Within the past hour, President Obama addressed the nation from the White House to emphasize the importance of cyber security, to announce the release of the administration’s report of its 60-day cyberspace policy review, and to announce the creation of a new White House position, the Coordinator of National Cyber Security.

This represents an enormous step forward in national awareness of the role cyber security in general and malware in particular play in our economy and our physical security. Having the "leader of the free world" describe the threat of botnets and spyware on national television will expand press and citizen interest in this issue.

As important as the threats, though, are the freedoms that the President discussed. He emphasized the importance of preserving both personal privacy and net neutrality while securing our infrastructure. He also pointed out that this will require a collaborative effort amongst individuals, schools, corporations, and governments from the local level through the national level, not just in the U.S., but internationally, as well.

The attention is an important start, but of course execution is the key. Melissa Hathaway, Cybersecurity Chief at the National Security Council, posted some information about the policy review she led, as well as links to the report (PDF) and to the papers that informed the report. Based on a preview of the report that Melissa Hathaway delivered at the Kennedy School last night, I expect the administration is moving in the right direction. I look forward to reading the report, and I encourage others to do so, as well. Meanwhile, it’s up to all of us to work together to build a safer Internet. StopBadware looks forward to playing a role in bringing together the people, the organizations, and the data that make this possible.

Today at the Anti-Spyware Coalition (ASC) public workshop in DC, StopBadware, the ASC, and the National Cyber Security Alliance (NCSA) launched the "Chain of Trust" initiative. From the press release:

Developed by the Anti-Spyware Coalition (ASC), National Cyber Security Alliance (NCSA) and StopBadware.org, the Chain of Trust Initiative will link together security vendors, researchers, government agencies, Internet companies, network providers, advocacy and education groups in a systemic effort to stem the rising tide of malware.

[snip]

The first order of business in the Chain of Trust Initiative is to map the complex, interdependent network of organizations and individuals that make up the chain. Only by identifying all the vulnerable links and understanding how they connect to one another can malware fighters get a handle on the problem and begin to develop consensus solutions.

For those interested in ideas coming out of the workshop, feel free to follow the tag #asc09 on Twitter, flickr, and other tag-enabled sites.

Last week, the ZDNet Zero Day blog summarized a report by researchers from Google Switzerland and ETH Zurich as follows:

Google’s decision to silently update the Chrome browser — without the user’s knowledge or consent –  has put the company at the head of the pack when it comes to securing modern Web browsers.

Indeed, the report noted that, unsurprisingly, the less user intervention and aggravation required to update the browser, the more likely the browser is to be up to date on a given user’s machine. It concludes by trumpeting Google’s own Chrome browser as a success for using silent updates that successfully keep users’ browsers patched. It goes on to encourage other browsers to adopt a similar strategy.

While the technical mechanism in question sounds like an effective and efficient way to update browsers, the lack of user control inherent in Chrome’s system is concerning. There is no clear notice during installation or operation of the software that it will be updating itself automatically. (I didn’t read the entire EULA, but then, neither will most users.) There is also no obvious place in the program’s options screen for disabling this feature, in case you want to test using different builds or have some particular objection to auto updates or a particular change in a newer version.

StopBadware has always been committed to the principle that users should be presented with the information and options necessary to make decisions about how software is installed, updated, and used on their computers. Google should be applauded for seeking new ways to increase browser security, but it should also be held to the highest standards for disclosure and user choice.

What are your thoughts about Google Chrome’s silent updating? Let us know over at BadwareBusters.org.

There’s still time to register for the Anti-Spyware Coalition public workshop next week in Washington, DC. And, best of all, press, government, ASC members, educational and nonprofit attendees attend free! (Corporate attendees pay only $250 for a great all-day workshop.)

Complete details and registration links can be found here.