Microsoft: Use Public Health Strategies to Fight Cyber-attacks

By Brian T. Horowitz  |  Posted 2010-10-06 Print this article Print

title=Established Methods Inadequate in Fight Against Botnets} 

In his paper, the Microsoft executive compared not following security risks to ignoring the hazards of smoking or spreading dangerous human viruses such as SARS and H1N1. 

According to Charney, established security methods-firewalls, antivirus software, patching and the like-have been inadequate in fighting botnets, which are computer robots that spread malware or viruses. 

"If a device is known to be a danger to the Internet, the user should be notified and the device should be cleaned before it is allowed unfettered access to the Internet, minimizing the risk of the infected device contaminating other devices or disrupting legitimate Internet activities," he advised. 

Charney proposes that technology products be required to receive a health certificate, while suggesting that health certificate requirements could lead to software patches, firewalls and antivirus programs being applied properly. He mentioned the EuroPriSe (European Privacy Seal) as an independent seal to use as a model. 

Of course, it's not a perfect solution. Charney notes that it could happen that a user requires a VOIP connection for a 911 call and his or her connection gets blocked because the system lacks a proper health certificate. 

"Information learned through the health examination process may be extremely valuable to those attempting to understand and preserve the health of the Internet," Charney wrote. 

In his paper, Charney proposed three steps: ensuring that devices can earn trustworthy health certificates; building an infrastructure that allows companies to receive the health certificates and act on them; and encouraging quick sharing of information about new threats. 

The "Collective Defense" strategy entails teamwork among governments, ISPs, the IT industry and users, according to Charney. 

"We cannot expect consumers to become security experts, but if we think about how the public health model helps consumers to understand when they are ill and when they should get treated, we can come up with relevant concepts that are applicable to Internet security," Charney concluded. 


Brian T. Horowitz is a freelance technology and health writer as well as a copy editor. Brian has worked on the tech beat since 1996 and covered health care IT and rugged mobile computing for eWEEK since 2010. He has contributed to more than 20 publications, including Computer Shopper, Fast Company,, More, NYSE Magazine, Parents,, USA Weekend and, as well as other consumer and trade publications. Brian holds a B.A. from Hofstra University in New York.

Follow him on Twitter: @bthorowitz


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel