A TrustedSource for Threats Intell Data

Following the series of posts on early warning security events systems, Secure Computing have just announced a major upgrade of their threat intell service :

"Secure Computing's TrustedSource acts like a satellite advanced-warning system for the Internet that detects suspicious behavior patterns at their origins, and then instructs security devices to take corrective precautions or action," said Dr. Phyllis Schneck, vice president of research integration for Secure Computing. "TrustedSource pinpoints reputation by looking at behavior and specific factors such as traffic volumes, patterns and trends, and enabling it to rapidly identify deviations from the norm on a minute-by-minute basis."

I've already mentioned the radical perspective of integrating all the publicly known IPs with bad reputation, and sort of ignoring their online activities in order to prevent common problems such as click fraud for instance. Think from the end user's perspective, what's the worst thing that could happen to both the average and experienced end user? Try witnessing the situation when a known to be infected with malware end user starts receiving messages like these, and will continue to receive them until a certain action is taken presumably disinfecting themselves. Of course, it's more complex than it sounds, but start from the basics in terms of the incentives for end users to disinfect themselves, the masses of which aren't that very socially oriented unless of course it's global warming and the possibility for a white Christmas you're talking about. Issuing an "Internet Driver's License" wouldn't work on an international scale, and even if it works on a local scale somewhere in the world, it wouldn't really matter, since you'll have the rest of the world driving unsafely, and you'll be the only country which has fastened its seat belt. Here's an example of such mode of thinking.