Some might decide to drop any connections from the exploited computer all together. Others might decide simply to subject the traffic to more inspection or limit connectivity to a quarantined, safer network segment. My idea allows shades of gray (which I think is always necessary in the widespread world) versus a binary decision of full access versus no access.
Regardless of the malicious PC-connection detection service, I think we all need a warning service built in to the backbone of the Internet. Most antimalware companies and interested parties get lists of all the rogue origination points each day, updated several times a minute. The antimalware companies know where the majority of the bad stuff is coming from far faster than the average consumer or regular business. My idea is that reported rogue information should be shared with the world, immediately, and not just posted in the circle of the few. As I said, more information is usually better.
That way, when an innocent computer or network gets exploited, we all know about it immediately. Our network and computer defenses can take the appropriate action on our behalf (just like antimalware scanning software does today to detected malware programs). When the origination network or computer gets cleaned, the world is immediately notified, and normal communications can be begin again. Right now, it seems so strange that the only notification most people get is a malicious spam email from their friend.
So I want Google, Comcast, Microsoft, and all the other companies to go one step further and to upgrade their individual consumer notification services to a global service that can warn everyone. Microsoft's End-to-End Trust already has this idea built into it. The Trusted Computing Group has been building the protocols (IF-MAP is part of it) to support a centralized warning service. The whole world has already accepted Web services, SOAP, and SCAP protocols. Every piece and open standard we need to proceed with a worldwide warning service is already in place.
All we need is a few servers and a few groups to agree on how to implement it. After 20 years of waiting for computer security solutions to actually put a dent in computer crime, we stand on the cusp of real solutions. I just wonder: What it will take to make it happen?
This story, "Sowing the seeds for a safer Internet," was originally published at InfoWorld.com. Follow the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com.
This story, "Sowing the Seeds for a Safer Internet" was originally published by InfoWorld.