I'd throw the whole mess away and start from scratch if I could. The systems/environments all appear to be designed from the ground up to facilitate constant exploiting, backdoors and hacks.
So would I. Not that I have begun to scheme anything formally in the form of an outline or schematic. Still, I feel like I can visualize how security is achievable if OS writers would grasp that securability is the proper goal for the operating system. I admit, I have been tempted to formally scheme, because of this situation. At any rate, noone wants a secure operating system if they are honest with themselves. This focus is unworkable, because the big picture of this scenario does not add up to long term success. Much better to have an operating system that is designed to support fully intuitive developmental interaction from 3rd party security designers/writers. Security software should be akin to a plugin, and this is where things went wrong imo. Windows is horrendously under engineered in this way. It's laughable I know to anyone who has really considered the subject in the biggest picture. Technically, it's not engineered at all to be secured.
Sadly, a developmental model stressing securability would have required MS to participate, communicate, and collaborate on a very aggressive level with security providers (many years ago->back in the 90s). It also would have required MS to use foresight and be willing to sacrifice for the long term. Well, this is not, unfortunately, what MS can do well and not what they chose, either.
What MS will always do well is write plodding yet reliable computer code in the form of productivity applications. As far as security software from MS, I really believe we'd have all been better off if MS security never got past Windows Defender in W7. That in mind, the multi-provider security grid is going to be inherently safer than what Microsoft is attempting to achieve now. So, in the present, we sit by and watch while Microsoft takes things anywhere they choose and without regard.
It seems so absurd to me what MS has driven itself to try to do on the security end. All they had to do was build a framework with efficiently placed developmental access points for security writers (cover all the angles). Please, let's not run for the hindsight is an excuse for megalo (or incompetent)-development line. This doesn't work anymore. It hasn't worked honestly since maybe the early 2000s with Windows. Truth is, MS simply has not had the foresight even to see that there is not one chance they will be able to compete with the security providers, once these providers really get started. And what will happen with MS' bloated excuse for an OS product?
I was wondering the other day how Windows 10 users would feel about all of the bulky security options built into the MS OS v10 if someone other than Microsoft comes up with something that Microsoft can't duplicate. It's bound to happen, because where Microsoft is going is so clearly flawed in the big picture of computing. I feel I'm like watching one of those land rockets take off down the Bonneville salt flat in the pitch black of night toward a 20 foot thick 30 foot high concrete wall built somewhere in its path. It is so clear that something is eventually going to go wrong here but not possible to know when. All I see is the rocket's after-burn as it moves down the flat. Sometimes I feel like I'm chained in the rocket
speeding toward sure doom. Not a good feeling.
Noone uses all of the security in the latest Windows as it is. This brings to mind an issue for me. Why do so few make notice of the bloat? OK, so MS can change the 10 OS over time and all. Components could possibly be removable, but, really, how much time do they have before time is up? The Chinese are watching, the Japanese, all of Europe, and the rest of the world too. Linux is improving fast now too. If someone builds users a bridge, many companies will go to Linux. Actually, they already are little by little. And why not go? Seriously, if it's doable at this point for a company, it could only lead to better. But even this is not the answer at this point, because Linux is not fully built to be secured either. At least anyone can participate in the development. That's a huge plus for Linux.
Multi-provider security guarantees users that the worst that can happen from a top tier security provider is a small-time breach. Why, because they monitor each other just as they monitor for potential maliciousness from other sources. This means that the most crucial element of the security hierarch, trust, can be preserved. Trust for the security provider can be assured with a large number of eyes on the industry and its companies. Yet, a single security behemoth like Microsoft can institutionalize the breaching of PCs and stealing of ideas and concepts. The current direction is not workable long term. Multiple security vendors is going to mean venom filled users eventually. They will want all of the MS tools to be removable, and the myth of the secure OS will end.
Seriously, I really feel there would be one disaster after another if something isn't done soon about the fanaticism in Microsoft's attempt to be the Lone Ranger of PC security. Neither MS nor any other company could fight off the corruption that (is following?) follows a single OS maker attempting to build a secure operating system. What they are trying to do just does not go well...no matter how things may appear to some for now. Think of the massive infrastructure of security in the W^10. Think of one company with full access to every computer and noone anywhere to oversee their actions. How do we think the Chinese feel about this potentiality? How does Apple feel for goodness sake?
Something will change this scenario soon enough. Not sure what, but I am sure it will happen, Simple truth is we can't have Windows and have only the one single security option. It's not long term going to be viable, and it's only a matter of time until the facts prove this to be the case. In light of this, how long before users cry out to be able to remove the bloat!
iwrconsultancy.co.uk
www.bleepingcomputer.com
Google Chrome
