{"id":15031,"date":"2014-11-25T19:55:28","date_gmt":"2014-11-25T19:55:28","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=2901"},"modified":"2020-02-26T18:50:46","modified_gmt":"2020-02-26T16:50:46","slug":"protecting-the-future-the-roots-of-security","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/protecting-the-future-the-roots-of-security\/15031\/","title":{"rendered":"Protecting the future: the roots of security"},"content":{"rendered":"

Today\u2019s information technologies are a rather mishmashed system comprised of top-notch innovations interspersed with legacy technologies<\/a>, some of which have been in use for decades and rarely changed. This \u201ccoexistence\u201d of new and old led to the discovery of dramatic bugs that had stayed below the radar for years.<\/p>\n

\n<\/p>

\u00a0<\/p>\n

Haunted by the past<\/strong><\/p>\n

Earlier this year, we discovered Shellshock<\/a>, a big bad Bash vulnerability introduced back in 1992. Bash is an integral part of most of the Unix-like systems, whose code wasn\u2019t reviewed thoroughly enough to find a wide-open vulnerability. Its discovery led to a worldwide panic, especially since the first attempts to patch it failed for various reasons<\/a>.<\/p>\n

<\/p>

Protecting the future: the roots of #security<\/p>Tweet<\/a><\/blockquote>\n

More recently, Microsoft disclosed a bug<\/a> in Internet Explorer that existed since Windows 95. It is anyone\u2019s guess whether or not there were zero-day flaws in the popular software actively exploited by cybercriminals, unbeknownst to the developers of the software and white-hat security experts.<\/p>\n

Software vendors, especially operating systems developers, have to carry a huge load of legacy code in order to ensure backwards compatibility with legacy hardware and software for which popular demand exists. Occasionally, they may choose to keep support of the old versions of their operating systems to keep customers content. That was the case with Windows XP<\/a>, which stayed in use for too long \u2013 many users chose to stick with it along with its old-shoe interface\u2026 and old bugs. Those bugs won\u2019t be patched since Microsoft stopped their support of XP in April 2014. That means the aforementioned antique bug in IE isn\u2019t going to be fixed for the remaining (legions of<\/a>) Windows XP users, leaving them wide open for attacks. This isn\u2019t going to improve overall cybersecurity.<\/p>\n

Roots and grafts<\/strong><\/p>\n

Yet another example of security problems due to the inosculation of the older and newer technologies is a troubling situation with critical infrastructure. The equipment is sometimes decades old. It was designed as \u201cclose box\u201d, and then \u2013 \u201call of sudden\u201d \u2013 Internet connectivity was added to the legacy equipment, which immediately decreased its security.<\/p>\n

Adam Firestone, president and general manager of Kaspersky Government Security Solutions, points out a silver lining: There\u2019s now a unique possibility to upgrade security radically<\/a>, replacing the older systems with new ones, with security built-in by design.<\/p>\n

And that\u2019s what we mean by \u201croots of security.\u201d There are two approaches to security \u2013 \u201cadded\u201d and \u201cbuilt-in\u201d. The first one suggests security wasn\u2019t in place by design, and had to be introduced afterwards, usually with a very relative success. It\u2019s like grafting the trees: some yield to it, some don\u2019t, no matter how many attempts are made.<\/p>\n

\u201cAdded\u201d #security is like the grafting: no results guaranteed.<\/p>Tweet<\/a><\/blockquote>\n

A more adequate and proper approach is \u201cbuilt-in\u201d security that had been taken into consideration since the very beginning of the development process.<\/p>\n

\"wide_1-2\"<\/a><\/p>\n

The Smarternet<\/strong><\/p>\n

It\u2019s not news that the future lies in the Internet of things<\/a>, with the world increasingly interconnected. Every imaginable device will be \u201csmart\u201d one day, connected to the Web and remotely operable.<\/p>\n

What would living in such a world look like? We can only assume the variants. Definitely there will be more convenience, but more risks too. Would it be possible to \u201ctrigger an economic crisis\u201d with a single, well-placed click? Or turn critical infrastructures across the globe into shambles with a small piece of malware served to the proper vulnerability?<\/p>\n

With many technologies not fully understood (or capable of being handled), the dystopian predictions we spoke of in the previous post<\/a> seem probable. Is it inevitable? No.<\/p>\n

Slowly, the interested parties are coming to an agreement about the necessity of considering cybersecurity wherever information technologies are used, and they are used almost everywhere.<\/p>\n

Security must be \u2013 and hopefully will be \u2013 in the roots of the information technology \u201ctree\u201d, instead of being grafted to it. There will still be mishaps and errors, but cybersecurity vendors such as Kaspersky Lab will be around to protect users no matter what the future holds<\/a>.<\/p>\n

\"wide_video2-2\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Today’s information technologies are a rather mishmashed system comprised of top-notch innovations interspersed with legacy technologies, some of which have been in use for decades and rarely changed. This “coexistence” of new and old led to the discovery of dramatic bugs that had stayed below the radar for years.<\/p>\n","protected":false},"author":209,"featured_media":15850,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3021],"tags":[282,2237,838],"class_list":{"0":"post-15031","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-cybersecurity","10":"tag-legacy-technologies","11":"tag-shellshock"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/protecting-the-future-the-roots-of-security\/15031\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/protecting-the-future-the-roots-of-security\/15031\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/protecting-the-future-the-roots-of-security\/15031\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/cybersecurity\/","name":"Cybersecurity"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/15031","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=15031"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/15031\/revisions"}],"predecessor-version":[{"id":26413,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/15031\/revisions\/26413"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/15850"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=15031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=15031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=15031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}