Symantec have announced that the UK has the highest proportion of zombie computers in the world. 25.2% of compromised machines are here, ahead of the US with 24.6% and China with 7.8%.
These machines are used for sending out spam, hosting phishing web sites, launching denial of service attacks and other kinds of malice, almost always without the knowledge or consent of the computers’ owners. As more people get always-on broadband connections, the problem will only get worse, unless something is done about it. Here’s my suggestions:
1. More readily available anti-virus solutions
When my parents bought their new computer in November, it came with Norton Antivirus 2004. This is a good start, but it only had 3 months of definitions – after those 3 months it would become useless. This seems to be part of a trend – companies selling the product cheaply but charging an arm and a leg for updates. What we need is new computers provided with an anti-virus tool that will work for at least a year before the subscription needs to be renewed.
ISPs should also offer virus protection with their packages. By this I mean installable desktop anti-virus tools as well as scanners for incoming email which will block any messages with viral attachments. Furthermore, their SMTP servers should be monitored for outgoing viruses, although most viruses now have their own SMTP engine so that might not be so effective.
2. Disconnecting of infected users
If a user has certain ports open that would imply infection, or is sending virus infected email, then their connection should be blocked. All requests could be directed to a page notifying the user of the problem and remedies suggested – sites like Windows Update and those of major anti-virus vendors could be exempt from the block. The ISPs could also make quick disinfection tools like McAfee’s Stinger readily available for customers to use.
This would actually benefit the ISPs themselves as they would have less traffic to route, and also benefit the wider internet at large.
3. Microsoft should ship Antispyware and an antivirus tool with Windows XP SP3
I’d bet good money that 99.9% of the infected machines are running Windows. While it’s not necessarily Microsoft’s fault that people have opened attachments that they shouldn’t have, or browsed dodgy web sites which use social engineering to get the user to install a trojan, they are in a very good position to put a major dent in the problem. When Microsoft Antispyware is out of beta, it should be made freely available to download for all users and be included in the next Windows service pack for XP. While I’m unsure if spyware is responsible for the specific problems of DoS attacks and spam, it’s certainly not a nice thing to have on your computer.
There should also be some kind of anti-virus solution included for free. It doesn’t have to be all singing and dancing, just do the job. Those who want something a bit more powerful could still buy a commercial product, like they do with personal firewalls.
If Microsoft and the ISPs did something like this, the internet would be nicer for everyone.