On Friday, I wrote about the expansion of Comcast’s Constant Guard initiative to alert its customers when the Internet provider thinks PCs are infected with malware that makes them part of a botnet. I argued that Comcast isn’t going far enough, and that infected machines should be disconnected from the Net until they’re clean.

Now, an executive with Microsoft is calling for the same thing. Scott Charney, the senior vice president for Microsoft’s Trustworthy Computer division, is calling for a global computer health initiative in which systems that are harming the rest of the network are quarantined.

In a post on the Microsoft on the Issues blog, Charney envisions an international system similar to that which monitors human epidemics to come up with policy and procedures for dealing with threats to the Net:

Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society. In the physical world, international, national, and local health organizations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others. Simply put, we need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk. To realize this vision, there are steps that can be taken by governments, the IT industry, Internet access providers, users and others to evaluate the health of consumer devices before granting them unfettered access to the Internet or other critical resources.

Charney also has drafted a white paper (PDF) on the subject.

In his blog post, he lays out the issues in a series of bullet points:

• The risk that botnets present to Internet users and critical infrastructures must be addressed.

• Collective defense can and should be used to help improve the security of consumer devices and protect against such cyber threats.

• A public health model can empower consumers and improve Internet security.

• Voluntary behavior and market forces are the preferred means to drive action but if those means fail, then governments should ensure these concepts are advanced.

• Privacy concerns must be carefully considered in any effort to promote Internet security by focusing on device health. In that regard, examining health is not the same as examining content; communicating health is not the same as communicating identity; and consumers can be protected in privacy-centric ways that do not adversely impact freedom of expression and freedom of association.

Charney’s right in that this is a serious threat, and one that’s growing. While security experts have had a few high-profile successes taking down botnets, the most effective way to stop them is to isolate the swarm. To be really effective, that will require a coordinated effort by many parties.

Yes, there’s a certain irony in Microsoft calling for this action, since computers running the company’s Windows operating system are the primary vectors for infection. Microsoft has come a long way in crafting software that’s far more secure, but unfortunately the bulk of Windows-based PCs are running Windows XP, which is the least secure of the modern Microsoft OSes. Vista and Win7 are more secure thanks to changes in how Windows is developed, but until users dump the outdated XP – and engage in less-risky online behavior – Microsoft’s own product will continue to be a big part of the problem.

Clearly, what Charney’s proposing is not trivial. He wants both public and private sector involved, across national boundaries. This is not unlike herding cats.

It is also fraught with privacy implications, particularly if governments are involved. If governments could agree on a set of procedures to be followed by internationally by ISPs – and then if those government step aside and let the ISPs handle data inspection and quarantine – that could be a viable model.

Of course, when it comes to governments, the ideal never seems to be realized . . .

What I would prefer to see is that ISPs understand that, collectively, they are the Internet. Or, at the very least, they are primary stewards. While disconnecting infected systems raises legal and financial issues, it’s the best way to solve a growing problem.