Comment Re:Nobody Wins (Score 1) 155
Nor is it clear that anyone other than some classes of users who are forced by law or employer dictate to use a trusted system actually would do so. No or very restricted email, social networking, etc.
This is the environment that I work in. We use a combination of Citrix and VMware 'non-persistent disks' to provide a locked down environment that reverts to a clean, known good configuration every time a new session is established. We have to maintain that kind of environment because we work with sensitive data.
I think that the fact that banks and merchants appear to be unable to secure their transaction flows
I am not sure that this is accurate. In two of the more recent major breaches (Target and Home Depot) it was acknowledged that the internal security controls and systems management strategies (patches, etc.) were inadequate. That leads me to believe that it is not that they are "unable" to secure their networks, but that they simply refused to do so.
Between hardware layer access controls (think MAC white listing), firewall controls and PKI technologies, it is possible to secure a network and the data that traverses it. All of those controls are worthless if the data is being held in a 15 year old SQL database that has not been patched in 3 years with an admin who is browsing porn from the console.