Websense has made ten predictions about security/vulnerability trends for 2010. There's no crystal ball, so we're not talking about malicious innovation, but mostly a recognition that certain nefarious activities are gaining traction and will expand in the near future. Of particular interest to OSNews readers: exploitations of Windows 7 and IE 8 vulnerabilities, the beginning of the end of the Mac's reprieve on security issues, and increasing targeting of mobile devices (beyond Rickrolling your iPhone, presumably). Read on to learn OSNews 2010 security predictions.
Post a Comment
Member since:
2005-08-18
Member since:
2005-11-10
Chrome OS negates the need, and even the capability of anti virus software, and backup software.
Do you honestly think Norton and McAfee are going to go down quietly?
In Chrome OS the system is read-only, the user space is encrypted, and the web does not run as the user. Updates are silent, automatic, and the system is checksummed and will restore itself if things don’t add up.
The traditional virus simply does not work in this environment. Traditional business models around this don’t fit either.
XSS (cross site scripting) attacks, social engineering and just plain old scams are the biggest threats going forward. Why even bother with a virus, when you can spam the web with millions of fake sites charging people for fake problems. Not least the hooha over the companies who have been milking Facebook gamers with old fashioned opt-outs.
The fact of the matter is that you don’t need viruses to steal information and to make money anymore; people are quite willing to hand it out free to any schmuck anyway.
Member since:2007-09-06
I don't think it's anything new. There was just as many willing to blindly hand over money before. It's just easier to find them all now with the popularity of voluntary registration through one of three social websites or the Unexecpected-Email IQ Test. 
(not so many showing up to the dwarwinism voting poles in the past)
Member since:
2005-07-06
I think I'm going to hit 100% accuracy. Invite me on your tv show!
* I predict that security companies will decry some terrible vulnerability in a widely used software product that doesn't actually exist and they will later retract their statement.
* I predict microsoft will be blamed for something they didn't do, and no one will retract their statement.
* I predict that anti virus companies will continue to scare the living crap out of consumers needlessly so that they can keep their fear-based revenue.
If you look at all of the hype around computer security, and you compare it to the level of FTE (Full time equivalents) - you would quickly come to understand that it is the most hyped category of software ever. Unlike say business software, productivity software, it has an almost exponential amount of hype to actual effectiveness ratio.
Do your part.
Don't buy into it.
Morglum
(My Canadian $.02)
Member since:
2009-08-26
and now it seems that the user has become the major flaw in the system.
As we saw with conficker a big problem is how many people are running XP without updates turned on. Only 1% of infections took place in the US, most were pirated XP systems outside Western countries.
A lot of phishing scams also wouldn't have worked if people had upgraded their browser to IE8 of FF3.
Malware through piracy is also a major issue. When you have people voluntarily running programs from illegitimate sources it is no longer a system issue. Expect some nasty Mac trojans in the future as more exploit this attack vector.
I'm optimistic about security in 2010 as more people upgrade to Windows 7 which like Vista has many security improvements over XP and also forces a browser upgrade.
Member since:2007-02-17
As your own post indicates with the talking points you raise, the major flaw in the system is Windows. The user to some extent also, yes, but really it is mostly a problem of users on Windows.
On Windows (or Macs for that matter), users are not permitted to know how the system works. On other systems, users are fully able to inspect how the system works, and the small percentage of users who can use that permission to inspect the system are also able to effect changes to the system that are in their interests. Since a few users can make sure that the system is good for them, then all users benefit. In this way one can have end-user systems with no malware. There is no other (known) way to achieve this.
Any system that insists that the inner workings of the system are secrets from the end users will be susceptible to trojans. Period.
Happily, as far as trends go, the dominance of Windows on the desktop is waning. Apparently (according to some) it is now down to 80% of new systems:
http://broadcast.oreilly.com/2009/12/linux-regaining-netbook-market...
Edited 2009-12-06 22:45 UTC
Member since:2007-08-22
Any system that insists that the inner workings of the system are secrets from the end users will be susceptible to trojans. Period.
There is one other known method, but it doesn't exist as an implementation yet - a AI administrator. Effectively having a computer-based entity act as the administrator in a Google-Search fashion. But then, you can get into the whole iRobot kind of thing at that point too...when the computer decides the user is not smart enough to be allowed to use the computer...
http://broadcast.oreilly.com/2009/12/linux-regaining-netbook-market...
Haven't read the article, but very much agree that Windows is in decline for various reasons:
1. Microsoft looses MS Office dominance, then they will loose Windows dominance too; the two are closely tied. With ODF and MS's failure to keep people de-facto standardized on MS proprietary formats (e.g. DOC/XLS/PPT/etc and OOXML) they will loose (however slowly) MS Office Dominance. This leaves users open to moving to alternative platforms (Mac, Linux, Unix, etc.) again.
2. More and more people are satisfied with a computer that just does e-mail, web, and some simple document editing ala Google Docs or something similar. Chrome OS is perfect for this market segment, but there will be others as well. This will eat away faster at MS Office and Windows dominance; but need not be tied since this segment is not a big MS Office using group any way - they probably use to use MS Works before MS killed it, and likely have migrated to Google Docs in its absence.
3. MS looses either or both MS Office and Windows dominance then the company as a whole will be in trouble given that a lot of their finances are based on the behemoth profits raked in by Office and Windows. Everything else is either in the red or barely makes a profit; with the majority being deeply in the red with no sight of profit.
Member since:
2007-04-13
Member since:
2009-12-05
Member since:
2007-09-22
We've now had SMTP fail (trusting anyone to send mail to anyone without any verification). So now we have spam.
We (still) have something similair with BGP the most important routing protocol running the internet.
We had problems with DNS, where people were able to create cache-entries and redirect traffic that way.
We had problems with Certificate Authorities messing up, with giving out certificates for things (mostly used for https) they shouldn't and not verifying enough. We've had them use old algoritms which shouldn't be used anymore.
We very recently had a renegotiation-flaw in the SSL-protocol which makes the protocol completely useless when certain parts of the protocol are enabled because they allow man-in-the-middle attacks.
As Thom mentioned in a way, the human being is the weakest link and most of them are still stupid.
But if technology like protocols fails or old algorithms are used, not even the professionals can secure them selfs, how can we expect the professionals to secure internet for the normal users ?
Maybe it will be worse, someone will find a new flaw in an algoritm used by many encryption systems.
I don't know.
Member since:2007-09-06
You can count on encryption weakening. Attacks never get worse; only better. TLS shows weakness which will only become easier to make user of hense WPA2/AES is now the wireless minimum. It used to be WEP before it was broken in every way possible. GSM is falling over too though phone companies are less interested in talking about that insecure investment.
I'd say the question isn't if one of the currently strong forms of encryption will be broken in the next year but what will replace it as the next minimum standard.
Member since:
2006-01-07
I understanding that Chrome OS is going to use "sandboxing" of all applications to protect the system from being hacked. I just wonder if that concept could be extended to Linux in general? I admit to not being a programmer, and don't know how technically difficult this would be. People smarter than me surely have considered it, but apparently it hasn't been done.
I would think it could be accomplished with Linux and the BSDs, mainly because those OSs come with their applications and the source code for these apps. So rewriting everything to work with sandboxing should be feasible. But it would probably be impossible with Windows, OSX or any other commercial system unless you could convince users to throw out all their old apps and trade them in for new updated ones. Or am I wrong about this?
Member since:2006-03-18
Member since:2007-09-06
It's a little more like ChromeOS is making use of what is already available in Linux or other *nix like platforms.
chroot - mentioned by the first response. I'd add SELinux if you want strict control over what programs are running and what they can do. Read-only root partition I've not heard of on a desktop but it's been done. One could put the boot partition and a storage partition on read-only disk; recommended for your security databases like tripwire record.
The hash'd root system verification and automatic re-imaging is probably the one new thing and then, I don't know how much new code would be needed unless they actually wrote it into the boot loader.
Now, the overall planned implementation is not how anything more general purpose than an ebook reader has been delivered yet. I think that's the real creativity in reusing many long available options with one or two new additions.
