A Weary Look at the State of Computer Security

In the last several years, I have grown exceedingly tired of computer security – both personal and corporate. While that statement won’t help much in the procurement of a “job,” I don’t want one anyway. Sure, I still do computer security consulting, but on a level that far surpasses the superfluous actions of penetration testing, firewall configuration, and malware forensics. If you are a client that truly wants a secure environment, I can provide solutions. You may or may not listen to what I have to offer – as a consultant, I don’t care. Oh, and btw, “Jeans day” is everyday, assholes.

I admit there is something alluring and almost irresistible in the challenge of dissecting the latest virus threat, but those threats are boring in the overall sense of the big network picture in that they are purely targeting corporate stupidiAntiqueTreasureChestLockSkeletonKeys-standardty, and the uneducated wiles of those who continue to insist on using computer “products” that are inherently insecure, ab initio. The computer operating system architecture built up from a few lines of code, and then repeatedly added to by years and years of shitty coders trying to fix an unfixable operating system specter is an absurdity, and should have died long ago. A complete overhaul and resurrection is in order for those companies who maintain such death grips on their hideous creations.

Apple finally accepted that something needed to change (after Mac OS 9) and introduced the entirely new Unix-based operating system architecture for OS X. Microsoft still spits out its putrid OS updates originally based on their inaugural and almost wholly purloined ancient technology (much from Apple, of course), and is still the OS of choice for malware authors because of this. Oh the “Registry”.

From time to time, I get requests from companies to help them sort out their IT security, and it always involves a mixed up Microsoft environment. A giant mess I really want no part of. If these companies were even a little forward thinking, they’d realize that even a complete overhaul of their IT architecture would cost them less than the amount they spend on prophylactic add-ons like antivirus, personal firewalls, and various other “computer security suites”.

Securing computers and their networks is an attainable undertaking, provided the architecture is designed for security in the first place. It’s the difference between a skeleton key lock and disc tumbler lock – you either have many ways to open a number of locks, or one way to open one lock. It’s not that difficult of an equation, unless you’re a vendor that would rather have its locks picked in order to continuously add on updates to them to keep the illusion of security busy. Yes, security, where that model is concerned, is nothing but an illusion, and will never become a reality until those that currently buy into it wake up.

Advertisements