We Live In The Dark Ages of Internet Security, Says Kaspersky Labs CEO

An anonymous reader cites a report on TheMerkle: It is never a positive sign when one of the world's leading security firms mentions how the world is currently in the "Dark Ages" of computer security. That particular statement was made by Kaspersky Labs CEO Eugene Kaspersky during the NCSC One conference in The Hague. Enterprises and consumers need to step up their protection sooner rather than later, as the number of security threats keeps increasing. Update: 04/05 18:41 GMT by M :Reader Rob MacDonald has posted the following insightful comment (slightly edited for clarity and length): We're in the dark ages by design. We've allowed the alphabet agencies to compromise our security, at every level, including hardware. The one that doesn't have an exploit at shipping, gets intercepted and modified in transit. The encryption algorithms we've been using were compromised at such a level it took this long to see it.

From three directions ...

[gstoddart]

We're getting this stuff from three directions:

1) The manufacturers of products are lazy and incompetent, and carry no liability for that;
2) Organizations take short cuts from within, and don't realize just how vital security is;
3) Entities like the FBI want to undermine our security so they can be assured access to our stuff, while stupidly refusing to accept they're causing security to suck even more;

As long as these things keep happening, we basically live in a world where security is an afterthought, or too complicated, or something to be actively undermined to allow idiots to bypass it.

And all three of those combine to more or less ensure that having real security is almost impossible. Because no matter what the assholes who want to spy on us say, leaving it open for them also leaves it open for everyone else.

The people who claim to be protecting are as much fault for this as anybody else. Only they're too stupid to accept that the world doesn't recognize that only the good guys will bypass security when it's been built to have holes in it.

This is why we can't have nice things.

more like the dark ages of refusal to learn.

I've had a PC on the internet since the early-mid 1990's, and so far have had precisely zero security problems with this.

But then, I don't do a bunch of stupid shit, either. I don't let random web sites run javascript. I don't run "HotBabe.jpg.exe". In fact, I've never even run Windows on an internet connected computer, due to the security clusterfuck of that ecosystem. If I ever want to do something that could potentially be risky, I'll use a VM jail. And to more modern issues, I won't let IoT devices have the run of my internal network.

Net result? Zero security issues, zero loss of data, zero malware, zero ransomware. The people I see with weekly or monthly malware infestations are the ones absolutely refusing to learn. Even after the 20th time they do Stupid Thing X and get infected yet again, that doesn't seem to stop them from doing the very same thing again next week. Yet they act bewildered about what could have happened.

I'm not the only person I know who has had zero problems with internet security. Far from it. If you have one population that has constant problems, and another that has none, maybe just maybe the population having all the problems should ask themselves, "What are we doing wrong, that those other guys are not? Why are we having so many problems, and those guys are not having any problems at all? What should we be learning?"

Have there been real security flaws? Sure... but that's like 0.001% of the problem. The vast majority of the problem is people's own behavior.