Valentin's Blog

From a BBC article summarizing the talk of Vint Cerf in Davos

Mr Cerf, who is one of the co-developers of the TCP/IP standard that underlies all Internet traffic and now works for Google, likened the spread of botnets to a "pandemic".

Of the 600 million computers currently on the Internet, between 100 and 150 million were already part of these botnets, Mr Cerf said.

Botnets are made up of large numbers of computers that malicious hackers have brought under their control after infecting them with so-called Trojan virus programs.

While most owners are oblivious to the infection, the networks of tens of thousands of computers are used to launch spam e-mail campaigns, denial-of-service attacks or online fraud schemes.

Technology writer John Markoff said: "It's as bad as you can imagine, it puts the whole Internet at risk."

I think likening the spread of botnets to a pandemic points in the right direction - some of the tradeoffs are similar to those faced in public health. For example the cost of protection (license for the virus scanner and the resulting lower performance of the computer) are born by the user of the computer, but we all benefit from less vulnerable computers, i.e. smaller botnets. Its very similar to vaccination - getting vaccinated caries some risk and the best case for each person is that she is the only one without a vaccination: No risk of getting the disease and it was not even necessary to take the small risk of vaccination.

It is for this reason that government involvement could make us all better off. The government could either reward the positive side effects of protecting a computer by giving away free licenses for virus scanners (the same kind of reasoning that lets governments often pay for vaccinations). Or it could regulate - similar to mandatory vaccinations. It could demand that PCs be sold only with virus scanners valid for at least five years, that each email provider must scan incoming emails and that ISP's must protect their costumers with firewalls... yes, it could make PC's, email accounts and Internet connection more expensive - but the cost for dealing with SPAM, DDOS  and other kinds of cybercrime would decrease.

Labels: Web