That's today's security paradox : botnets have become the staple horse of Internet crime and nuisance, and yet it seems very few effort is made to get rid of them, except within the (purely voluntary based) anti-botnets community.

We met with RSA's chief scientist Dr. Ari Juels and asked him what technical measures could help foil the botnet plague. As a researcher, Dr Juels only deals with the technical aspect of the botnet question. In a next installment of our interviews, we will go political and ask ISPs why they don't seem to care that much about botnets.

But for now, Dr Ari Juels gives us his view on three promising techniques to help fight botnets : 

• Virtualization : "we start to see virtualization used today to setup a safe perimeter around the browser. That way, anything able to exploit a vulnerability within the browser will be confined to a virtual environment. But this not quite enough : if the user wants to download and install a piece of code, he still has to make the decision to trust it or not. So the use of virtualization in that area will have to evolve. For example in making the antivirus reside outside the current environment, so it can have full control on what's going on. Instead of just isolating the browser, the whole system would be isolated from the antivirus".
• Digital Rights Management : "DRM, used in the context of the Trusted Platform Module, will probably have a part to play in this too. Right now, TPM is not an option, it's not going to work. But with a more flexible approach and the right tools, it could provide a system with a trusted code to start with. Associated to virtualization, it could be used to check parts of the system that are outside the virtualization realm for example".
• Secure logging : "by making PCs log everything that has been installed to them, we would be able to determine the security state of the client in a more sensible way. Of course, that log itself should be protected. Forward secure logging is one solution, encrypted logs is another. In all cases, the goal is either to know exactly what has been installed on the system (if the log is still present and unaltered) or to know right away that the client has been most likely compromised if the log has been tampered with or deleted".