Microsoft's Scott Charney Calls For Disrupting Cybercrime Activities

It's not enough to build defenses against cybercriminals, the good guys have to put the bad guys out of business, according to Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group, in a keynote address Tuesday morning at the RSA Conference 2010 in San Francisco. "We are committed to collaborating with industry and governments worldwide to realize a safer, more trusted Internet through the creative disruption and prevention of cybercrime," says Charney. While focusing on security and privacy fundamentals like threat mitigation remains necessary, the industry needs to be more aggressive in blunting the efforts of cybercriminals.

Microsoft's latest success at thwarting cybercrime occurred last week when the company, along with other industry, academic and legal communities, obtained a restraining order against the operators of the Waledec botnet, one of the 10 largest botnets in the U.S.A.  Botnet is a large network of computers that have been compromised, usually without the owner's knowledge, to launch cyberattacks such as spam, denial of service attacks, click fraud and distribution of malicious software. Battling botnets was just one of several themes in Charney's address, in which he promoted Microsoft's "End to End Trust" vision of secure Internet computing for both on-premise and cloud-based enterprise IT.

At RSA, Microsoft also released a community preview of new technology it calls U-Prove, which uses cryptography to better protect privacy and enhance security in online transactions. Microsoft also released portions of the U-Prove intellectual property along with an open-source software development kit for both the C# and Java programming languages, in order for developers to experiment with U-Prove and provide feedback. Charney also addressed the need for a clarification on how data is secured in cloud-computing environments. The issue is not just about how a cloud service-provider secures a client's data, but about what the government has to do to obtain access to it.

In the pre-Internet world, a government agency would have to show probable cause to get a subpoena to see data, he said. "The fact of the matter is as we move more and more of this data to the cloud, it means governments and litigants can go to the cloud and get that data without ever coming to the citizen." Charney said there may be a need for legislation to protect data in the cloud.

The Trustworthy Computing initiative has been successful at improving Microsoft's reputation for security competence, a reputation it did not always have, said industry analysts in a panel discussion Tuesday afternoon. "People used to beat up on Microsoft," said Jonathan Penn, vice president at Forrester Research. "Microsoft was not in the business of providing secure solutions but focused on functionality for the user, until things got bad enough that it started to affect their business."