The problem is that these products don't exist to large extent. The reason is that people are unwilling to accept any performance degradation in exchange for security. So, instead they use insecure systems, then they install 'anti-virus' which seeks to un-infect a system during/after an infection. This is like telling doctors "You don't need a hazard suit for that Ebola patient. If you get Ebola we'll give you some drugs". So, in order to protect ourselves we run virtual machines so that threats such as viruses are contained.
It's disgraceful that in 2014 we don't have secure operating systems. SE Linux is better than most, but not by much. If I went to you with a USB key and said 'run this on your SE Linux box, would you feel comfortable doing that knowing that your system is safe? Probably not.
If you want real security here is what you need:
1. A true microkernel that has been mathematically proven. This code would never change because it has been proven to be perfect. There is a field of CS/Math that allows for this. The only updates that would ever be needed for this code would be if the field of CS/Math allowed for more advanced features to be proven, and probably not even then.
2. Drivers and hardware must be assumed to be subverted and untrusted. Drivers would all run in user-space processes. No hardware or drivers may be allowed to access any resources that has not be assigned to them. Hardware DMA should go through a virt-phys translation that is set up to prevent access to any unauthorized areas of memory. This can be done using new virtualization extensions such as intel VT-X and ARM MR-IOV. This is because buggy drivers/hardware are the biggest security threat vector for exploits. However, I've seen issues in VT-X that allows a PCI device to lock out the entire bus which I consider to be a DOS failure.
3. Trusted Hardware. This is the soft spot in Intel's armor. There have been some publicly embarrassments for Intel in this field- such as a cache exploit that was a significant threat in certain circumstances, or the backdoor into TPM which invalidates it's only purpose. If a company were to release a version of the ARM processor that has undergone provability in same way that software can be proven they may be able to create a secure processor that is guaranteed to not have issues to exploit.
4. A layered security approach. None of this "I to become root now, so I'll use su root". You should start in a root container that has access to the entire system within which a subcontainer would be created for what you as a user can access. Within that you can create subcontainers, each of which would have even more limit access than their parent.
I should be able to create a container that has no access to the network, or to the disk, etc
My document editor should only have access to my Documents directory
I should be able to create a container within which none of my secure files are accessible (my passwords file, my tax docs, etc). In Linux any program I run can read any file that I have permission to access- this is totally unacceptable!
5. Visibility - the difference between malware and useful software is whether the user wants that program to be doing what its doing. When I look at my Linux system I see hundreds of processes and I don't know what many of them are doing. Any of those programs could be malware and I wouldn't know the difference. We need to have a better way for users to really see what's going on in your system and what resources are accessible to which programs. For instance:
You should be able to see which programs have access to the keyboard events. This would immediately tell you if you have a keylogger
You should be able to see which programs have access to which parts of your harddrive, and what they are doing. Can't tell you how many times I've heard my HDD spin up without any idea why. It sends a chill up my spine every time
You should be able to limit which ip addresses a program can access and which protocols it can use. No more 'call home' programs- even if your browser was exploited.
Secure computing has great potential. If we did have truly secure systems and we knew that our systems were immune to these issues then you can image having web browsers that could download and execute native code. However, now we have java as a virtual computer to provide us security and even then it doesn't really protect us because bugs spring up in the optimization process and put us at risk. Additionally these java programs have very course limits on their security.
I dream of a day when systems are so secure we don't have to worry about it anymore.