An all in one SOHO router/wireless bridge/etc for technically savvy people to install for their un-savvy family members to help prevent/stop malware.
Perhaps addable to the DD-WRT firmware, this is firmware and/or a router from an established company which does the following:
periodically
calls home to receive a blacklist of IP addresses/torrents/communication protocols+specifics/etc that are known malware hubs and activities.
heuristically analyzes your traffic for unusual behavior (also updatable via external interpreter).
When malware has been detected to be on a particular PC, one of a few things will happen, based on setup/prefs:
1)that PC's network connection is shut off and all web page requests are fulfilled with the router's internal warning "Grandpa, call your grandson/daughter, your computer needs to be checked out." + a cute pic of a computer with a thermometer and ice bag.
2) a warning light and/or buzzer comes on on the router
3) email is sent to a predetermined address ("go fix grandma's computer, she tried to win a million dollars again"
The router could also provide more details as to the nature of the attack, so the repairperson could determine if bank accounts need to be changed/etc (was it too late, or was the data stopped before it got out? Or was it just a DDOS that got stopped in its tracks?).
Obviously, all of the blacklists would be optional, and could come from multiple independent sources chosen by the admin.
The router's login and auth would have to be over https and initially set up from a trusted clean computer.
The utmost amount of care would have to be made when programming such that malware to disable the router's functionality/insert empty blacklists/heuristics files couldn't easily be constructed. I won't go into the myriad ways things would have to be protected, as I am not an expert and that is not what this idea is mainly about.
Grandpa also can't know the router's password.
The heuristic analysis would likely only trigger option #3, for obvious(?) reasons
The obvious implications are that this could make the botnet programmers work a bit harder to obscure what they're doing (encryption to anonymizers, etc) , but in theory, given decent heuristics and up to date firmware, most activity could be detected and cut off or notified. Even if the malware is updated before detection this time, it could be caught in the next round of router updates.
Even if the data being passed couldn't be determined, the method/destination by which the data are being transferred could potentially provide enough evidence to signal someone with the capability of verifying and fixing the problem (or whitelisting/telling the router that everything is okay)
All firmware would be open source so as to allay most peoples' fears about who is getting the network data and what is happening to it.
If the programmers are really feeling proud of themselves, they could implement a secure remote administration method by which a technician could potentially check into/fix some problems. This would open up more avenues of attack, of course.