In taking a look at how far Malware detection has come these days, we want to reflect on the recent development from Google in actually notifying users whether or not their computers are actually infected with Malware. We are familiar with the Google splash page alerting users that the page they are about to visit is unsafe, however, this move takes things a bit further in actually alerting a user that their individual computer has been infected. Recently, Google implemented this as a countermeasure against a malware bug detected during maintenance which was targeting machines located in an offline datacenter. Infected Windows machines were looking to connect to these resources and so prompted Google to take action. It leads us to the question of whether or not the future of Malware detection could actually be from the Internet itself rather than on individual machines located as end nodes.
In thinking about this method of detection there would seemingly be many advantages to detecting threats from the Internet side rather than individuals. Malware definitions could always be kept up to date this way instead of relying on individual users to keep up with this. How many times have huge waves of infections been caused by unpatched Windows machines? Too many to count. In fact, that may well be the primary way that malware is spread by capitalizing on vulnerabilities that end users have not taken the time to patch or even know about. If the approach was taken from the other side and for instance search engines such as Google actually do the examining of computers accessing resources, this problem would be much easier to circumvent. The infection could well be stopped by this barrier which could be implemented in one location at the datacenter location rather than user’s homes.
Multiple platforms could be protected, different versions of OS’s, patch levels, and other various configurations of hardware and software – it wouldn’t matter in this approach. Users could be notified as Google has been doing, which leads to much better informed end users. Most non tech savvy computer users, don’t even know about much less understand patch levels, and security updates, let alone know how to implement or obtain these updates. Many users have stale or misconfigured Windows update settings which prevent their computers from getting the latest and greatest from Microsoft. This notification from the Internet could alert users to either find the updates or security fixes they are looking for or contact someone who can help with this.
One of the big buzz words in the world of security access is Network Access Protection, which is a much more proactive way to grant and allow access to network resources. Is this similar to that technology except on the Internet side of things? Maybe. Disallowing a computer access to the Internet if a threat has been detected would be a huge leap forward for the overall security of the Internet and other end users who may unknowingly be exposed to infected computers.
This is a most thought provoking concept to think that technology may be heading in this direction. With all the emphasis on cloud computing and having resources available in the cloud rather than locally, it makes a lot of sense to move the Malware detection piece to the cloud as well. It will be interesting to see where leading companies that shape the Internet such as Google will take this developing proactive approach to Internet security.