It has to be fixed in the OS (i.e. Windows) (Score 1)

I agree with other comments that it's ridiculous to blame "security professionals". By the way, who are security professionals? Aren't they the people who have to try to make existing software secure? He's not talking about software developers, he's talking about IT staff. The reason there's no security is that the OS everyone uses doesn't provide much. He mentions that if you buy a brand new computer off the shelf and plug it in to the Internet, it will immediately get hacked. That's not the "security professional's" fault, that's Microsoft's fault. The fundamental problem is that the software that underlies the entire infrastructure wasn't designed with security in mind. The security professionals can work as hard as they want and they're never going to fix the problem. The solution is to fix the infrastructure, which means replacing Windows with something built with security in mind. Windows is too big and complicated to just tack security on somehow. The various products (Mcafee, etc.) that try to filter everything Windows does are too intrusive and cumbersome and half the time when Microsoft tries to fix the OS itself they break something.