowledge among the masses about this product. I had forgotten about it myself until a buddy of mine reminded me when I put together my new system. I've run it since mid December and have had no issues.
This i could never understand. The company that made the OS with the security flaws is now supplying the programs that plug the flaws? Well why didn't they just patch the flaws in the OS with a update? It's not as if the security essentials don't need updating anyway.
Its a good bit of kit. I think windows don't ship it with the OS after the crap they've had with explorer, windows media player etc. Dam in the UK you now get two types of the same OS the normal and N??