I'll state up front that I know nothing about botnet formation, architecture or the like.<p>Simple question: is it possible for operating system manufacturers to send out an update (forcibly, preferably) that detects and disables networking on infected machines?<p>Alternatively, would it be possible to send out an OS update that could detect infected machines and report back IP address communication to/from the machine? This could possible be processed (in a 'big data' fashion) to narrow down botnet control paths?<p>I'm sure there are any number of ethical/privacy related reasons against this sort of action but we're speaking hypothetically.