Robert McMillan of PCWorld, reports in an article dated February 15, 2011, that Scott Charney, Microsoft's Corporate Vice President for Trustworthy Computing, has changed his mind about who should lead the charge in keeping "sick" computers from infecting the Internet. I've pulled the actual text of Scott Charney's presentation from Microsoft's site – all quoted passages are taken from there.
At last year's RSA Conference, Charney put forth his "cyber public-health model," and placed Internet Service Providers at the center of this "prevention" model; in fact, Charney said that "'we need to think about ISP as being the CIO for the public sector, and we need to think about them scanning consumer machines, and making sure they're clean, and maybe quarantining them from the Internet.'"
Yesterday, however, while speaking at RSA Conference 2011, Charney said that "'in the course of the last year I thought a lot more about this, and I realized there are many flaws with that model, and it could be improved significantly.'" Charney goes on to identify three flaws with his "ISP as CIO" cyber public-health model. First, "'consumers may not want their machines scanned, right? They have a privacy interest in thier machine. They may not feel comfortable with that.'" The second flaw "'is that it puts a lot of burden on the ISPs, because they're the ones who are gaining access to the Internet. And that could be a problem.'" And the third flaw is:
"'the notion of quarantine at all, although we do it in health cases, the problem with quarantining on the Internet is this issue of convergence, which is my Internet PC may have VoIP, and it may be the way I access 911 for emergency services, so you see the scenario right, I'm having a heart attack, I run to my computer, it says you need to install four patches and reboot before you can access the Internet. That's not the user experience we strive for.'"
Among the improvements to his cyber public-health model, Charney now seems to advocate more end-user control.
"'First of all, the user remains in control. The user can say I don't want to pass a health certificate. Now, there may be consequences for that decision . . . but you can do it. . . . The second great thing about this model is that it's not all up to the ISP, any organization can say we want to look at a health certificate.'"
*****
The entire article from PCWorld can be found at the link provided above, or here. For more detailed reading, the entire text of Charney's speech is available at the link provided above, or here.
Leave a Reply