Michael.Dillon@btradianz.com wrote:
How do you get the unwashed masses of ISPs to join the choir so you can preach to them?
Why not just bypass them and go direct to the unwashed masses of end users? Offer them a free windows infection blocker program that imposes the quarantine itself locally on the user's machine. This program would use stealth techniques to hide itself in the user's machine, just like viruses do. And this program would do nothing but register itself with an encoded registry, and listen for an encoded command to activate itself. Rather like a botnet except with the user's consent and with a positive goal.
When the community of bot/worm researchers determines that this machine is infected, they inform the central registry using their own encoded signal. When enough "votes" have been collected, the registry sends the shutdown signal to the end user, thus triggering the blocker program to quarantine the user.
At this point a friendly helpful webpage pops up and guides the user through the disinfection process.
Unlike antivirus software, the application on the user's computer does not need to detect malware and it needs no database updates. It does only one thing and it relies on the collective intelligence of the anti-malware community.
This won't stop worms or botnets, but it will slow them down and it will greatly speed the cleanup process.
--Michael Dillon
Hi Michael, the only problem with that approach is that you think like a defender. As the defense is local to the user's machine, the attacker can just kick it away. -- http://blogs.securiteam.com/ "Out of the box is where I live". -- Cara "Starbuck" Thrace, Battlestar Galactica.