Fight computer viruses like epidemics: Microsoft

Microsoft on Tuesday advocated fighting pernicious computer viruses with public health tactics used to stop the spread of SARS, H1N1 and other dangerous real world bugs. Computers could be granted health certificates to be used online to show they were checked for viruses, Microsoft vice president of Trustworthy Computing Scott Charney said at a RSA computer security gathering here. “There are a lot of parallels to the health model,” Charney said. “In public health we give people advice like wash your hands to stay safe or get vaccinations,” he continued. “We can do that in the Internet world as well, and if your computer is sick we give you treatment.” Computer versions of public health notices could include the importance of running updated anti-virus software or warnings about the latest malicious software spreading online. Charney told of “proof of concept” online identification software that could play a pivotal role in an online public health model by verifying that people on the Internet are who they claim to be. People wouldn’t be compelled to use computer health certificates, but businesses could require them for certain services. “Instead of just reacting to tainted machines, we can look out for machine health,” Charney said. “It’s not about quarantining machines,” he continued. “It’s about remediation.” Charney caused a buzz last year at RSA with a suggestion that computers infected with malicious software be quarantined on the Internet. “We could flip it around to use the identity model,” Charney said. “Where consumers would be asked for health certificates (for computers) and not providing one might have some consequences.” People who didn’t present health claims could encounter precautions such as caps on money accessed in online bank accounts or limited Internet data flow.