Microsoft and Alipay to Collaborate on Internet Security

Microsoft and Alipay, China's largest e-payments provider, have agreed to collaborate to improve Internet safety in China by treating security threats as a public health issue.

Under a letter of intent signed by the companies today, Microsoft and Alipay agreed to apply some of the techniques used in the control of infectious diseases—such as public education, sharing of information among governments and health agencies, and monitoring of at-risk populations—to the world of digital devices. Alipay is the first company in China to join a Microsoft initiative to ramp up Internet security for personal computers, mobile phones and other end-user devices in the face of growing global threats.

According to Jing De Jong-Chen, general manager for the Microsoft Trustworthy Computing Group, common computer defenses such as firewalls, antivirus software and automatic updates for security patches help reduce public vulnerability to malicious activity. But, despite these protections, tens of thousands of consumer computers are unwitting hosts to malware and are at risk of being enlisted in "botnets." Botnets are swarms of personal computers that hackers have surreptitiously seized to send spam, steal passwords and credit card numbers, and carry out attacks on critical government and business websites and networks.

A Microsoft post on Internet security states that helping consumers make sure their devices are disease-free is "a key first step in transforming the current posture from reactive to preventative." The company also suggested that infected computers, because they risk the health of the public Internet, may need to be sequestered from online activity. Here's an excerpt from the Microsoft document:

There is currently no global approach to protecting people from the potential dangers of the Internet. Whereas enterprises typically have a CIO and CSO to help them manage the threats they face, there is no equivalent for consumers worldwide, or even at the national level for most countries. Unlike enterprises, consumers don't have support from IT experts nor do most people want to become security experts themselves. Information technology is complex and many people are unaware of how to protect themselves, even though tools have been built to automatically scan machines, install program updates, update virus signatures, and remove malware when found. As helpful as education and these tools are, they have proven inadequate to the task of preventing the proliferation of botnets. Some consumers do not follow the guidance provided and engage in other unsafe actions—such as downloading executable programs from unknown sources—leading to a large number of machines infected. Those with infected computers are not simply risking their own valuable information and data; they are putting others at risk too. Because of this threat to greater society, it's essential that the technology ecosystem take collective action against this threat.

Details of the Alipay-Microsoft collaboration have yet to be determined. But the partners intend to follow a Microsoft plan called the "device health model" whereby consumer machines running Windows would be periodically scanned over the Internet by Microsoft and notified by Alipay if a security threat is detected, said Jiang Chaoyang, Alipay vice president of safety. "When people access Alipay in the Windows operating system, Microsoft will share with us the safety status of the user, such as whether their computer is using a firewall," said Jiang. "If it is not well protected, we will issue (users) a warning. It's mainly a sharing of information regarding the safety of the device," Jiang added. "It’s like a health certificate." Windows is used by more than 97 percent of China's online population.

The program is expected to launch later this year. To learn more about applying public health models to Internet security, click here to download a PDF file from Microsoft.