Microsoft is now considering a new way to keep internet users safe as they surf the web: an Internet wide network access control. Such an access control would scan computers before they go online and would only allow internet access if they were clean and free from all viruses and malware. If a computer was infected, it would be cleaned through a restricted Internet connection. In his paper Collective Defense, Scott Charney (a Microsoft executive) argues that a global health model should be applied to the internet saying, “To improve the security of the Internet, governments and industry could similarly engage in more methodical and systematic activities to improve and maintain the health of the population of devices in the computing ecosystem by promoting preventative measures, detecting infected devices, notifying affected users, enabling those users to treat devices that are infected with malware, and taking additional action to ensure that infected computers do not put other systems at risk.”
While this idea is definitely interesting, critics have cited many possible problems. First of all it would be hard to determine who had the power and authority to implement such a control (the government? Internet Service Providers?), and how they would be able to do so. There is also the issue that it is impossible to protect against something if we don’t know that it exists. Therefore, hackers may design new types of viruses and malware that might be able to bypass the access control. There is also always the risk of the access control itself being hacked.
Despite these issues, I still think that a network wide access control is an interesting possible solution to the problem of increasing malware and viruses. It is definitely something to keep an eye on for the future.
http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1522386,00.html
Posts
I have never heard a proposal like this one, and it seems like it could be a fix to many problems associated with viruses and malware on the internet. I also agree with the possible problems associated with the idea.
ReplyDeleteWe have talked before about how security is like a cat and mouse game. As security experts are perfecting the fixes to one hacker, another is creating something new. There is no catching up. While I agree that this will also occur with a internet access control, I also think it is still progress. Sure, it may not protect forever, but it can be updated and will already protect against past attacks. It is a step towards better security.
In reference to who will have control. I believe that this should be almost a coin toss. Does it really matter who has the control as long as it is done correctly?
This is definitely something interesting that I believe could become commonplace in the future. Progress is made every day, and I believe at some point that this will become reality.
I have also never heard anything like this, and agree that it is an interesting idea. Although it may help protect against viruses quickly moving through out the internet, think of the downside as a user.
ReplyDeleteImagine you have to print your paper off before a class in Debartalo. You only have 15 minutes to print the paper off and get to class. By the time a computer becomes available, you sign on, log on to you e-mail, and print the paper off - your 15 minutes is almost over. If this security measure were implemented (assuming I am understanding it correctly), it would take even longer to log on to the internet. The scan would most likely not be instant, especially since every computer would probably be scanned every time before it logged online.
In the fast paced world we live in today, I'm not sure users could get used to longer load up times. Especially since we have been working to get faster computers. How would this work with handheld devices?
Personally, I think it is a step in the right direction - meaning it is good that experts are looking for answers - but I'm not sure this is exactly the answer, the cons may outweigh the pros in this case.
I do like this idea but would still need more information to fully understand the proper implementation. I think the control issue would be the hardest part of this issue since someone would need to take control and be in charge, but with the number of computers around the world this would have to be taken on by an entire corporation or government agency. It is a very large scale project that would need almost years of planning and proper procedures.
ReplyDeleteI would also have to question how the situation would be handled with hand held devices and network providers. I would like to hear how blackberry's or other devices that do not attach to wi-fi would be used or serviced with this implementation.
Lastly, I would like to know how a wide spread implementation would even be possible to implement. Would it be a rolling implementation or an over night invention? Implementing over night would cause many problems since there are millions of users on at any time of the day but I feel a slow implementation would give to many users the ability to understand how it works and figure out the loop holes before the service would be implemented against them.
Overall I think if done correctly and done with efficient planning and testing this would be a very good idea for increasing safety. However, I feel it is not anything that is near completion and has a long way to go in development.
Great blog. Your blog is interesting and so informative. Wait for your next blog post.
ReplyDeleteinternet security course