The Desktop Security Battle May Be Lost

Trailrunner7 writes in with a Threatpost.com article that begins: "For years, security experts, analysts and even users have been lamenting the state of desktop security. Viruses, spam, Trojans and rootkits have added up to create an ugly picture. But, the good news is that the desktop security battle may be over. The less-than-good news, however, is that we may have lost it. Jeremiah Grossman, CTO of WhiteHat Security, said Thursday that many organizations, particularly in the financial services industry, have gotten to the point of assuming that their customers' desktops are compromised. And moving forward from that assumption, things don't get much prettier." It goes on to speculate about home routers being targeted and infected.

This again? Really?

[GNUALMAFUERTE]

Don't use Windows. Was that so hard?

I am not saying that all other operating systems are perfectly secure by default or that they are invulnerable, but windows is absolutely insecure. We have to face that truth.

Microsoft's security record is laughable. And I'm not even talking about particular exploits, bugs can be fixed, I am talking about design. Windows is designed to be insecure. Security was never really taken seriously at microsoft. There are countless techniques to escalate permissions on just about any win platform (Including windows vista and 7). And this are not obscure and complex vulnerabilities. This are simple 50 lines executables that allow you to escalate any process you want with a few clicks.

Just take a look at any of their products, either server or desktop, and their security record will be worse than any competitor. Exchange, SQL, IIS, Explorer, Windows, Office. They allow script execution in crazy places (like a simple text document or spreadsheet).

Windows is insecure for a very good reason: Because there is a huge industry that developed around fixing windows, that industry is so big that it has become the main tool of customer loyalty that microsoft has. Millions, from huge Antivirus companies, to overstuffed IT departments, to your average computer repairman base their economy on Windows flaws. Those guys love windows and all its flaws. I've actually had people telling me "Well, I know it's a piece of crap, but it's what keeps people coming to my shop again and again". Not to mention the computer retailers. Imagine the fall in Dell stock if people didn't have to buy a new computer every 2 years just to run the latest OS? A friend of mine has am iMac from 2001 running the latest OSX. And it runs amazingly well ... If people knew they can run a blazingly fast 3D desktop on an 80 dollar atom-based mother+processor combo, newegg would die.

So, no, we didn't loose the security battle, Microsoft won the marketing one.

Re:This again? Really?

[bakawolf]

A friend of mine has am iMac from 2001 running the latest OSX.

No, no he doesn't. The latest OSX will not run on such a computer. Its not a matter of speed, either. The newest OSX does not have support for the PowerPC architecture.

Re:This again? Really?

[jmauro]

A friend of mine has am iMac from 2001 running the latest OSX

No, you are incorrect. If it was an iMac bought in 2001 it was at best a G3 based iMac. The current version of Mac OS X, Snow Leopard, only runs on Intel Mac (and it wouldn't run the version before that Leopard since it reqires at least a G4 PowerPC Processor).

Most of what you say is bunk otherwise. Security models on all major general purpose operating systems have well thoughtout security models, but they all suffer from implementation issues (and general incomptent configuration issues). Window's issues tend to be more well known since they have the largest installed base by far and as such tend to be the largest target.

Short of closed systems with only pre-installed software that can be mathmatically checked before deployment you're not going to get to a perfect future world. You'll also never be able to afford any of these computers you're proposing or for that matter really want to buy them.