Is quarantining a realistic option? Scott Charney thinks so…

I’ve worked at various companies for many years now where the notion of “test, detect and quarantine” is a reality. During my time at StillSecure we had a NAC product that would do just that. You didn’t have to quarantine an infected or out of policy machine, but you definitely could. My job before that, Visionael Corporation, we had a vulnerability assessment tool that was headed in the direction of a NAC product and we spoke to many potential NAC customers that loved the idea of quarantine.

Scott Charney, Microsoft’s Corporate VP for Trustworthy Computing gave a speech last week at the 2010 RSA conference and talked about the possibility of quarantining infected machines on the ISP’s side in order to stop from spreading these infections. He compared it to rules the EPA has put in place regarding smoking in public places. Chaney said “Then, of course, the EPA comes out with secondhand smoke. Suddenly, smoking is banned everywhere. You have a right to infect and give yourself illness, you don’t have the right to infect your neighbor. Well, the computers are the same way.”

Now I agree with him to some degree. My neighbor that’s on the same ISP as me, or the guy sitting next to me at Starbucks while we’re both on the wireless doesn’t have the right to infect me, but is quarantining really the answer?

I’ve met with hundreds of customers while at StillSecure that were quarantining people or wanted to in the near future. I personally think it’s a great concept, but in my mind it’s not much more than a concept at this point. What’s my issue with quarantining you may ask? Well what do you do with machines once they’re quarantined? That’s my problem.

Look at the average user that would be quarantined. It’s most likely not many of us reading this blog, but maybe our parents or friend’s that aren’t as computer and security savvy. It’s the people that click “ok” when asked to download the latest “Microsoft Security Patch” which links them to www.youjustgotscrewed.com. So given the fact that these people aren’t exactly technology experts, what do we expect to do with them when presented with remediation instructions? I’ve seen some fairly good automated remediation before, but a lot of it still requires turning off a service, installing patches in certain order, knowing which software you have installed on your machine already, on and on and on. That’s just not a realistic option in my view. The most likely outcome would just generate thousands of support calls when people can’t get to the website they were originally trying to go to.

So what’s the answer? Is there a play here for a product company that focuses on “ISP level remediation while in quarantine” or maybe a service company that focuses on “ISP level remediation support”? Maybe, but until then, let’s just allow everyone to continue spreading their technical diseases to everyone else.

…josh

Share and Enjoy:
  • Print
  • Digg
  • del.icio.us
  • Facebook
  • Twitter
March 8th, 2010 in Uncategorized | tags: , , , , ,

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

Leave a comment

Your comment