If we are going to go down the path of starting over, why not go right to the root of the problem, and fix our hardware? Now that we know what kinds of vulnerabilities exist in our existing designs (based on the von Neumann architecture), we could create a new hardware platform that has security and privacy protections built in. This would naturally lead to a new kind of software, which could take advantage of the new hardware features and architectural decisions, to keep itself secure. Since the Internet is just a collection of networking hardware and software, it would obviously also benefit.

In fact, by rethinking the very basic underpinnings of computer design, we can propagate the results throughout the entire CPU-based world, not just the Internet. Trying to fix only one part of the problem, such as by creating “a ‘gated community’ where users would give up their anonymity and certain freedoms in return for safety” would be a disaster. Not only would it quickly be broken and misused, like every other attempt to do something similar, but it would eliminate one of the best features of the Internet that caused it to thrive in the first place.

Sadly, I doubt we will ever be able to “start over” on something like this (IPv6, anyone?). I mean, there are so many aspects of life that could use the benefit of hindsight and a redesign, like politics, tax law, health care… but they are too entrenched in society to be replaced by better systems. That makes for good job security for those of us in the computer security field, as long as we can put up with the feeling of continuous frustration, knowing that a true alternative is possible, but we are essentially powerless to pursue it.

The researchers’ new approach, called CloudAV, moves antivirus functionality into the “network cloud” and off personal computers. CloudAV analyzes suspicious files using multiple antivirus and behavioral detection programs simultaneously.

In general, that’s not a bad idea. It might save a few CPU cycles on your local workstation by not having to directly virus scan files. Then again, you have to use network resources uploading each file to the cloud, where it is scanned for you.

Each time a computer or device receives a new document or program, that item is automatically detected and sent to the antivirus cloud for analysis.

The privacy concerns here are obvious. Would you trust CloudAV to receive a copy of every file you want to virus scan? How sure can you be that they don’t use the contents for something else, or accidentally leak private information?

I think this idea has more merit as an internal virus scanning system for a large organization. That way sensitive data doesn’t have to leave the corporate boundary, or be sent to a third party. The benefit is that you have a more thorough and updated virus scanning engine, possibly using several different products at once.

Researchers develop next-generation antivirus system.

As pdp states, this isn’t necessarily a bug, but rather an unintended consequence of the fact that UPnP does not require any authentication. I guess they figured since it only listens for multicast on the internal interface, that it’s not a big deal. If you don’t actually need UPnP functionality, disabling it might be a good idea.

Considering how important protecting the nation’s critical infrastructure is, I think shutting down CIAG was the wrong decision. We need all the help we can get to keep our networks secure, and Cisco is a huge part of that process, simply because their products are so widely deployed.

Also, I doubt this move will help reduce the number of vulnerabilities discovered in Cisco hardware.

Why are they doing this? Well, the obvious reason is that BitTorrent traffic is taking up a huge part of their bandwidth, and that’s slowing down their over-subscribed cable modem networks. But this makes no sense. If Comcast users choose to allocate their bandwidth to BT, why shouldn’t they be allowed to? After all, that’s what they pay around $60 per month for.

Of course, Comcast will claim that they are trying to throttle the BitTorrent protocol due to the large number of copyrighted files it is used to transfer. Are they ignoring all the legal software, video, and music content that is also available via BitTorrent? There are tons of open source Linux distributions (which can be 4GB in size) that are frequently distributed via BT. And don’t forget local bands and amateur movie makers who use the protocol to spread their media content.

This makes about as much sense as blocking all email to help stop spam, or blocking all web traffic to help stop phishing attacks. Going after a widely used, generic, peer-to-peer file transfer protocol is the wrong approach.

By the way, according to Comcast, this is their policy on blocking network ports:

The only ports that may be actively blocked on the Comcast network are 67, 68, 135, 137, 138, 139, 445, 512, 520, and 1080 at this time. Any ports that are blocked will not be unblocked. If the port you would like to use is on this list, please select another port to use with your software. There are over 10,000 ports available for use. Please be advised that Comcast reserves the entitlement to block any ports on the network without prior notice. We thank you for understanding this security policy.

There is a good discussion about this topic on Slashdot.