First, we need to understand how the good guys can control a botnet. Researchers at TippingPoint Technologies' Digital Vaccine Laboratories explained:

"By reverse-engineering the list of names and successfully registering some of the subdomains Kraken is looking for, we can emulate a server and begin to infiltrate the network zombie by zombie. Stated simply, Kraken-infected systems worldwide start to connect to a server we control,"

Once under the control of a good server, a bot can be ordered to shutdown. All good so far. The concerns arise if something goes wrong. What is by removing bot software, the good guys hose a victim's machine. Who is responsible, the good guy trying to help of the bad guy who infected the device to begin with?

Doctor's face this problem constantly. They want to help their patients but the drugs they prescribe and the surgeries they perform can have side effects and sometimes can go wrong. We can take two pointers from doctors: the Hippocratic Oath ("do no harm") and informed consent.

The researchers were right not to go trying to purge infected devices of bot malware. They could have done more damage than in good in some, albeit a likely small number of ,cases. At the same time, victims may not know they are hosting a bot or if they did know it was there they still don't know how to get rid of it. Again, we can take our cues from doctors. My physician can tell me whats wrong, what my options are and then executes which ever option I choose. ISPs can fill a similar role with malware control.

ISP have an incentive to control spam because it's wasted bandwidth for them. They can also use the techniques researchers described to identify bots on their networks and take them out. The ISPs can get informed consent on a case by case basis or by blanket agreement. A case by case scenario isn't likely to work. Can you imagine getting an email from your ISP asking if it's ok to run a program to remove a bot? Even if it were legitimate many of us would assume it's a social engineering attack.

A more reliable method would be to agree when we sign up with an ISP to allow them to disrupt botnet or other malicious activity from our devices, including removing malicious code from our machines. I'm sure by the time the lawyers got done with this one it would make typical EULAs look like children's stories but we are at the point where we can continue to live with increasingly dangerous botnets or trust someone with the information, knowledge and skills to curb the problem. I know this isn't an ideal solution but then again my doctor isn't perfect - still I'm a lot better off with medical advice and attention than without it.