Advancing the Fight against Botnets with Consumer Notifications

imageAs we’ve reported on this blog in the past, Microsoft is actively involved in the global fight against botnets. Our involvement spans technical, legal and ecosystem engagement actions. A major component of the ecosystem is government, and in the United States, the Departments of Commerce and Homeland Security recently issued a Request for Information (RFI) concerning Models to Advance Voluntary Corporate Customer Notification to Consumers Regarding the Illicit Use of Computer Equipment by Botnets and Related Malware.

The Departments correctly express concern over the potential economic damage done by botnets and we are committed to working with our industry and government partners to reduce the impact of botnets on the Internet ecosystem. Accordingly, Microsoft, along with many members of industry, submitted responses to the RFI that can be viewed here.

I wanted to share with readers of this blog a few of the key points we made in our response:

o Botnets are a complex problem that requires a multi-faceted global solution. As such, no one entity can solve the problem alone. Microsoft believes that voluntary efforts to combat botnets must include members of the entire ecosystem. In fact, the most interesting and effective solutions will come from the partnerships between different parts of the ecosystem.

o We emphasize the need to disrupt and ultimately prevent botnets in the future. It is important not to simply build mechanisms by which botnet infections can be cleaned up very efficiently, in perpetuity. To do this, we must disrupt the botnet business models by simultaneously raising the attackers’ costs while lowering their gains.

o We are supportive of efforts to notify customers of infected devices, but recognize the increased possibility for fraudulent notifications. There are two key aspects to making notifications resistant to fraud and effective to end-users regardless of the form they take. First is to establish a trusted communications channel, so that users can be assured they are getting notifications from a trusted entity, and not just another attacker trying to get them to put malware on their system. Second is to explain the problem and the solution in terms the user can understand and with steps they can easily follow.

o We believe the most effective measure end users can take to stop botnet infections before they happen is to use the most current versions of operating systems, applications and security software available to them. Our recent Security Intelligence Report shows that each successive version of Windows has a lower infection rate than its predecessor.

I’d also invite you to take some time review the responses prepared by many of the major providers and industry representatives in the internet ecosystem. You’ll notice that many members of the ecosystem are already taking significant action to help protect consumers from botnets and malware.

About the Author
Kevin Sullivan

Senior Security Strategist, Trustworthy Computing

Kevin Sullivan is a Principal Security Strategist with Microsoft’s Global Security Strategy and Diplomacy team, part of Trustworthy Computing, which focuses on driving strategic change to advance security and resiliency, both within Microsoft and externally. Kevin leads the group’s efforts Read more »