Slashdot Mirror
We Live In The Dark Ages of Internet Security, Says Kaspersky Labs CEO
An anonymous reader cites a report on TheMerkle: It is never a positive sign when one of the world's leading security firms mentions how the world is currently in the "Dark Ages" of computer security. That particular statement was made by Kaspersky Labs CEO Eugene Kaspersky during the NCSC One conference in The Hague. Enterprises and consumers need to step up their protection sooner rather than later, as the number of security threats keeps increasing. Update: 04/05 18:41 GMT by M :Reader Rob MacDonald has posted the following insightful comment (slightly edited for clarity and length): We're in the dark ages by design. We've allowed the alphabet agencies to compromise our security, at every level, including hardware. The one that doesn't have an exploit at shipping, gets intercepted and modified in transit. The encryption algorithms we've been using were compromised at such a level it took this long to see it.
That's only true if you force yourself to live in the dark.
If you don't want to, you can always use OpenBSD. If security is what you care about, then OpenBSD is your best choice. Its developers have proven time and time again that they put security first and foremost, and this has resulted in one of the most trustworthy operating systems to have ever have existed. Best of all, it's free and open source! There's really no reason not to use it, especially if you want and need security.
The one thing that I think really sets OpenBSD apart from its peers is that the OpenBSD team will go out of their way to secure software they didn't even write. They'll fork, fix, maintain and improve third-party software that doesn't meet their standards. LibreSSL is a superb example of this, but they've done it with other software in the past, too.
Nobody claims that OpenBSD is perfect, but it's as close as anyone is going to get today. As we become more and more aware of the risks that we face, it becomes clearer that OpenBSD is the operating system that's best poised to stand strong against these threats.
OpenBSD is where it's at. If you want to live in the dark, then by all means ignore OpenBSD. But if security is what matters to you, then OpenBSD is the light.
Yes, they are Russian. Yes it's a fucking solid, quality, AV solution for enterprise. In fact, there's a shit load of functionality there that most people wouldn't expect from an AV solution. So yeah, when one of the world leaders in the industry says that, he's not talking out of his ass. The point not stated, at least in the summary, is the fact that we're in the dark ages BY DESIGN. We've allowed the alphabet agencies (not google you dolt) to compromise our security, at every level, including hardware. That which doesn't have an exploit at shipping, gets intercepted and modified in transit. The encryption algorithms we've been using were compromised at such a level it took this long to see it. TLS, SSL, sha. all compromised at the core. Jesus we can't even trust random number generators. We can't trust encryption based on primes as it's proven these can be broken if you have the hardware (they do) and the time (they do). Nothing short of a do over can fix this. The infrastructure is compromised, the undersea trunks are tapped, they can even decipher passwords and information from an AIR GAPPED COMPUTER. Seriously. I can't see a way out of this. Encryption for all!!!!! FBI much? Encryption is a joke when they've helped build the encryption system. We hae been pwnd from day 1.
>> one of the world's leading security firms mentions how the world is currently in the "Dark Ages" of computer security
What leading firm? All I saw here was "Kaspersky." (Ducks.)
(And of course, they're going to say that. What else would they say: "you guys can pull back a bit on IT security spending - things are getting better?")
Google, Microsoft, Mozilla, Apple and Opera.
Script kiddies gonna script. But it's 2016 and XSS still happens. That's not acceptable. At least Google offers bounties... so they get some slack. The rest though.. come on.
We're getting this stuff from three directions:
1) The manufacturers of products are lazy and incompetent, and carry no liability for that;
2) Organizations take short cuts from within, and don't realize just how vital security is;
3) Entities like the FBI want to undermine our security so they can be assured access to our stuff, while stupidly refusing to accept they're causing security to suck even more;
As long as these things keep happening, we basically live in a world where security is an afterthought, or too complicated, or something to be actively undermined to allow idiots to bypass it.
And all three of those combine to more or less ensure that having real security is almost impossible. Because no matter what the assholes who want to spy on us say, leaving it open for them also leaves it open for everyone else.
The people who claim to be protecting are as much fault for this as anybody else. Only they're too stupid to accept that the world doesn't recognize that only the good guys will bypass security when it's been built to have holes in it.
This is why we can't have nice things.
Lost at C:>. Found at C.
Does he remember the dance you had to do to install Windows 2000 on an unfiltered connection (if you didn't want it to be instantly owned)? You had to install completely disconnected, disable a bunch of services, and then try to connect and download patches as quickly as you could in order to get to a viable state. And everyone else's Windows computer you used had 9 layers of browser toolbars and adware and anti-anti-anti-adware that made their system effectively unusable?
I'm sure there's lots of security battles to come - maybe even a World War or two - but the real dark ages of security are in the past.
Let's not stir that bag of worms...
So we are living in the dark ages, but it feels like we're trusting our 'security' to a bunch of mercenaries where the highest bidder gets to take your money and walk away when newer threats usurp their protection abilities.
It's a vicious cycle, and there are no shortage of participants willing to take your money to 'protect' you.
Wasn't it Kapersky who stated something to the effect that people don't need privacy?
https://www.youtube.com/c/BrendaEM
There is also the minor point that Eugene "internet passport" Kaspersky is just as much a supplier of imperial clothing as the rest of the industry. Nice of him to say this now but he's made a fortune being part of the problem, so no, he might not be talking out of his ass, I don't trust him either. He doesn't deserve my trust, or anyone else's.
I've had a PC on the internet since the early-mid 1990's, and so far have had precisely zero security problems with this.
But then, I don't do a bunch of stupid shit, either. I don't let random web sites run javascript. I don't run "HotBabe.jpg.exe". In fact, I've never even run Windows on an internet connected computer, due to the security clusterfuck of that ecosystem. If I ever want to do something that could potentially be risky, I'll use a VM jail. And to more modern issues, I won't let IoT devices have the run of my internal network.
Net result? Zero security issues, zero loss of data, zero malware, zero ransomware. The people I see with weekly or monthly malware infestations are the ones absolutely refusing to learn. Even after the 20th time they do Stupid Thing X and get infected yet again, that doesn't seem to stop them from doing the very same thing again next week. Yet they act bewildered about what could have happened.
I'm not the only person I know who has had zero problems with internet security. Far from it. If you have one population that has constant problems, and another that has none, maybe just maybe the population having all the problems should ask themselves, "What are we doing wrong, that those other guys are not? Why are we having so many problems, and those guys are not having any problems at all? What should we be learning?"
Have there been real security flaws? Sure... but that's like 0.001% of the problem. The vast majority of the problem is people's own behavior.
And Kaspersky's use of an adware site (softonic.com) to download their software is not helping any.
“He’s not deformed, he’s just drunk!”
There's nothing defective about Internet security, it does exactly what it was designed to do, that is connect computers using an ubiquitous networking protocol. The problem lies with the defective computers that are at either end of the connection.
Technology is to hard for a small group. Trust is to difficult for large groups.
And the Russian and Chinese are the Visigoths.
> OpenBSD cost me everything with its lackluster security.
Even your slashdot login! The humanity!
http://www.bbc.com/news/techno...
Does the FSB count as an "alphabet agency"? Because they're the ones who run Kaspersky.
The manufacturers of products are lazy and incompetent, and carry no liability for that;
It's worse than that.
The manufacturers are in a race to get new products and features to market. First through the window collects the customer base and market share. First three or so through the window slam it and everyone behind them crashes and burns. (For a startup that's IT. Go find more money and do another one - and have the same pathology.)
So doing things securely (which is hard and time consuming) means you miss the window. Thus only insecure stuff makes it to market. Maybe they fix it later, once they're established. Usually not, though. That's when you get the big breaches when somebody finds the holes.
The invisible hand has slapped down the players who tried to do it "right" - and thus did it too late.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
"It is never a positive sign when one of the world's leading security firms mentions how the world is currently in the "Dark Ages" of computer security. " Well what to do you expect a security firm to say? "There is no need for our products."?
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Kaspersky lives there for sure
The Dark Ages had nothing to do with ignorance, naivety or any other way he's using the phrase. It's called the Dark Ages because it's dark, ie, we have very little recorded information about that period in history.
That won't help. Here's what will help: ubuntu.com, linuxmint.com.
Hosts originate on NIX. Using his exported hosts data from windows works there too on a simple principle: what you can't touch can't harm you using hosts.
https://www.eff.org/deeplinks/...
I'd better download a minimal flash installation of FreeBSD and build the rest from source. It does not save me from the source-level malware but at least make it much less probable.
says the butcher. A-hah.
Now we could do more for our security, definitely. But we can't buy it, not from Kaspersky and not from elsewhere. We gotta learn it.
Still, most PHBs will go buy some security and then go to sleep. I'm just hoping that each and everyone of those has to face the consequences.
An age is called Dark not because the light fails to shine,
but because people refuse to see it.
-- James Michener, "Space"
. . . . a RUSSIAN firm complaining about computers being pwned by "Alphabet Agencies". . .
OpenBSD (or any other OS) can't workaround backdoors in Intel/AMD hardware or firmwware.
http://mail.fsfeurope.org/pipe...
APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...
Less power/cpu/ram+ IO use vs. local DNS servers + addons w/ less security issues vs. DNS + routers. Less complex vs firewalls (needing layered filtering drivers - hosts don't + firewalls block less used IP addresses, hosts block more used host-domain names) complimenting 'em. Antivirus = reactive. Hosts = FAR more proactive, blocking infection BEFORE you get it. Gets its data from 10 reputable security community sites.
* My program protects hosts vs. corruption in usermode (effectively 'locks' hosts vs. writes) & kernelmode threats (via updates).
APK
P.S. - Hosts get you more speed (hardcodes + adblocks) & faster vs. addons, security (vs. bad sites/dns security issues), reliability (vs. downed/poisoned dns), & anonymity (dns requestlogs/trackers) vs. other "so-called -solutions'" w/ what you natively have. Unlike Adblock/UBlock/Ghostery, hosts != blockable by ClarityRay/BlockIQ... apk