Innovation, security and personal computer

Over the past few years, I have noticed a sharp slowdown in the development and implementation of new technologies for protecting against malicious software for personal computers, both from start-ups and from major manufacturers of protection tools. As a result, we are seeing the security industry in a strange state: the fight against cyber- “businessmen” who profit from illegal methods is underway, technological security methods are constantly evolving, but ... cyber-criminals do not go to the labor exchange in the labor market "- income to zero marks. Or maybe the way it is now is normal, because the world is not collapsing?

Analyzing the current situation, I increasingly assert that the “end of history” comes for the protection of personal computers, because all the protection technologies that could be invented to protect the operating system based on the approaches and principles of security that prevailed at the end years of the last century (I remind you that it was then that the development of the architecture and kernel of the Windows NT operating system began, and at that time the development was carried out without taking into account safe programming measures and functionality limitations for potentially unsafe processes), to some extent already implemented and present in the market. Further development of new technologies to protect against malicious software rest on two things. First: it is the need for strong changes in the usual patterns of work of the user who does not want to relearn, and therefore will not, most likely. The user wants to work at his personal computer as he was used to, but so that at the same time he would be calm for his safety. So, manufacturers of security tools have to create “crutches” for the Windows operating system so that they can fight with malicious software, and the user is not very disturbed and annoyed. Second: it is the need to support many programs that are not well written in terms of integrating them with new approaches to protecting against malicious software, which can be quite expensive and create problems even for a large company.

To the credit of Microsoft, its developers and management in the past few years have allocated a lot of resources to ensure the security of their operating system (UAC, EMET, Windows Defender, ASLR, SMEP), however, the company has to bear the “backward compatibility burden” with software written back in the era when there were few people who thought about limiting functionality, sharing resources and secure code, which also limits the company in implementing new security models for PC operating systems.

The first security tools for personal computers appeared in the mid-80s. Since then, innovators in this area have come a long way, having tried a huge variety of approaches to protect against malware for the Microsoft operating system. Practically everything that could be invented to ensure the safety of Windows users on the NT kernel, one way or another, has already been implemented and presented on the market (from the most recent means, cloud analysis, various types of sandboxes and means of ensuring the security of financial transactions). Moreover, the evolution of approaches in the implementation of malicious programs is also almost complete, since their authors have invented, in my opinion, everything that is possible to generate income from their activities. Therefore, I believe that in the near future we will not hear about new technological breakthroughs on the front of the fight against malicious software; rather, it will be new interpretations of old schemes and approaches. Innovations in this field are coming to the end of their glorious history, as well as the time of the unrestrained growth of the personal computer market itself, by the way. Everything new and interesting in security will be seen in completely different areas, with personal computers not connected (well, maybe connected, but only indirectly). For example, in the field of mobile payments and "Internet of things".
')
In early 2013, Kaspersky Lab discovered a cyber-spyware software system called Red October. According to the Laboratory, the spy system operated successfully from 2007 to early 2013, until it was exposed. That is, the entire stack of defensive technologies at the time of detection of this type of malicious software was treated by attackers, anyway, otherwise they would not be able to deploy their network. Since the discovery (that is, from the version of Kaspersky Internet Security 2012), the technological stack of the protective mechanisms of Kaspersky Internet Security has been supplemented by the following technologies (omitting improvements within the existing protective barriers): [KIS 2013] ensuring secure Internet payments, protecting data entry from keyboards, automatic protection against exploits (AEP), [KIS 2014] the ability to run only on the white lists of safe programs, protection against malicious screen blockers, [KIS 2015] protection against unauthorized use of a webcam, check without public Wi-Fi networks Let's compare the automatic protection against exploits [KIS 2013] and unauthorized use of the webcam [KIS 2015], which is more technologically and more difficult? And this is the situation with one of the most innovative and technological complexes of security equipment in the anti-virus industry. What can we say about others? Intel Security (the former McAfee company), for example, has no desire at all to introduce behavioral protection tools into their security complexes ...

Modern security startups target the corporate market and implement only two basic concepts (of course, adapted for different application environments). The first one is the detection of anomalies (it doesn't matter what the network connections are, the activity of accounts in Active Directory, or the behavior of the programs). The second is the creation of secure environments and algorithms. And, it seems to me, the second is more important than the first, because the digital world in the form that we are seeing is based on environments and algorithms invented and implemented as early as the 1980s and 1990s, of course, strongly obsolete. And some of them during this time were completely compromised altogether (for example, the entire MD generation family of checksums). Everything rests only on the fact that it is unprofitable for cyber criminals to bring down all this unstable construction, since they earn money on unsafe elements. But from the point of view of the resistance of real systems to cyber – attacks on the destruction of infrastructure and damage to the enemy, the situation is currently critical. Either we, experts in the field of information security, will be able to reverse the situation, or at some point we will lose control over what ensures our lives in the literal sense of the word: power supply, water supply, banking operations. The second option is not the most pleasant, is not it, colleagues?