Quarantine your infected users spreading malware

Gadi Evron ge at linuxbox.org
Tue Feb 21 12:35:52 UTC 2006

Michael.Dillon at btradianz.com wrote:
>>How do you get the unwashed masses of ISPs
>>to join the choir so you can preach to them?
> Why not just bypass them and go direct to the unwashed
> masses of end users? Offer them a free windows 
> infection blocker program that imposes the quarantine
> itself locally on the user's machine. This program
> would use stealth techniques to hide itself in the
> user's machine, just like viruses do. And this program
> would do nothing but register itself with an encoded
> registry, and listen for an encoded command to activate
> itself. Rather like a botnet except with the user's
> consent and with a positive goal.
> When the community of bot/worm researchers determines
> that this machine is infected, they inform the central
> registry using their own encoded signal. When enough
> "votes" have been collected, the registry sends the
> shutdown signal to the end user, thus triggering the
> blocker program to quarantine the user.
> At this point a friendly helpful webpage pops up
> and guides the user through the disinfection process.
> Unlike antivirus software, the application on the user's
> computer does not need to detect malware and it needs
> no database updates. It does only one thing and it relies
> on the collective intelligence of the anti-malware community.
> This won't stop worms or botnets, but it will slow them down
> and it will greatly speed the cleanup process.
> --Michael Dillon

Hi Michael, the only problem with that approach is that you think like a 

As the defense is local to the user's machine, the attacker can just 
kick it away.


"Out of the box is where I live".
	-- Cara "Starbuck" Thrace, Battlestar Galactica.

More information about the NANOG mailing list