>ntil the sheer weight of vulnerabilities and incidents causes vendors to radically change their security practices
I've been in the professional IT game for 15 years. The "please run this macro in word to view content" issue still exists today and is one of the main vectors in ransomware. Heck, the "click this to view my photos" 'sexy-pics.exe' problem has not been solved in Windows either. End users don't care about UAC pop-ups, they click through them. See the recent literature on "Security Fatigue."
I think you have way too much faith in the industry to fix its own problems. Its clear that there are many classes of security problems that remain unfixed for decades. We're just seeing the newest version of the very same problems we've failed to address in the past.
I have no idea what the solution here is, but I imagine some level of certification is needed. Perhaps as simple as validating that you're forced to change the default password/keys and auto-update for security updates is on by default with some level of commitment to perform security updates for x amount of years after purchase. Toss in mandatory fail2ban-like functionality and you've patched the most common exploit use cases. I imagine that's a fairly hands-off approach here that won't interrupt business and will cost very little to implement.
On the end-user side of things, having a router that can detect when you're part of a botnet/DDOS and stop traffic would be valuable. Why aren't these $200+ Netgears and Linksys's running any sort of IPS? No IPS in this day and age is pretty crazy. An implementation of snort or similar wouldn't eat too much CPU and would only raise the cost marginally.
Its still very much the wild west out there from a security perspective.
You're suggesting to put a ("snort or similar") IPS console in front of the end-user who still clicks on the "click this to view my photos" sexy-pics.exe?
In my opinion, the end-user is not the one causing the problem. The manufacturer is causing the problem and -- just like we do things at $work -- he who causes the problems (should be the one who) suffers by being the one to also fix it.
The real solution for end users will be to add an actual physically different input path for the problem.
For example, imagine if home PCs and even laptops, had a special (macro) SD card like slot. This is the slot that the user put in their ownership card to get it to turn on at all, to log in to their OS account.
The computer would REFUSE to continue to operate with this card present. It would then enter 'normal mode'.
In normal mode no OS updates would process, no programs could be installed, no new scripts / downloads could be run. Trying to run a new thing would bring up the Authentication Required screen. They would need to insert the ownership card again. They would then need to expressly authorize what the new program could do.
That's the experience that end users for an appliance might desire; at least once they got used to it. I also strongly require that the end user is also the //owner// of the hardware. Not whoever made the OS/etc. All of the above controls would be in software, which could be replaced if they decided.
I've been in the professional IT game for 15 years. The "please run this macro in word to view content" issue still exists today and is one of the main vectors in ransomware. Heck, the "click this to view my photos" 'sexy-pics.exe' problem has not been solved in Windows either. End users don't care about UAC pop-ups, they click through them. See the recent literature on "Security Fatigue."
I think you have way too much faith in the industry to fix its own problems. Its clear that there are many classes of security problems that remain unfixed for decades. We're just seeing the newest version of the very same problems we've failed to address in the past.
I have no idea what the solution here is, but I imagine some level of certification is needed. Perhaps as simple as validating that you're forced to change the default password/keys and auto-update for security updates is on by default with some level of commitment to perform security updates for x amount of years after purchase. Toss in mandatory fail2ban-like functionality and you've patched the most common exploit use cases. I imagine that's a fairly hands-off approach here that won't interrupt business and will cost very little to implement.
On the end-user side of things, having a router that can detect when you're part of a botnet/DDOS and stop traffic would be valuable. Why aren't these $200+ Netgears and Linksys's running any sort of IPS? No IPS in this day and age is pretty crazy. An implementation of snort or similar wouldn't eat too much CPU and would only raise the cost marginally.
Its still very much the wild west out there from a security perspective.