Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: The perfect security defense is right under our noses

Roger A. Grimes | Sept. 4, 2013
We can develop and deploy the equivalent of a cloud-connected security expert on every computer -- and stop the bad guys cold

Computers or IP addresses that are frequently involved in badness would be permanently blacklisted, at least until a point in which the maliciousness could be considered rare or under control. Networks known to spew considerable malware or host bogus websites could be permanently marked as untrusted. In today's world, a tiny percent of today's originating networks host most of the badness — let's identify and blacklist them.

In my perfect world, there could be a multitude of participating clients, and each could do what they want with the data learned from the centralized service. For instance, I may instruct my clients to drop all network packets originating from blacklisted IP addresses, whereas another company may decide to treat the same traffic as untrusted and simply enforce stronger inspection before allowing into their network. It would be up to the administrating individual.

Install or run away?
My absolutely must-have client function would be one that assists users in deciding whether they should install a particular program. After unpatched software programs, users installing things they should not accounts for the vast majority of maliciousness. It's not only falling for fake antivirus programs, but installing programs that seem innocent but are really backdoors for more badness. Most people's computers are full of adware crap that does nothing but enable further exploitation of their computers.

My perfect client software program would inspect each program a user tries to download and install, and tell the user whether or not they should do it. There is already similar functionality built into some browsers, such as Internet Explorer, but it isn't complete enough. No single program or vendor can keep up with all the new programs being created each day. But many computer security experts around the world could form a big volunteer collective that analyzes newly offered programs and makes the correct decision. The aggregated answer would be collected at the centralized service and communicated to any client considering downloading the same program.

It would essentially be giving everyone their own security expert. I know most of my friends would love to be able to ask me if they should download and install a particular program. But they don't email or call me because they know I'm busy and they don't want to bother me.

Let's productize all the good computer security knowledge and automate the approval or disapproval — and along the way block the sources of malicious garbage once and for all. The bad guys have to originate from somewhere. Let's track them and communicate who they are and where they are to everyone in the world. Let's make it harder for them to hide. Let's smoke 'em out and put them out of business.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.