SAN FRANCISCO — Microsoft's Scott Charney is pushing forward with a proposal for a public health model to stem the damage by botnet malware loads of computers in the world.
During a keynote presentation (see documentation) of the RSA Conference here, Charney trumpeted a "global Internet health model" that uses existing technologies and organizational policies for implementing a system that restricts what can an infected computer on the Internet.
Charney's message was much the same, as it was last year when the head of the Microsoft Trustworthy Computing called on ISPs to be aggressive and take off Internet access to infected computers.
This year, Charney took his message further, suggesting that computer users can opt into a Web-based program that provides warnings when there are security risks identifies.
Charney "Inform in advance individuals of security problems or configuration issues provides a first step in transforming computer security posture from reactive to proactive power," he added.
In an accompanying white paper (.PDF), Charney suggested that the concept of health device could benefit from a more aggressive approach to identify infected devices. In particular, has requested an analysis and hte data sharing by sinkholes, network traffic and telemetry product to identify potentially infected devices.
"If a device is known to be a threat to the Internet, the user should be notified and the device must be cleaned before they are allowed unrestricted access to the Internet while minimizing the risk of infected device or otherwise contaminate other devices interfere with legitimate activities on the Internet," said Charney.
In most cases, Charney said that this can be done with current technology across multiple systems and platforms and stressed that Comcast already is making attempts to quarantine dirty machines.
"It is our view that approaches like this needs to be expanded significantly, even at a global level," he added.
On the consumer side, said that we need a mechanism to clean computer demonstrate their "good health" (health certificate) without rendering systems more vulnerable and less reliable, or providing a conduit for the loss of private information.
Secondly, the mechanism that produced the health certificate must be trusted (i.e., infected devices should not have a way to fake a health certificate) by combining reliable software as hypervisor 0.14 and hardware items as a Trusted Platform Module (TPM) could allow consumer devices also create certificates of robust health and ensure the integrity of user information. 15 Thirdly, access providers and other organizations must have a way to request health certificates and take appropriate action, based on information provided. Finally, we must create rules to ensure the effectiveness of this model and supporting policies.
In this model, Charney said a car consumers seeking access to the Internet may be asked to submit a "certificate of health" to prove his status. Although the conditions to be checked may change over time, said that health controls should ensure that you apply software patches, a firewall is installed and configured correctly, an antivirus program is executed with signatures and the machine is not infected by known malware.
If the health certificate indicates a security issue, eg a patch missing or outdated antivirus signatures, Charney said that an ISP may provide a notice that assists you in dealing with the problem of safety or directs the user to resources for reclaiming.
"If the problem is more severe (the machine is spewing malicious packets), or if the user refuses to submit a certificate of health in the first instance, other remedies, such as bandwidth throttling device potentially infected, it may be appropriate," he added.
The idea to quarantine infected users to protect the ecosystem of the Internet is not new, but security experts say that unless ISPs have a financial incentive to implement these patterns, these initiatives will go nowhere.
Ryan Naraine is a journalist and a social media enthusiast specializing in issues of security of the Internet and computers.
No comments:
Post a Comment