Laws must change to combat botnets – Kaspersky
Experts from Kaspersky say the internet can be cured of botnets, but laws must change first in order to allow access to personal computers from third party companies and law enforcement agencies
Kaspersky Lab has called for changes to legal systems around the world that would allow law enforcement and antivirus companies forcibly access computers being controlled by a botnet to remove the infection, possibly without the permission of the owner.During a panel discussing ways that that the IT industry and governments can combat the problems posed by botnets, several executives at the antivirus company said that there needed to a discussion between governments about how best to combat botnets.The main focus was on changes to the legal system that would allow either law enforcement agencies or antivirus companies, including Kaspersky Lab, the right to take over a botnet, and inject code that would force an infected computer to uninstall the botnet code."I think we have to consider the possibility of allowing either law enforcement in conjunction with antivirus companies - and not just Kaspersky, but the entire industry - or the antivirus companies alone, to forcibly remove malicious code," said Ryan Naraine, security evangelist, Americas, global research and analysis team at Kaspersky.However, some of the panelists raised concerns about the method, suggesting that it could be considered an invasion of privacy. "There have been examples of this method being used by the Dutch police," said Costin Raiu, director of the global research and analysis team. "However, despite its success, it was met by with a great deal of hostility by the public."One issue in the greater debate, was whether users cede the right to have their computers accessed in this way when they fail to ensure that they are kept clean. "The user has to take responsibility for their infected PCs," stated Vitlay Kamluk, chief malware expert, Japan, global research and analysis team. "They are allowing them to be used as cyber-weapons."Look at it another way," he added. "If a user has a gun pointed out their window, and it is being fired randomly at passers-by, then of course the police have a right to enter your property and remove the threat.However, Raiu disagreed with that stance, instead comparing it a hostage situation, where a third party was forcing the user to point the gun out the window. "In that situation, can we really blame the user? And how do you deal with it? Is it the same situation as a hostage situation, or does it have to be dealt with differently?"One solution that was suggested by Vitlay was for operating system vendors, including Microsoft, Google and Apple to be forced into including within their terms and conditions the right for either themselves, or a third party, to enter the user's system without their permission and remove the infection, if the user fails to maintain it.Another solution suggested by the panel - in particular, Raiu - was to encourage the ISPs to throttle traffic from infected machines - a tactic already employed by some ISPs, including UK ISP BT."That would certainly be one way to get their attention, and force them to act, without trespassing on their computer," said Raiu.