Efforts to create a safe zone within the World Wide Web might help raise online security standards, but security players warn such a space is not "bulletproof" and might invite more negative attention from hackers instead.
In May, a group of Internet security specialists founded a company Artemis Internet with the aim of delivering a service to build a "more trustworthy Internet". This it intends to achieve by acquiring the .secure top-level domain name from the Internet Corporation for Assigned Names and Numbers (ICANN) to create an online safe zone, the company stated on its Web site.
Artemis CTO Alex Stamos told AFP in a separate report then that it was waiting on its application, and it hopes to create a safe neighborhood where people follow the rules and can be relied on to do things securely. "There is not going to be typo squatting or malware… We are going to make it really airtight so even if you were in Syria, the Syrian government couldn't hijack you."
He added in the report that the technology tools for thwarting online hackers and scammers are commonly available but typically unused. Artemis will be attempting to change this by making it a requirement for Web sites to adopt, with the idea of making Web browsing "effortlessly secure for individuals", he stated.
Businesses registering for .secure Web sites will also be required to verify their identity and accurately represent what they do, added the CTO.
Commenting on this, Elad Sharf, senior security researcher at Websense, said the proposed Internet safe zone is about establishing a reputation for online security and ensuring people that the Web sites they visit meets certain standards. These sites are also safer because of the security measures in place, he added.
Safe zone not invulnerable, costly
That said, he noted that the safe zone will likely be seen as an "ideal, attractive and luxurious" target for hackers. This is because it presents a challenge to demonstrate their hacking skills and, should they evade these tightly secured Web sites, will offer them credit in the cybercrime scene, the researcher said.
"The motives of doing so might be personal or might be to disprove the concept of a safe zone," Sharf explained.
He also warned that operators and security enforcers of the safe zone will face the challenge of ensuring its resistance against breaches. With different servers, Web platforms, plug-ins, custom server side codes and scripts, it will be difficult to manage these and ensure malware do not creep in through backdoors or cracks, the researcher said.
Roman Foeckl, CEO of CoSoSys, pointed out that it will also be a costly venture for companies thinking of signing up with Artemis and participating in the safe zone. Organizations with different domain names in use will find it costly to run dedicated servers with the required security features to support such an initiative, he explained.
There are also no guarantees that the safe zone will be more secure than existing domains since everything relating to software will still have vulnerabilities, he added.
Another security expert suggested that the .secure domain should not be touted as "bulletproof". David Harley, senior research fellow at ESET Security, said the defensive strategies used to strengthen security in the zone is practical, it will not ensure universal safety and the protection is only limited at the domain level.
As such, Foeckl pointed out the best way to promote Internet security is still user education. People should be informed of dangerous things in the Internet, starting from when they are students, and to look out for what to avoid. In other words, cybersecurity should become part of modern education, he recommended.