In my ideal world, every time anyone received a piece of incoming content, regardless of the the application, the computer would send a trust query behind the scenes: "Can this content be trusted?" The answering service would be backed by a cloud database that collected anti-malware information from a variety of vendors and products. That way when a spammer launched its latest spam campaign, the service would get early warning and the rest of the spammer's campaign would fail. Millions of spam emails would fail and make spam unprofitable again.
If some part of the Internet, such as 3322.org, were identified as hosting too many bad sites, everyone would know immediately. And if the owner of 3322.org cleaned up his act, he might be able to get his domain and sub-domains unflagged, and start to join legitimate society again. But only with a DNS-like trust service could we immediately mark, communicate, and defend against these malicious actors that depend on our ignorance to get rich. Malicious hackers live by the byte at the speed of light. I say let them disappear by the same method.
We would need to build, fund, and maintain this new service, but we already do the same with DNS today. DNS is pervasively used by everyone, and I don't hear anyone complaining about its cost. A security service could be provided using the same mechanisms as we use to support DNS, which relies on a few contracted parties supplemented by a host of volunteer devices. We already have the model. We just need the new service.
Actually, one global security service probably isn't enough. Others can probably come up with different protection services at least as good as the one I suggest above. For that, we need a meta-security indexing service. Essentially, you would have a few servers that would host the records of all the underlying security services, of which my trust assurance servers would be one. Your device could query the indexing server for a particular security service and get immediately redirected to the right computer or computers.
The Internet is long overdue for a more secure version. We can make it. We can do it. It just takes the right people with a common vision coming together for a few months to implement existing protocols against a few new databases and services. It will happen -- and I hope I'm part of that change.
This story, "How to secure the Internet with a single service," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.