Let's quarantine unhealthy PCs from the Internet. So says Scott Charney, Corporate Vice President, Trustworthy Computing. For Microsoft. Using a public health metaphor, Mr. Charney calls for not allowing computers on the Internet unless they have a "health certificate". Note that this is an inversion of the usual public health quarantine model. Usually a person or a ship is quarantined only if they are demonstrably ill with an infectious disease or there is good reason to believe the person is a carrier.
It is an intriguing idea, but it has possible problems. One obvious potential problem is, if we throw the computer off the Internet, how does the administrator get updates, including security updates?
Another one is, who issues the certs? Microsoft? Don't make me laugh. Would you trust Microsoft to certify that your computer is healthy when it runs Linux or BSD? Or OSX? Talk about conflict of interest! I think the public health model gives us a hint: only throw a computer off the Internet if it is demonstrably infected or if the owner acts maliciously. (Which proposal in turn has privacy implications.)
I won't make the usual anti-Microsoft jibes. For one thing, others have done a better job than I would, including the commenters on Mr. Charney's blog.
And for another thing, they're too easy.
A BBC article mentions several other approaches already in action in France, Japan and Australia.
There's a much simpler fix than what Mr. Charney proposes, something you can do right now, without waiting on some international bureaucracy. Save yourself a lot of hassle: go get the world's largest and most effective anti-malware program. Linux. Then learn how to use it securely.