By Ding Lei
CEO, NetEase Inc.
Ladies and Gentlemen,
The title of my presentation today is "Security in the Internet: a Model and a Case Study". I would like first to present a model, trying to link together a number of seemingly disparate Internet security problems. My basic conjecture is that these problems stem from a single root cause. This single fundamental problem is therefore a crucial one. Then I would like to go on to discuss ways in which these security problems are related to the public interest. Lastly, I will present a case study from my industry.
A Model of Internet Security
My model relates to six separate Internet security problems. Before elaborating on them, let me first enumerate them. The problems include malware, or malicious software, software vulnerabilities, account theft, botnet, spam email, and Distributed Denial of Service attacks. At the center of the model is the problem of malware. Malware is at the root of many problems in the Internet, and is therefore a crucial problem.
Malware generally refers to computer software that is designed to cause damage to computer systems. Among others, it includes viruses, worms and Trojans. Note that these are different creatures. Take the example of a virus and a worm. The former is parasitic to an existing program, while the latter is not and self-propagates through the network or other media. A lot of computer users do not understand these differences and refer to all malware as "computer viruses", which is imprecise.
Malware is very widespread in the Internet. Looking at viruses alone, according to a 2007 study by the Chinese Ministry of Public Security, 91 percent of Chinese computers are infected.
The second problem is software vulnerabilities, especially those in basic software like operating systems or Web browsers. Software vulnerabilities are the main means through which malware spreads. Therefore, the prevalence of vulnerabilities among online computers has a significant impact on the speed at which malware spreads following an incident.
The third problem is the security of user accounts and personal information. This is a relatively new problem. Account theft becomes attractive to criminals only once online business reaches a certain scale. Today it is a big threat to burgeoning Internet applications like e-commerce, online banking and online entertainment. Malware, in particular Trojans, are the main tools for account theft.
The fourth problem is "botnets", which are networks formed by computers infiltrated by viruses, worms and Trojans, under the central control of the attacker. Botnets, in comparison to malware, are a new and advanced form of malware attack. Not only do they cause damage to the computers under attack, more importantly, they also often engage in further attacks commanded by their controller.
The fifth problem is spam email, that is, unsolicited commercial email messages. This is one of the oldest Internet security problems. Spam email results in wasted bandwidth and a reduction in the usefulness of the email service. A study by the Internet Society of China shows that 62 percent of all email messages sent in China in 2006 were spam messages. Spam email is closely related to botnets, and more and more spam messages are sent through them.
The sixth and last problem is Distributed Denial of Service attacks, denying service to users by exploiting vulnerabilities in Internet services or by consuming all available capacity. This kind of attack is also closely related to botnets. Most DDoS attacks originate through zombie computers from botnets. DDoS attacks are often bruteforce in nature and hard to defend against. They often target important websites, or the infrastructure of the entire Internet. Moreover they are often mounted suddenly. Therefore DDoS attacks are an important category of security problem. For example, two DDoS attacks occurred in 2002 and 2007 targeting the DNS Root Server, both resulting in the rare event of near-failure of the entire Internet.
As we have seen, all these important Internet security problems are related to the problem of malware. They will be solved or greatly mitigated if we can find an effective solution to the malware problem. Here I’d like to give a few suggestions and observations, hoping to spur further discussion.
First, one key way to reduce the proliferation of malware is to eliminate software vulnerabilities. Currently, automatic update of software systems is a primary mechanism to do this. However we can observe quite different habits between Chinese and American Internet users. A much smaller proportion of Chinese users use the latest versions of software through automatic updates, in comparison with their US counterparts. Take the Web browser as an example. Statistics from NetEase’s servers show that, of all Microsoft Internet Explorer users, fewer than 25 percent users use the latest version (7.0). In contrast, statistics from several American websites show that more than 50 percent of users already use the latest version. In addition to Web browsers, the same phenomenon applies to operating systems. The question why many Chinese users do not use the latest and most secure software, and how we can improve this, needs to be addressed.
Second, solving malware and botnet problems probably require more collaboration between companies and across regions and countries. For example, the developer, controller and victim of a botnet are often in different locations or countries. It will be hard to solve these problems without effective collaboration.