The golden opportunity that security vendors are ignoring
During a recent e-mail interview with Comcast spokesperson Jeanne Russo, I learned that the company is providing up to seven free copies each of McAfee's Viruscan, McAfee's Personal Firewall Plus, and McAfee's Privacy Service (for parental control and identity theft protection) to it's subscribers. The offer includes any updates as long as customers continue to subscribe to Comcast as their broadband Internet Service Provider. Comcast also offers subscribers seven e-mail accounts for family members. Offers like these raise several questions for end-users, security vendors, and even business network administrators who are in charge of making sure that employees can connect from home with out introducing malware to their corporate networks.
At issue is the rising popularity of networks in the home. Between the plummeting cost of computers, the simplicity and rock-bottom expense of putting in a Wi-Fi network at home, and the increasing number of non-computer devices that can connect to those networks, home networks are now the norm rather than the exception.
Not only does Comcast's "Magnificent Seven" offer demonstrate the lengths to which ISPs must now go to win business (the $805 total retail value of the offer is worth more than the total cost of one year of service provision), it also acknowledges the fact that people are installing networks at home and connecting more than one computer to their broadband connection. In plenty of cases, way more than one. In my house, for example, seven free anti-malware packages would not be enough to cover every system that's connected to our broadband connection. OK, I'm a bit out of the ordinary. But, at the bare minimum, we have four systems (mine, my wife's, my 15 year-old son's, and a system for general purpose use and printer sharing) connected at all times and I don't see that as being slightly out of the ordinary. This number doesn't include the Wi-Fi-based PDA either.
I'm actually grateful to Comcast for the offer. Not knowing that the offer existed, I went out and paid $30 for a copy of Symantec Norton Anti-Virus 2005 at Sam's Club for an old notebook computer that I'm ressurecting. So, I'm covered for viruses and worms. But I have no personal firewall other than the one built into XP (not to be trusted with the job, if you ask me) nor am I covered for identity theft by solutions other than my own personal best practices (one of which is to use Firefox) and whatever is built-in to my existing applications and operating systems. So, the offer is worth cold hard cash to those seeking blanket security coverage for their systems. But, if it's not dogging those who run home networks now, there is a problem that will dog them soon.
Just the same way thousands of local area networks sprouted up in businesses in the early 90's, these home LANs are sprouting up thanks to the technical vision of someone in the houehold. In my house it's me. For the neighbor's house across the street, it's also me (not uncommon). But, in my friend's house across town, it's my friend. And just like with those businesses, it won't be long before the person with the vision learns a little bit about scale. The first network I ran used Novell's NetWare 2.15 and it wasn't long before I realized that it was much easier for me to manage a centralized login script for that got used by all the DOS-based systems connected to the network than it was for me to go to each system and individually manage their autoexec.bat system startup "scripts."
Whether they know it or not, today's home network administrators are on the verge of becoming overwhelmed if they're not already. Particularly when it comes to security. Most people with the technical chops to get four or five computers running on a home network (throw a PDA in for good measure) along with some printer sharing also know how important it is to make sure that they keep those systems malware-free. Some may even know how it take just one worm on one system to take down the rest. The stakes are pretty big when you think about it. I don't know many people who, for a weekend project, are dreaming of how they'd love to spend two days nuking every system in their house and rebuilding their networks from scratch (boy, I hope they all have backups).
So, at first blush, Comcast's Magnificent Seven looks pretty darn good. That said, I don't know about you, but my breaking point for the number of systems whose security status I want to individually check-in on is probably four. Is the security software actually functioning? Has any malware surfaced and is my wife or son not aware of the indicator? What about the system that we use for printer sharing -- the one with the monitor that's always in the off position? What about when something like Zotob hits? Were the systems affected or do they need some cleaning? Did they grab the latest signature data? Not to mention whether or not the router that's connected to the broadband hookup is reporting anything out of the ordinary? What about policies? Should systems be denied access to the network the way businesses deny access to unsecured systems?
Maybe you have the time to run around an cull this information and take action where necessary from all these different devices. But I sure don't and neither did all those network administrators back in the 90's when the need for something more scalable gave rise to centralized solutions.
So, like many technologies that trickle down from the corporate world to the home computing environment, the time has come for tools that make it a lot easier for the household IT department to keep an eye on the bigger digital security picture. Sure, there are plenty of people who will take Comcast up on its Magnificent Seven offer (which could amount to 21 distinctly separate security entitities that need montoring) because they simply don't know any better. But, after they go through that first meltdown and discover that businesses have something that's less burdensome on their network administrators, those people will be asking the same question I have: why isn't there something like that for the home?
Of course, some security vendors may suggest that fully-loaded homes should being thinking about one of the existing, business-oriented centralized solutions. Fair enough. That's if you want to learn how to run a directory service like LDAP or Microsoft's Active Directory (uh, no thanks). Perhaps the reason that no company has skinned this cat is that's it's just too tough to skin.
Unfortunately, seven computers is just scratching the surface of where things are heading. Tomorrow's connected home will probably have upwards of 25 connected devices -- computers, routers, PDAs, phones, media centers, thermostats, refrigerators, crib-cams, etc. -- all of which will require some degree of security and someone to watch over it (maybe not like a hawk, but to occasionally check in). To the security vendor that turns the management of that scenario into a piece of cake will go the spoils. Who will that be? Quite frankly, I have no idea.
Finally, even if such solutions do arise, one wrinkle that will remain is how to seamlessly integrate dual personality systems without to much difficulty. A dual personality system is one that is provisioned and secured by your employer (in my case CNET Networks), but that may have to co-exist in an alternatively secured environment like the one at home.
Today for example, I have a company provided Thinkpad T42 running some centralized anti-malware solutions that I have no control over. Furthermore, when I connect to the corporate virtual private network (VPN), I cannot connect to anything on the local area network in my house like the shared printer (many VPNs can support "dual tunneling" but not the one that's been provided to me). As the need for more buttoned-up home security gives rise to better, more centrally managed solutions, interoperation problems like these (for telecommuters) is going to get worse.