A "Health Certificate" for the Internet? Hmmm….. 3


http://blogs.technet.com/b/microsoft_on_the_issues/archive/2010/10/05/the-need-for-global-collective-defense-on-the-internet.aspx

A few days ago, a Microsoft employee (in their Trustworthy Computing division) posted a blog entry discussing the need for a “health certificate” to allow computers on the Internet. In order to be considered “healthy” your computer must have all available updates (I’m assuming Security here), and updated antivirus, and an updated firewall. And be virus free.

On the surface it sounds good (and in some other levels also). But, there are some considerations that need to be made.

First, what if your operating system doesn’t have (and isn’t easily susceptible to) viruses? I’m looking at Mac OS, Linux, and other unix variants here. Will there be a provision that states only Windows computers require antivirus software? And if, at some point, the other OS’es find the need for antivirus software, will the provision be put in for them?

Secondly, the idea is that they will be completely blocked from the Internet. So, pray tell, how will they block the computer? Will they do it by MAC Address (the “Physical Address of the Network Card)? Or will they block it at the modem level? This presents two problems: If the computer has multiple NIC’s (wired and wireless for example), they can still get on the Internet for a brief time. Also, how will the user get the needed updates to get their “health certificate”?

Thirdly, what exactly would the “health certificate” be? Will it be like a Digital Certificate? Will it be like the Windows Activation? How will they prevent people from forging their certificates or stealing others?

Fourth, how will this keep me from screwing up my facebook with those stupid lolzvideo viruses that are floating around? (I don’t click those, but I know a lot of people who do) After all, no antivirus protects you from that. And I would imagine that for the average person, that is the biggest hassle. They don’t realize the other dangers, because they don’t play in the big park. They go to their email and surf facebook and youtube.

The Health Certificate is a good theory. If someone actually decides to implement it, it needs to be an independent party with NO interests in any operating system or security software. Because if you have an interest in a product that the health certificate affects, you’re inherently going to shift the balance in favor of your interests. In other words, Microsoft has a good idea, but they shouldn’t have anything to do with implementing it.

One telling thing about this is that between 1 and 10 million Windows PC’s are involved with botnets. The number of Macs, Linux PC’s/Servers, and other devices that run non-Windows code is closer to zero. Now that may change if virus creators figure out a way to hack through OS X or Linux. But the point is that right now, it’s more than likely a Microsoft product that is causing the problems.

All of this being said, I think the health certificates are a decent idea. And after skimming through the actual white-paper on the subject, it raises some good points that aren’t being covered in the media.

Personally I think that the “Health Certificates” should contain the following information:

1. All MAC Addresses in the computer (this should be the ONLY identifiable information)
2. Operating System information (Windows/Linux/OS/etc and version including build where appropriate).
3. A check to see if all required security updates are installed properly.
4. If the Operating System requires a firewall and antivirus, whether these are present, turned on, and updated completely.

The “Health Certificate” should be generated on the fly. This will ensure that the most current information is presented. Tools like Belarc Advisor already generate the information that I suggest (and could easily be incorporated into the Health Certificate program).

Let me know what you think of the Health Certificate ideas. Read the white-papers on the Microsoft site, and do a little research into the idea. Let me know what you’d like to see in one (if they’re implemented).

Have a great day:)
Patrick.


Leave a comment

Your email address will not be published. Required fields are marked *

3 thoughts on “A "Health Certificate" for the Internet? Hmmm…..

  • Claire

    There are various sites on the internet, and we don't really know which one's safe or not. If our computer's not protected from these harmful websites, our computer is at risk. Living in Ottawa, computer tech support services are always around town to help me know what are the safe to browse sites and which one's harmful.

  • Lisa

    I think it's a good idea too. But most people use Windows for their OS. It would be unfair to non-Windows users. Like me, I've been using Mac for five years now. And the best thing about its OS is, it's noninfectious to any viruses. These "health certificate" is another good instance of an IT management. Boston, where my office is located, is using Mac computers. When this certificate would be implemented, how are we suppose to get on the internet when most of our tasks and files are done while staying online? I'm pretty sure this kind of requirement would benefit the industry of IT services. Boston is a place of the best computer services, anyway.

  • Houston IT Service

    For me, this would be a bit a bit off if the scenario is that they haven't thought of your questions before they even announced it. As far as overall health on the hardware side, they would have to find a very, and I mean very effective way to monitor this, since a PC is basically an open-sourced piece of machinery. It's like a Bus with components of a minivan. Anything goes. You've given great questions for them to ponder though. I hope give as a straightforward answer as to how they want to achieve it.