One popular ruse was to find a fellow con artist with a very thick crop of hair, shave his head completely bald and send him into town for a few days where he would re-shave his head at night, and wander around the streets by day. When the snake oil salesman rode his wagon into town later in the week, guess who was asked to accept a free sample. And in the days that followed, as hair began to emerge from the once shiny scalp, a good business was done before the team left town\u2014often just ahead of the sheriff.In the mid-1800s, Chinese laborers working on the Transcontinental Railroad rubbed sore muscles with an ointment made from the Chinese water snake.\u00a0 According to a 2007 article in Scientific American, a California researcher found that there could have been some medicinal value in that original ointment.\u00a0 Unfortunately, though, hucksters heard about the miraculous powers of the snake oil and decided to sell their own versions without actually using Chinese water snakes \u2013 or any snake at all.\u00a0 Thus,\u00a0 a possible real solution in 1800s medicine was tarnished by \u201crogue snake oil\u201d fraudsters.This sounds a lot like the state of Internet security \u2013 or Internet health, if you will \u2013 today.\u00a0\u00a0 Companies and researchers introduce products and services that provide some amount of protective benefit, but Cyber fraudsters churn out rogue security software with socially engineered interfaces that look and feel like the real thing, but either provide no benefit or instead do actual harm to computers.\u00a0 This undermines confidence in legitimate solutions right along with the fraudulent ones and it is challenging for an average Internet user to tell the difference.I believe we can learn lessons about combating the snake oil salesmen of today by taking a look at how we defeated the snake oil peddlers of the past. At the same time there were con artists selling bottles of elixir from the back of a wagon, there were scientists and physicians doing the hard, but rewarding, work of building our knowledge base across the sciences and developing cures and preventative measures to help their patients.\u00a0The rise of modern medicine pretty much shut down the old snake oil business \u2013 but what elements of modern healthcare make it hard for \u201ctraditional\u201d Snake Oil medicine men to thrive?\u00a0 Why is it that even my 6-year-old would be unlikely to fall for a spiel from a huckster selling a cure out of the back of his car?\u00a0 Let\u2019s consider healthcare from the perspective of a 6-year-old.Any six year-old knows that: if he is sick, he doesn\u2019t have to go to school because that could make others sick\u00a0 (temporary self-quarantine to prevent spread) he has to wash his hands a lot, especially during flu season (promotion of healthy habits to prevent spread) he should cover his mouth when he coughs (promotion of healthy habits to prevent spread) if he is only a little sick, Mom and Dad may be able to nurse him back to health with over-the-counter medicine (using basic tools for self-healing) he should not take medicine (or candy!) from some random stranger (don\u2019t accept unsolicited and non-authoritative health \u2018solutions\u2019) if he is really sick, he has to go to a doctor (seek a professional, certified by Mom & Dad and ultimately an authoritative medical association) if he is really, really sick, he might have to go to a hospital \u2013 which could be expensive and is kind of scary (specialist services, usually more expensive and possibly requiring an extended stay)And of course, there are elements of modern health that are benefitting him that he has no idea about, such as public sanitation and all of the details behind how doctors are trained or authorized to practice.In the same way that modern healthcare has made it more difficult for snake oil peddlers to do their business, we need to modernize Internet health in a way that that addresses the ambiguity in the minds of the public.\u00a0 Internet citizens need a system that is authoritative, yet simple enough that even a six year old can understand it and know what to do.Last year, I was a contributor on a paper (by Microsoft CVP Scott Charney) Collective Defense: Applying Public Health Models to the Internet, and in June participated in a breakthrough group on Internet Health at the East West Institute Cybersecurity Summit, so this is by not means a new topic.\u00a0 In fact, that breakthrough working group continues to meet and discuss actions we can collectively pursue to improve Internet Health.\u00a0 As I\u2019ve worked more on this Internet health view of cybersecurity during the past year, I\u2019ve found the concept of public health to be a useful working model to have discussions with people across the industry.\u00a0Much remains to be done.\u00a0 It will take a global effort to create a worldwide system to promote Internet health. However, now is a good time for IT professionals and other stakeholders to start conceptualizing what a public health model for the Internet might look like and especially look at what we need to do to address the social issues of trust and education with the public.One possible insight is that \u201csnake oil\u201d wasn\u2019t really a technical problem for healthcare, it was a problem that contributed to social uncertainty about what actually worked.\u00a0 While we can think of technologies as approaches to improving health (e.g. oil from a Chinese water snake), I think we might make more progress, more quickly, by taking a hard look at the social and people aspects of Internet health and trying to define systems that address the social uncertainties.Can we build trusted sites that could make an authoritative diagnosis of malware infection or cleanliness?\u00a0 How can we make those sites well-known and deploy them in a way that people would trust them?\u00a0 Can the existing security software business models evolve to one that separates trusted independent diagnosis from tools for treatment? Interesting questions remain to be addressed and I am thinking about what I might propose to help address the social problems with Internet health.\u00a0\u00a0 I\u2019m very interested in other perspectives, so if you have thoughts, please share them with me.Regards ~Jeff (@securityjones)NOTE: This article is cross-posted to The Security Decode blog on csoonline.com and the Microsoft Security Blog.