Luis Muñoz wrote:
On Jun 27, 2013, at 10:50 AM, Frank Gadegast wrote:
I personally would start at the other end and force Microsoft legally to only have PCs connected to the Internet that have an AntiVirus solution installed and running ...
Not all computers run Microsoft software.
Oh, sorry, I dint know that ...
Furthermore not all computers run *recent* Microsoft software. There's still a very fair share of, for instance, Windows XP machines
With an update mechanism in place on most of them ...
out there. Compromise 50% of them and you'll get yourself a very nice botnet to play with.
The fact that a machine ships with an anti-virus dos not imply that said AV will remain running,
Sure, that why I sayd, that Microsoft should only allow an internet connection WHEN its running.
maintain effectiveness over time, etc.
From past experience, a significant proportion of infected machines in an access ISP network did have an anti-virus installed by the time we had to pull the plug on the customer because they were spewing.
Being proactive in this front will only get you that far.
Sure, but its a good start. Old OSes will die one day, and all others should only be allowed to connect when there is something protecting it. From today on. This would then kill most of the bots ... What I sayd: a good start. And forcing ISPs step-by-step to stop their intruded servers is another good start (and thats what we are starting here, I always thought). Kind regards, Frank
You still need to have a reactive mechanism to respond and mitigate.
Best regards
-lem