Posted: 15th Feb, 2011 By: MarkJ

Kaspersky Lab's, a popular
Anti-Virus firm that recently received a
Platinum Self-Protection Award from the
Anti-Malware Test Lab for its
Kaspersky Internet Security 2011 suit, has called on worldwide governments and broadband ISPs to consider tough new measures that would allow internet providers, anti-virus firms or the police to "
forcibly remove malicious code" from infected computers.
Kaspersky's Ryan Naraine commented (ITP.net):"I think we have to consider the possibility of allowing either law enforcement in conjunction with antivirus companies - and not just Kaspersky, but the entire industry - or the antivirus companies alone, to forcibly remove malicious code."
The topic was raised as part of a panel discussion on internet security and in particular the problems posed by
Botnets. These are computers that have been hijacked by
Malware (malicious software, such as Viruses or Trojans) and can then be abused by hackers to spew out masses of commercial
SPAM (Junk Email) or as platforms to attack internet servers by overloading them with data requests (
DDoS).
Last year's
Panda Security report estimated that
34% of UK computers were infected with some form of malware and a significant chunk of junk email emanates from those. That is important because roughly 85-95% of all email in circulation is still SPAM.
Still the idea of
forcibly entering an ISP customers computer to remove such a threat carries with it many obvious political, legal and technical problems. For example, legalised hacking could be open to abuse, especially if the computer belongs to a key political or business leader.
There's also no guarantee that you could access the system in the first place and if you could then surely that's something that both anti-virus and software firms would want to fix. Likewise, with 34% of UK computers supposedly being infected, that's an awful lot of doors for the police to break down just to tackle an infection.
One of the more practical panel suggestions was to have ISPs
throttle the internet connections of customers that are known to be running infected computers, at least until the subscriber resolved it. Some ISPs, such as BT Retail, apparently already do this.
Cable operator Virgin Media launched a similar system under its
Malware Defence Campaign last year, which works with third party organisations to monitor the spread of malware around the internet and identify responsible computers on their network. Those identified are then sent warning letters.
Jon James, Executive Director of Broadband at Virgin Media, said last year:
"We’re writing to customers we’ve been told may be infected by malware, encouraging them to check their computers have an up to date security package, such as Virgin Media Security, and offering advice on simple and free ways to disinfect their computer. For those who need a little bit more help we also have our fee-based Digital Home Support service which fixes problems using the latest cutting edge remote control technology."
However resolving the threat is only viable when you can actually identify the infected computers in the first place, which usually requires a computer to be doing a lot of harm before they're spotted. The OECD claimed last year that some of those ISPs that do tackle the problem are still only able to spot a tiny fraction of their infected customer base (
here).
OECD Summary
There are indications that ISPs only deal with a fraction of the infected machines in their networks. For example, in an earlier study we found that a large ISP with over 4 million customers contacted around 1,000 customers per month (Van Eeten and Bauer 2008). Typical estimates of security researchers put the number of infected machines at around 5% of all connected machines at any point in time.
As per usual the best defence is to make sure that your computer is never infected in the first place by installing strong anti-virus software and firewalls, while also using some common sense when opening unknown files or email attachments.
Many ISPs also offer email anti-virus protection by fault and most of the bigger providers even promote included software solutions for added security. That's not to say that anybody is ever 100% secure, a skilful hacker will sadly always be able find ways around common protection.