Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Desktop Security Battle May Be Lost

Posted by kdawson on from the deploy-the-tinfoil-hats dept.

Trailrunner7 writes in with a Threatpost.com article that begins: "For years, security experts, analysts and even users have been lamenting the state of desktop security. Viruses, spam, Trojans and rootkits have added up to create an ugly picture. But, the good news is that the desktop security battle may be over. The less-than-good news, however, is that we may have lost it. Jeremiah Grossman, CTO of WhiteHat Security, said Thursday that many organizations, particularly in the financial services industry, have gotten to the point of assuming that their customers' desktops are compromised. And moving forward from that assumption, things don't get much prettier." It goes on to speculate about home routers being targeted and infected.

6 of 389 comments (clear)

  1. Re:Though the Times They May Look Grim ... by jemtallon · · Score: 5, Informative

    If you'd have read the article, you'd know that home networks are the new frontier for hackers and a big reason why security experts are giving up the desktop fight to focus on the network instead. From the article: "... it won’t matter if PCs are disinfected, swapped out, or replaced with iPads, the bad guys are still control because they own the network below." So the old Blame Windows standard won't work in this case.

  2. No-Charge Solution by psbrogna · · Score: 4, Informative

    Other countries seem to be realizing that's it's a much more winnable battle if home users aren't in an MS environment. Isn't this EXACTLY why the Canadian bank recently started handing out Linux Live Boot CDs for their customers to use when banking from home?

    I think this is the article http://linux.slashdot.org/story/10/03/25/2350236/Can-Ubuntu-Save-Online-Banking

  3. Re:Though the Times They May Look Grim ... by Dorkmaster+Flek · · Score: 5, Informative

    Telus gave us this really crappy DSL/Wireless router. I never changed the admin password (admin/telus) on it, but I put a wireless password on it.

    To quote the Mythbusters, "Well there's your problem!"

    --
    I like to think of online DRM as something akin to a college -- you pay for lessons until you learn something.
  4. Re:Though the Times They May Look Grim ... by apparently · · Score: 5, Informative

    ^that looks to me more like wondering about a "what if?" hypothetical scenario, not something which actually takes the blame from Windows just yet...

    The article states "These are all reasonable assumptions based on real-world attacks that have been going on for some time now. Attackers have been targeting home networking equipment for a couple of years, using a combination of vulnerabilities in the firmware and hardware to get control of home users' outbound Internet traffic". Links within the original blog post discuss botnets that are already attacking Linux-based routers

    There's nothing "hypothetical" about this threat.

  5. Mod Parent Up. by aztracker1 · · Score: 4, Informative

    I don't generally post this kind of thing, but please mod the parent up. I cannot stress enough how false assumptions are generally bad in terms of security. Yes, Linux is being attacked (successfully), as is Mac OSX. The attacks on home routers are particularly heinous as most people do not update/upgrade the firmware ever, and more of it is based on common Linux underpinnings.

    --
    Michael J. Ryan - tracker1.info
    1. Re:Mod Parent Up. by dwillden · · Score: 4, Informative

      People don't upgrade the firmware in big part because firmware updates are not released. I've had my current Netgear router for over two years. There has not been one firmware update released. And the router management page even has a fairly prominent link to look for updates. If the router manufacturers don't post updates, how can the end users install them?

      --
      I'm too lazy to compose a creative sig.