There have been a lot of negative responses to Microsoft’s recent call to action proposing global Internet health. Their concept has been criticized for looking good on paper but having little effect when implemented. While the critics are not 100% wrong it’s important to realize that what Microsoft is suggesting is a small piece to the security solution puzzle, but an important one. A global collective effort to establish security standards is overdue and ISPs, governments, and security vendors need to work together to contribute to an overall solution.
Many service providers, such as Comcast have already started to contribute to Microsoft’s proposed effort by offering increased protection to customers. A 2010 MAAWG survey suggested that 65% of customers believe that ISPs are responsible for stopping the spread of malware and it seems service providers are responding.
Virgin in the UK alerts their customers when they are infected similar to Comcast and directs them toward centralized support. In Germany and Australia ISP and government cooperation has already started to take place. A survey done by the German government suggests that if the top 5 German service providers would participate in the Botnet Initiative Program then 80% of German citizens would be protected under the ISP umbrella. Wouldn’t it be nice to apply that at a global level?
There is a key piece to making a global Internet health plan work, a coordinated methodology. There are hundreds of security vendors, all with different services, and a coordinated methodology where information is exchanged, documented, and aggregated will allow for a more complete view of cyber threats and how to best protect customers. One place where standards would be addressed, solutions would be compared and reviewed, and partnerships could be facilitated. Statistics could be generated that showed the effectiveness of different solutions on customer infection rates and malware behavior in general. The botnet subgroup within MAAWG comes to mind as a possible candidate for coordination and sharing.
In the current marketplace, selecting the proper security solution is a costly process because you are never really sure what combination of products is going to be best suited for your organization until you have trialed them. Organizations are in the trend of simplifying and that includes vendors. They would rather get everything from one place in a concise package that they know is the most effective for their needs.
Umbra Data exchanges information with various community sources, provides free trials to organizations, and supports the idea of a cooperative effort to combat threats. We encourage other vendors to do the same. Cyber citizens safety should be qualified by solution efficiency, not market timing, and a coordinated forum could make this possible. So while Microsoft’s plan may not yield magical results, it contributes foundation pieces to the puzzle and is a step in the right direction toward collaborated research, effective solutions, and an overall safer Internet community.