Microsoft: Use Public Health Strategies to Fight Cyber-attacks
title=Established Methods Inadequate in Fight Against Botnets} In his paper, the Microsoft executive compared not following security risks to ignoring the hazards of smoking or spreading dangerous human viruses such as SARS and H1N1. According to Charney, established security methods-firewalls, antivirus software, patching and the like-have been inadequate in fighting botnets, which are computer robots that spread malware or viruses.Charney proposes that technology products be required to receive a health certificate, while suggesting that health certificate requirements could lead to software patches, firewalls and antivirus programs being applied properly. He mentioned the EuroPriSe (European Privacy Seal) as an independent seal to use as a model. Of course, it's not a perfect solution. Charney notes that it could happen that a user requires a VOIP connection for a 911 call and his or her connection gets blocked because the system lacks a proper health certificate. "Information learned through the health examination process may be extremely valuable to those attempting to understand and preserve the health of the Internet," Charney wrote. In his paper, Charney proposed three steps: ensuring that devices can earn trustworthy health certificates; building an infrastructure that allows companies to receive the health certificates and act on them; and encouraging quick sharing of information about new threats. The "Collective Defense" strategy entails teamwork among governments, ISPs, the IT industry and users, according to Charney. "We cannot expect consumers to become security experts, but if we think about how the public health model helps consumers to understand when they are ill and when they should get treated, we can come up with relevant concepts that are applicable to Internet security," Charney concluded.
"If a device is known to be a danger to the Internet, the user should be notified and the device should be cleaned before it is allowed unfettered access to the Internet, minimizing the risk of the infected device contaminating other devices or disrupting legitimate Internet activities," he advised.