Microsoft (NASDAQ: MSFT) has spelled out a plan modeled to block botnet-infected computers from the Internet. Coined as "collective defense," the proposal is modeled after public health measures and outlined in a paper by Scott Charney, who heads the Redmond-based software giant's trustworthy computing group.

The radical suggestion involves PCs presenting a "health certificate" listing its security posture, such as whether it is fully patched, runs a firewall, security software and is malware free. Machines deficient in any of these areas are required to install the requisite software patches; infected machines might be quarantined from the Internet altogether.

In a blog post, Charney argued that "Just as when an individual who is not vaccinated puts others' health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society." The blog was posted on Tuesday, and it has since attracted more than 70 comments at the time of writing.

Some of the posters derided Microsoft for making insecure software in the first place, while others are more constructive, pointing out glaring holes in the idea. One user "Phil" asked "however, say your AV is out of date as you've not been online for a month. How do you then get your latest V definition files if you're blocked from the net?" I have my own thoughts on this proposal, which you can read in today's editorial.

For more on this story:
- check out this article at Network World

Related Articles:
Crackdown on Zeus banking scam unearths massive cybercrime outfit
Iran grappling with Stuxnet worm
Microsoft release security advisory about remote DLL flaw
Antivirus defenses shaky, claims new report