We have one more panel's worth of notes from our blogging of yesterday's Anti-Spyware Coalition conference. Here, StopBadware researcher Oliver Day shares his notes on the Trends panel, which closed out the day at the conference:
Google:
* The interstitial page. Creates a way to warn users of the search engine when a website is possibly infected.
* The Ghost in the Browser paper by Niels Provos et al. Technical paper on the methodologies used by Google to determine "badness"
* Safe browsing API overview. Opening up more information to the end users
* Online security blog. Tech oriented blog that is a day to day journal of the group.
Truste:
* Program whitelists
* Affiliate networks offloading responsibility
StopBadware:
* Educating consumers
* Guideline creation and security tips for site owners
* Community building via discussion groups, etc.
Site Advisor:
* Built for consumers by MIT engineers
* Bots testing for annoying behaviors
Questions:
How do all these pieces fit together in the security ecosystem?
Orgs like Truste try to fill in particular niches like deep product reviews. Google is trying to make searching safer. Stopbadware is in a unique position as a non-profit to act as a watch dog against corporations (see AOL report).
Are we acting as arbiters of the Internet? What happens when we get something wrong? Versions change often (think updates) so how valid are product certifications?
Google claims near zero False Positives based on vetting through partners. No one should surf securely feeling that they are protected from *all* things. How does one "look both ways" when you are browsing web pages?
False positives can be dealt with on a programmatic level. Creating decays on bans, white lists, etc.
Will/do consumers want their computers to be like appliances?
Porn is a vehicle for a badware codec.
How do we compensate for human stupidity?
How do we evade the bad guys when they know where we are (IP address)?
Community helps develop reputation systems.
What is the opinion of these groups for certifications by other groups? Things marked bad by different orgs are likely to be bad. Things marked good should still be viewed with skepticism.