December 01, 2010

"Everybody's Got Something to Hide Except Me and My Monkey"

Computer Security Viewed as Public Health: Microsoft's security chief Scott Charney has published a very provocative thought piece about whether a better approach to infected computers might be network quarantine just like we do with public health and people who have contracted a serious infectious disease. There is in fact a lot of knowledge about what machines are infected. Both Trend and McAfee now have elaborate Cloud based threat intelligence systems, and are using them to revolutionize how they do end-point security. Both know a lot about infected machines and the BotNets that control them because that strongly influences how you view those machines as threat sources when they try to connect or send you email. The unanswered question has been what to do about these infected machines other than to be wary of them. Quarantine is a clear constraint on a sick person's individual freedom, and yet it's a socially accepted practice in freedom loving democracies. Why shouldn't we deal with computer infection in the same way? Without societal agreement, service providers would be left with angry users and costly support if they tried to quarantine systems, so they don't. Might that all change if we adopted a quarantine model for computers to as a society?

Posted at 04:18 PM in Computer Security, Computer Virus, Microsoft, Scott Charney | | Comments (0) | TrackBack (0)

May 06, 2009

RSA 2009

As always RSA was a good use of our time. The meeting was definitely slower than last year and there wasn't a lot of earthshaking news, but it is still unquestionably THE security meeting and a great place for use to meet with a lot of interesting companies and people efficiently. Security continues to be best viewed as a war between the forces of good and evil, and in the last year you would have to say that evil gained ground as evidenced by things like the Conficker virus. In the end we think that Conficker will be great wakeup call because it shows so clearly that if we thought we were well-protected because disruptions like SQLSlammer hadn't returned it was very bad thinking. There is unquestionably progress being made on much more sophisticated security solutions, with many forms of sensor input and often requiring analysis and some part of the solution in the Cloud. All the big desktop security companies seem to have realized that the desktop systems that get infected in the past are likely to get infected in the future. The value of this epiphany is that they act as a great Petri dish for the early detection of new malware. The cleverest application of this understanding is the realization that pirated security software in China running on pirated versions of Windows are a really good deal as long as they report what they see back to the mother ship. Machiavelli lives!

Posted at 04:25 PM in Cloud applications, Computer Virus, RSA | | Comments (0) | TrackBack (0)

About

Our Book

Search

Archives

More...

Categories

Newsletter Archives

Infrastructure2.1 Feeds

  • Subcribe to John's Feed
  • Subscribe to Peter's feed

Email Updates

IRG-Intl