I believe there are some technical root causes that must be addressed, as well as those political and other issues. Unfortunately, the non-technical problems highly discourage proper technical solutions to these issues. I'll enumerate them here anyway.
1 -It's practically impossible to secure the hardware. Even CPUs have embedded control systems that form "management" layers hidden from everyone. Nothing built on top of this traitorous layer can ever be safe. It's possible to build something completely open and reasonably secure, but the market discourages it.
2 - RAM is unacceptably bad, most systems lack ECC as well. If we had properly tested and validated RAM, RowHammer wouldn't work, ever.
3 - The Operating systems themselves are usually modeled on Unix/Linux in some fashion, where there is no capability based security[1]. We're using a security model that was fine for the relatively low threat environment of small network of computers all serving one employer. It's entirely unfit for purpose in 2022.
Note: If you assume I'm talking about "allow this app to access X", you really need to read the Wikipedia page.
So, with the current Tower of Babel that is the software world, everyone blaming everything but these root technical causes, because there are fortunes to be made selling what are effectively band-aids in the field of CyberSecurity.
I firmly believe it's possible to fix this, all the way up and down the stack, but I'm having doubts about my own ability to survive until that day happens.
Isn't security through compartmentalization a better security model?
> I firmly believe it's possible to fix this, all the way up and down the stack, but I'm having doubts about my own ability to survive until that day happens.
Did you consider Qubes OS, a security-oriented OS?
While Qubes is close to virtualization, etc. in terms of separating environments, it doesn't provide capability based security. Nor does it address the underlying insecurity in hardware.
On Qubes, you compartmentalize your workflows and data into security domains. All programs in one domain have only access to the same security level (in the edge case, it's one app per compartment).
Unintended targets are simply not accessible from a wrong domain, i.e., by wrong programs.
I believe there are some technical root causes that must be addressed, as well as those political and other issues. Unfortunately, the non-technical problems highly discourage proper technical solutions to these issues. I'll enumerate them here anyway.
1 -It's practically impossible to secure the hardware. Even CPUs have embedded control systems that form "management" layers hidden from everyone. Nothing built on top of this traitorous layer can ever be safe. It's possible to build something completely open and reasonably secure, but the market discourages it.
2 - RAM is unacceptably bad, most systems lack ECC as well. If we had properly tested and validated RAM, RowHammer wouldn't work, ever.
3 - The Operating systems themselves are usually modeled on Unix/Linux in some fashion, where there is no capability based security[1]. We're using a security model that was fine for the relatively low threat environment of small network of computers all serving one employer. It's entirely unfit for purpose in 2022.
Note: If you assume I'm talking about "allow this app to access X", you really need to read the Wikipedia page.
So, with the current Tower of Babel that is the software world, everyone blaming everything but these root technical causes, because there are fortunes to be made selling what are effectively band-aids in the field of CyberSecurity.
I firmly believe it's possible to fix this, all the way up and down the stack, but I'm having doubts about my own ability to survive until that day happens.
[1] https://en.wikipedia.org/wiki/Capability-based_security