Microsoft backtracks on ISP-based security checks
Microsoft once suggested that internet service providers need to block online access for computers teeming with viruses but that appeared to have changed this week.
Microsoft vice president for Trustworthy Computing Scott Charney said on Wednesday that the idea he pitched during last year's RSA Conference seemed fraught with flaws and far from being regarded as an ideal safe computing model.
At the last year's forum, Charney had floated his suggestions that ISPs should be responsible enough to scan PCs accessing their internet services and disconnect units that they found were infected by viruses.
The Microsoft executive has admitted that his ideas last year appear not applicable at all as he conceded that "in the course of the last year as I thought a lot more about this, I realized that there are many flaws with that model."
For one, Charney said that most consumers may view the ISP-imposed security scan as not only invasive but also a clear intrusion of privacy.
Also, a quarantined PC that connects over a phone line may hamper the delivery of crucial services such as facilitating for an emergency call, which Charney was not in his mindset last year.
Yet the biggest stumbling block is the measures prohibitive cost that would be carried by service providers "because they're the ones who are gating access to the internet," which is a prospect obviously not rosy for ISPs.
ISPs such as Comcast had tinkered with such experiment but it brought more trouble on customers that convenience and experts said that displeasing clients are not in the list of telcos for fear of compromising their profit margins.
Besides, tech analysts said that forcing security vigilance on consumers would not solve the problem of hacked computers.
That dilemma, however, could be addressed by what Charney called as 'enforced goodness,' where business transactions to a given institution is governed by security checks that consumers can accede to or reject altogether.
Whatever the decision may be will not prevent the processing of the transaction but will only subjected to some form of limitations in order to ward off security compromise. That way, Charney stressed that "the user remains in control, can reject a scan for health certificate," but must deal with the consequences of that decision.