When enough "votes" have been collected, the registry sends the shutdown signal to the end user, thus triggering the blocker program to quarantine the user.
Isn't there a risk of DoS though? What's to prevent someone from "spoofing" those signals and shutting down other users?
The signal would be encoded using a unique key. I would also expect that the choice of listening port would be somehow randomized and registered in the central registry to make it less of a DOS target.
Relative precautions would need to be taken, but to be sure, the end-user needs the ability to override the system. Thus leaving us in the same situation as before. Firewall? I don't need no stinking firewall..
I see no reason why the user needs the ability to override or remove the software. After all, during normal operation it does nothing at all therefore it does not interfere in any way with machine operation. The intent is to make it virtually impossible to remove this software so that a virus or worm cannot remove it either.
Sure it does.. It doesn't need to remove it, per se, but it will need to know what the infection is so it can give the correct disinfection instructions..
If the quarantined state keeps open a port 443 connection to a specific trusted webserver run by the group of trusted security researchers then the specifics of combatting the worm can be made available on that site. If necessary the site could upload ActiveX controls to do malware scans or recommend the installation of such software. --Michael Dillon