[w00kie]

I live in Japan.

The main issues I see with this is, rather than just "I don't trust the government":

1. They'll do a scan of all devices then ask the ISPs to provide customer information for the vulnerable IPs found so that the government can contact them. So now you'll end up with a big fat list somewhere with names and addresses next to known vulnerability and that list is bound to leak sooner than later. See "My Number" (Japanese equivalent of social security numbers) leaks recently.

2. This makes for great phishing. All newspapers and TV channels have said you might receive notice from the government about security. Now you just have to send emails or letter claiming to be the government, saying "we have found your network to be vulnerable, please run this program to clean it up" and it's way more likely people will run your malware. FREE Advertisement provided by public funds!

[NZiozis]

I really don't have a rebuttal to your first point. The way people handle PII will always be an issue. My frame of mind comes from the fact that I'd rather some public entity privy to it than a private one like someone lower mentioning Google or Facebook. The second point seems more like a problem with tech literacy than this program. There should be some way to differentiate a government email from a regular one. That and people should understand how to confirm it. Now I get it, I've had family members believe they have a virus because a pop up told them they did, but sitting down with them for 5 mins and telling them not to stopped that. I'm curious, lower someone mentioned the idea that the government was already taking this kind of action. How do you respond to that?