Some might decide to drop any connections from the exploited computer all together. Others might decide simply to subject the traffic to more inspection or limit connectivity to a quarantined, safer network segment. My idea allows shades of gray (which I think is always necessary in the widespread world) versus a binary decision of full access versus no access.
That way, when an innocent computer or network gets exploited, we all know about it immediately. Our network and computer defenses can take the appropriate action on our behalf (just like antimalware scanning software does today to detected malware programs). When the origination network or computer gets cleaned, the world is immediately notified, and normal communications can be begin again. Right now, it seems so strange that the only notification most people get is a malicious spam email from their friend.
So I want Google, Comcast, Microsoft, and all the other companies to go one step further and to upgrade their individual consumer notification services to a global service that can warn everyone. Microsoft's End-to-End Trust already has this idea built into it. The Trusted Computing Group has been building the protocols (IF-MAP is part of it) to support a centralized warning service. The whole world has already accepted Web services, SOAP, and SCAP protocols. Every piece and open standard we need to proceed with a worldwide warning service is already in place.
All we need is a few servers and a few groups to agree on how to implement it. After 20 years of waiting for computer security solutions to actually put a dent in computer crime, we stand on the cusp of real solutions. I just wonder: What it will take to make it happen?
This story, "Sowing the seeds for a safer Internet," was originally published at InfoWorld.com. Follow the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com.
This story, "Sowing the Seeds for a Safer Internet" was originally published by InfoWorld.