Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
To stymie the threat of botnets and other malware impacting consumer machines, internet industry stakeholders should ensure the security of consumer devices before allowing them full access to the internet, a Microsoft executive said this week. Speaking at the International Security Solutions Europe (ISSE) conference in Berlin, Scott Charney, Microsoft's corporate vice president for trustworthy computing, called on the IT industry, government and internet service providers to institute a new internet "health model".The "approach involves implementing a global collective defense of internet health much like what we see in place today in the world of public health,” Charney wrote in a blog post. To limit the spread of disease in the physical world, society is educated about basic health risks and how to avoid them, he said. In many schools, students are required to be vaccinated before admission and ordered to stay home when sick. Additionally, world health organisations identify, track and control the spread of disease and can, when necessary, quarantine those who may spread infection to others. In the same vein, to improve internet security, government and industry should promote security measures, detect infected devices, notify affected users, enable users to treat malware-infected devices and take additional action to ensure infected computers do not place other systems at risk, Charney suggested in a paper outlining the proposal. Such an effort is needed, according to Charney, because many consumer computers are infected and belong to botnets, which can be used to launch attacks against other users, the government, critical infrastructure and financial systems. “Simply put, we need to improve and maintain the health of consumer devices connected to the internet in order to avoid greater societal risk,” Charney said. Under his idea, consumer machines seeking to access the internet would be asked to present a “health certificate”, which indicates whether software patches are applied on the machine, a firewall is installed and configured correctly, and an anti-virus program with current signatures is running, and confirms that the machine is not currently infected with malware, Charney said. If a minor problem is found, such as a missing patch or anti-virus signature, the user may be provided assistance in mitigating the issue, he said. If a more serious issue, such as a malware infection, is discovered, it may be appropriate to constrict the device's bandwidth. Building an internet protection model that is socially acceptable would require finding a balance between security and privacy, Charney said. Specifically, users must retain control over their certificates. Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham (UAB), told SCMagazineUS.com that he likes the idea of health certificates, but all of the possible legal implications must be considered before implementing such a plan. The model could, for example, turn into a “dangerous game” if an individual, who is denied internet access, cannot do their job and decides to sue, Warner said. He said the effort will only work if involved parties use the information they gather for public good, much like in the public health community when vaccines are developed. “We have to find ways to break down these barriers of information sharing,” Warner said. “Until we have full visibility on the problem, we aren't going to know how to solve it.” See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.