His proposal, presented at the International Security Solutions Europe (ISSE) Conference in Berlin, Germany, is for all computers to have a "health certificate" to prove that it is uninfected before it connects to the net.
"Although the conditions to be checked may change over time, current experience suggests that such health checks should ensure that software patches are applied, a firewall is installed and configured correctly, an antivirus program with current signatures is running, and the machine is not currently infected with known malware," he wrote in the accompanying paper.
The BBC article: http://www.bbc.co.uk/news/technology-11483008
The paper: http://www.microsoft.com/mscorp/twc/endtoendtrust/vision/
Link to Original Source