Innovation, security and personal computer

    imageOver the past few years, I have noticed a sharp slowdown in the creation and implementation of new technologies for protecting against malicious software for personal computers, both from start-ups and from major manufacturers of protection tools. As a result, we are observing the security industry as a strange state: the fight against cyber “businessmen” profiting by illegal methods is ongoing, technological security methods are constantly evolving, but ... cyber criminals don’t shovel at the labor exchange because of the fall of “business "- revenues to zero. Or maybe the way it is now is normal, because the world is not collapsing?

    Analyzing the current situation, I am becoming more and more affirmed in the idea that for the area of ​​personal computer protection the “end of history” is coming, since all the protection technologies that could be invented to protect the operating system based on the security approaches and principles that prevailed at the end of 80 years of the last century (I recall that it was then that the development of the architecture and kernel of the Windows NT operating system began, and in those days the development was carried out without taking into account safe programming measures and functionality limitations for potentially unsafe processes), already in one way or another implemented and present in the market. Further development of new technologies for providing protection against malicious software rests on two things. First: the need for strong changes in familiar patterns of user work, who doesn’t want to relearn, and therefore will not, most likely. The user wants to work at his personal computer in the way he is used to, but at the same time he should be calm for his safety. So, manufacturers of security tools have to create “crutches” for the Windows operating system in such a way as to deal with malicious software, and the user is not very disturbed and annoyed. Second: it is the need to support many programs that are not written very well in terms of integrating them with new approaches to protecting against malicious software, which can be quite expensive and create problems even for a large company. but so that he would be calm for his safety. So, manufacturers of security tools have to create “crutches” for the Windows operating system in such a way as to deal with malicious software, and the user is not very disturbed and annoyed. Second: it is the need to support many programs that are not written very well in terms of integrating them with new approaches to protecting against malicious software, which can be quite expensive and create problems even for a large company. but so that he would be calm for his safety. So, manufacturers of security tools have to create “crutches” for the Windows operating system in such a way as to deal with malicious software, and the user is not very disturbed and annoyed. Second: it is the need to support many programs that are not written very well in terms of integrating them with new approaches to protecting against malicious software, which can be quite expensive and create problems even for a large company.

    To the credit of Microsoft Corporation, its developers and management over the past few years have devoted a lot of resources to ensuring the security of their operating system (UAC, EMET, Windows Defender, ASLR, SMEP), however, the company has to bear the “backward compatibility burden” with software written back in the era when few people thought about limiting functionality, sharing resources, and secure code, which also limited the company in the implementation of new security models for personal computer operating systems.

    The first security features for personal computers appeared in the mid-80s. Since then, innovators in this field have come a long way, having tried a huge number of approaches to protection against malware for the operating system from Microsoft. Almost everything that could have been invented to ensure the security of Windows users on the NT kernel was somehow implemented and presented on the market (from the latest tools - cloud analysis, sandboxes of all kinds and means of securing financial transactions). Moreover, the evolution of approaches to the implementation of malicious programs is also almost complete, because their authors have come up with, in my opinion, everything that is possible to generate income from their activities. Therefore I suppose that in the near future we will not hear about new technological breakthroughs at the front of the fight against malicious software, rather, these will be new interpretations of old schemes and approaches. Innovations in this area are coming to the end of their glorious history, as well as the time of the rampant growth of the personal computer market itself, by the way. We will see everything new and interesting in security in completely different areas, with personal computers not connected (well, maybe connected, but only indirectly). For example, in the field of mobile payments and “Internet of things”. We will see everything new and interesting in security in completely different areas, with personal computers not connected (well, maybe connected, but only indirectly). For example, in the field of mobile payments and “Internet of things”. We will see everything new and interesting in security in completely different areas, with personal computers not connected (well, maybe connected, but only indirectly). For example, in the field of mobile payments and “Internet of things”.

    In early 2013, Kaspersky Lab discovered a cyber spyware system called Red October. According to the Laboratory, the spy system successfully functioned from 2007 to the beginning of 2013, until it was exposed. That is, the entire stack of protective technologies at the time of detection of this type of malicious software was bypassed by attackers, one way or another, otherwise they would not be able to deploy their network. From the moment it was discovered (that is, from Kaspersky Internet Security 2012), the technological stack of Kaspersky Internet Security protection mechanisms was supplemented with the following technologies (omitting improvements within the existing security barriers): [KIS 2013] ensuring secure Internet payments, protecting data input from keyboards, automatic exploit protection (AEP), [KIS 2014] the ability to run only on white lists of safe programs, protection against malicious screen blockers, [KIS 2015] protection against unauthorized use of a web camera, checking the security of public Wi-Fi networks. Compare automatic protection against exploits [KIS 2013] and unauthorized use of a webcam [KIS 2015], which is more technologically advanced and more complicated? And this is the situation with one of the most innovative and technological security systems in the anti-virus industry. What can we say about others? Intel Security (former McAfee), for example, has no desire at all to incorporate behavioral protection into its security systems ... security check of public Wi-Fi networks. Compare automatic protection against exploits [KIS 2013] and unauthorized use of a webcam [KIS 2015], which is more technologically advanced and more complicated? And this is the situation with one of the most innovative and technological security systems in the anti-virus industry. What can we say about others? Intel Security (former McAfee), for example, has no desire at all to incorporate behavioral protection into its security systems ... security check of public Wi-Fi networks. Compare automatic protection against exploits [KIS 2013] and unauthorized use of a webcam [KIS 2015], which is more technologically advanced and more complicated? And this is the situation with one of the most innovative and technological security systems in the anti-virus industry. What can we say about others? Intel Security (former McAfee), for example, has no desire at all to incorporate behavioral protection into its security systems ... What can we say about others? Intel Security (former McAfee), for example, has no desire at all to incorporate behavioral protection into its security systems ... What can we say about others? Intel Security (former McAfee), for example, has no desire at all to incorporate behavioral protection into its security systems ...

    Modern startups in the field of security are aimed at the corporate market and implement only two basic concepts (of course, adapted to different application environments). The first of these is the detection of anomalies (it does not matter what, namely, network connections, activity of accounts in Active Directory, or program behavior). The second is the creation of secure environments and algorithms. And, as it seems to me, the second is more important than the first, because the digital world in the form that we are observing is based on environments and algorithms invented and implemented back in the 80-90s of the last century, which is certainly very outdated. And some of them during this time were completely compromised (for example, the entire MD checksum generation family). Everything rests only on the fact that it’s not profitable for cyber criminals to bring down this entire unstable structure, since they earn money on unsafe elements. But from the point of view of the stability of real systems to cyber attacks on the destruction of infrastructure and causing damage to the enemy, the situation is critical at the moment. Either we, experts in the field of information security, will be able to turn the tide, or at some point we will lose control over what ensures our lives in the literal sense of the word: power supply, water supply, banking operations. The second option is not the most pleasant, is it, colleagues? or at some point we will lose control over what provides our lives in the literal sense of the word: power supply, water supply, banking operations. The second option is not the most pleasant, is it, colleagues? or at some point we will lose control over what provides our lives in the literal sense of the word: power supply, water supply, banking operations. The second option is not the most pleasant, is it, colleagues?

    Also popular now: