The Internet needs to be more trustworthy if it wants to grow, according to Microsoft's senior security executive, Scott Charney.
In a video posted to Microsoft's Web site ahead of Charney's keynote at next week's RSA security conference, Microsoft's corporate vice president of Trustworthy Computing described how anonymity on the Internet is increasingly being exploited by cybercriminals. "We need to push back on anonymity and lack of traceability," he said.
[ Earlier this week, Microsoft announced its rebranded managed security offering | Keep up with all the news from RSA 2009. | Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. ]
"Because the Internet can be anonymous and untraceable, criminals flock to the Internet," Charney explained. "Today too many people do not know what software is running on their machine and often they have malware. They often don't know who they're communicating with, whether an e-mail they've received is spoofed or from some unknown sender even when it appears to come from someone they know. When they visit Web sites, they don't know if that Web site is to be trusted or not.
"For all of these reasons we need End-to-End Trust," Charney said.
End-to-End Trust is a security marketing initiative introduced by Microsoft chief research and strategy officer Craig Mundie at last year's RSA conference. Keynoting next Tuesday, Charney is expected to give an update on the initiative, which the company has thusfar billed as an effort to engage industry, consumers and policy makers in a serious discussion of online security problems. His video was posted this week on a revamped version of Microsoft's End-to-End Trust Web site.
As the world's dominant supplier of software, Microsoft is constantly in the crosshairs of attackers. Even as the company has taken steps to lock down its flagship Windows operating system, hackers have exploited countless flaws in the programs that run on top of it, such as Office and Internet Explorer.
Microsoft would like to give its users a better idea of whether a Web site or e-mail attachment is trustworthy. But how you identify people on the Internet without raising serious privacy concerns? It's a problem that Microsoft hopes to solve first by engaging in discussion.
"We've been talking about this since last year, spending a lot of time with the policy makers," said Doug Leland, general manager of Microsoft's Identity and Security Business Group, in an interview. "This is an agenda we're trying to advance with the reset of the industry and with policy makers and lawmakers and law enforcement as a proposal of a solution to tackle a very significant problem."
Last September, for example, Microsoft made a submission to the Internet Safety Technical Task Force, a group looking at ways to improve online safety for children. Microsoft's paper (PDF) advocated the replacement of Web user names and passwords with Information Card systems, such as Microsoft's own CardSpace technology, and calling on a collaboration between government, industry and child development experts to solve the problem.
Microsoft has been working with a number of countries, including Singapore, Belgium, the U.K., and France to develop government-issued digital credentials, Leland said.