Secure IT Foundation

We are still losing the computer security war…

Posted on: September 17, 2009

It is still busy times for computer security. If you were not aware, Microsoft, omitted in this month’s STOM day a security fix for a networking issue that has been fixed in final version of Windows 7, but leaves Vista users vulnerable. It is known as SMB2 and you can read more about it on The Register.

As we have said before, with new security issues being reported daily but fixes released days / weeks / years later, we are still on the losing side of the computer security war. The bad guys can release exploits to take control of a computer before security professionals can apply updates. If the world’s security strategy depended purely on applying updates, then you would have to say we have lost completely. In this weeks major issue, both the good and bad guys are working on an exploit for the issue, but what is really needed is Microsoft to release the fix to Vista users asap. Even more frustrating is the knowledge Microsoft have a fix!

Our attackers have speed, flexibility and an understanding of human behaviour e.g. greed, on their side. Us defenders have a hard time stopping the attackers, our defences are mostly reactive strategies like patching, Anti Virus signatures and Intrusion Detection Systems in the corporate world.

While these strategies do give some protection, the best defence is a strong offence. We should be focusing on strength by ‘defence in depth’ and ‘least privilege’, and offence from security awareness and a ‘no by default’ approach. The Secure IT Foundation is committed to increasing security awareness and to make ‘no’ the default response from the user. In combination with manufacturers applying a home computer standard like ours, then we can start to have a stronger offence in the war on computer security.

We may have lost another battle for home computer security, but there is hope and if everybody works toward a single goal of a secure home computer then we can still win the war. Some Dunkirk spirit is needed, else we may as well surrender now and go back to pen and paper!

SB

Advertisements

2 Responses to "We are still losing the computer security war…"

Sorry, but we’re never going to win the computer war given the current technology and security paradigms. Defense in depth is the best strategy to reduce our risk and exposure at this point, but unfortunately, it’s not enough. Some major changes need to take place in order for the world to be safe from hackers and none of those changes are going to happen anytime in the near future.

Defence in depth is still the best current defence without pulling the plug. Pre-Internet security was about making isolated networks limited from the outside world. Then came the Internet as we now know it, and everyone now has to talk to each other directly or indirectly with the outside world. The biggest change we can achieve currently is to stop people giving away private or financial information through ignorance. Computers are easy to secure using well tested standards, but what people do with their computer is another thing. Education and enforcement combined with secure computers ‘out the box’ would make up for mostly human not technology failings.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


    • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
    • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
    • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]

    Categories

    %d bloggers like this: