Sunday, May 16, 2021

RSA: Microsoft Promotes Internet Health Model

Microsoft’s Scott Charney has been ringing the alarm for cooperation among consumers, businesses, and governments over issues involving cybercrime for years.

Tuesday at the RSA Conference 2011 in San Francisco, Charney, corporate vice president of Trustworthy Computing at Microsoft (NASDAQ: MSFT), proposed what he refers to as “a global Internet health model,” to help the various constituents get a handle the burgeoning problem of global cybercrime.

It’s been a recurring theme for Charney, who also aired his thoughts in a post on the Microsoft On the Issues blog on Tuesday.

Saying that the time has come for coordinated action against cyber criminals, Charney presented his ideas for his health model.

“Security is not a problem that can be addressed fully by individual consumers, or even individual companies or governments. That is what led to the development of my public health model proposal, which calls for collective defense against cyber threats,” Charney’s post continued.

He proposed such a model in October, when Microsoft released a whitepaper (as PDF) discussing it.

While admitting that nothing happens overnight, Charney said that he had identified two strategies to improve Internet “health.”

“[The first strategy is] bolstering efforts to identify infected devices and get them healthy, [and the second is] implementing policies and practices that promote device health by reducing known risks,” he added.

In one video scenario presented on the blog and also at Charney’s RSA keynote, a bank customer goes to make a financial transaction, and is stopped by the bank’s health check, which identifies that the anti-virus software on the customer’s machine is out of date.

Charney also described a program started by the Internet Industry Association of Australia, “which creates a notification system for consumers with compromised computers and a standardized resource to clean them.”

Such systems can evoke serious privacy questions, however.

“That being so, contracts should provide, and legal frameworks should help ensure, that any such programs are limited to ensuring device health and that information gathered is used for no other purpose (for example, the enforcement of intellectual property rights or the creation of marketing profiles),” Charney’s blog post continued.

A related important consideration is that, while providing health checks, users must not be not cut off from critical services such as Voice Over Internet Protocol (VoIP).

“As devices converge (e.g., a computer may be used to make VoIP calls, including calls to emergency services), denying a user complete access to the Internet, even for a short period, could well have damaging consequences,” he added.

Stuart J. Johnston is a contributing writer at, the news service of, the network for technology professionals. Follow him on Twitter @stuartj1000.

Similar articles

Latest Articles

How IBM has Changed...

Think is IBM’s big annual conference, and again this year, it was digital. I’m noticing a sharp quality difference in shows like this where...

Database-Tuning Platform Launches and...

PITTSBURGH — A team out of Carnegie Mellon University is launching its automatic database-tuning product today with the help of $2.5 million in funding.   OtterTune,...

Top 10 Professional Services...

Professional services automation (PSA) software aims to offer service-based companies most of the software they will need to run their businesses in one package....

What is Data Aggregation?

Data aggregation is the process where raw data is gathered and presented in a summarized format for statistical analysis. The data may be gathered...