Do We Need A Hybrid Approach To Fighting Spam And Viruses?
from the on-the-network-or-on-the-desktop? dept
There's an ongoing battle about how to best fight threats like spam and viruses (and spyware and trojans and worms, etc...). Some think that it should be at the network level, where an ISP or a company can set up filters, while others believe it needs to be at the desktop. In an interview with the CTO for MessageLabs (makers of "managed email security products" - so you know where his bias is) he makes the compelling case for moving the protection up to the network level (of course, he means using MessageLabs' solution). His argument is that you can keep filters much more up-to-date at the network level, even to the point of updating them multiple times per day. It also removes the hassle of end-users getting anywhere near some of these malicious files - some of which use social engineering tricks to get users to do things they shouldn't. Of course, he's only telling half the story. Blocking at the network level is increasingly becoming a necessity, but it assumes that users always access the internet in the same way. These days, with laptops and things like WiFi, people access the internet from many different places, and you don't always know who's managing the network protection. You also don't know who might be connecting to your local network - and what sort of nasty stuff they've already been exposed to. It seems that a hybrid approach is going to become increasingly important. Some have said the trend needs to move from "scan and block" to "comply and connect" - which may represent the hybrid approach that things are heading towards. You allow most of the filtering to still occur on the network, but you don't allow an individual machine to connect to a network unless it's been shown to "comply" with whatever security policies have been established. While more corporate users are moving in this direction, it may be time for residential broadband service providers to look at providing similar solutions themselves. The issue, as always, is how much control people are willing to give their service providers. No one wants to be denied a connection because suddenly their ISP says they haven't complied with some weird security aspect that the user knows they have complied with. However, as these malicious attacks get worse, it's likely that we're going to move closer to a world where getting on the network is going to mean proving you're clean, while network level machines will be required to block out the nastiest attacks.