The technology industry alone cannot create a trusted online experience. For this to happen, industry must join forces with customers, partners, governments and other important constituencies on a road map for creating a trusted Internet.
So said Adrienne Hall, GM of Microsoft Trustworthy Computing, during her keynote address at RSA Europe 2010, being held in London, this week.
“The time to do this is now,” she said. “Some serious issues, such as botnets, spam and ID theft have served to focus people's attention on security and privacy issues. Some important discussions, such as how to achieve more security and more privacy instead of trading one for the other, have led to new thinking about how we can create a more secure and privacy-enhanced Internet.”
Microsoft said the Internet is different, in that few criminals are caught, few crimes solved. “Despite improvements in effective proactive measures, criminals are not held accountable for their actions and are increasingly emboldened. If we want the Internet to reach its full potential, we need a safer, more trusted online environment.”
Hall said Microsoft has released its Security Intelligence Report, covering January to June this year. “The report found there has been an additional focus on botnets. The problem has existed for a while. Over 6.5 million botnet infected computers were cleaned between January and June this year,” she pointed out.
The report also revealed that spambots are currently responsible for 87% of unsolicited e-mail sent. “Although we have advanced filters and spam blockers, a large percentage still gets through.”
She added that there are ways to address the botnet problem, such as the Waledac takedown earlier in the year.
Waledac is a Trojan that collects e-mail addresses found on the computer on which it is installed and distributes spam e-mail messages. It may also try to contact different Web sites for posting data and downloading arbitrary executable files.
Through a takedown approach, Hotmail blocked 651 million incidences of connections from infected machines over 18 days.
In the future, Hall suggests moving towards a 'public health model' for a safer Internet. “A traditional public health model sees education and public notices, periodic testing, vaccinations, and national and international databases to look at data, and track and control the spread of disease and infection.”
The government, she said, could do something similar to manage health on the Internet. “Educate the public on cyber risks, test and detect malware and botnets, use a 'vaccination' in the form of AV solutions, and collaborate with partners nationally and globally to track and control the spread of malware.
“There are several points to bear in mind for a good 'collective' defence,” she added. “Address botnet risks, implement offensive and defensive measures and create an Internet health model. Use government action if the market forces fail. Lastly, protect privacy.”
By following these points, Hall said cyber crime can be prevented and disrupted. “Ultimately, the goal is to put users in control of their computing environments, by increasing security and privacy.”
Share
