This ITworld piece details some of Scott Charney’s thoughts from the RSA conference. Scott is Microsoft Corporate Vice President for Trustworthy Computing.
He does a fair job of characterizing the issues, especially that non-secure PC’s aren’t just a burden to their owners. If they become part of a botnet, then they burden the network which shares the pain even with connected but uninfected systems.
Where his thought process goes astray is in considering a healthcare-like model. You know, because that is working extraordinarily well right now and hasn’t added its own burden of arguments and complications.
I don’t necessarily disagree with the idea of using social systems, including education and advocacy. But we have those already in the form of projects like StopBadWare.org. He seems to be saying that ISPs should take on these additional roles and that cost is the only barrier. Cost, unfortunately, is the least part of the equation. Neither market based solutions or another of his ill-consdired ideas, a new tax on computer users, is going to magically conjure up the expertise that either ISPs or other outfits need to pursue any number of viable schemes to reactively deal with malware.
Of course, here is another thought–how about Microsoft uses a bit of its hefty margin and/or cash in the bank to address the security issues that stem almost entirely from their own operating system?