Comment Unacceptable Inevitable, I think, is what u mean (Score 1) 111
It, unfortunately, is not that easy. As soon as one computer is connected to another computer (via wireless, wired networks or 'sneaker-net'), problems with security start to cascade. If a computer has a USB port, a CD drive, DVD drive, or a network connection, it is nearly impossible to lock down - malware will find it's way onto the machine.
The U.S. and foreign governments spend a fortune trying to lock down some of their most sophisticated computers and networks and still they leak like a sieve.
Although we may wish that it were otherwise, we can hardly expect for a company whose bottom line is the profit margin, to spend all that it takes to secure even one computer...
Consider the magnitude of the problem:
- Keep the network holes plugged as much as possible
- Keep the operating system patched
- Keep all of the applications (including the off-the-shelf and home-grown applications) patched
- Keep all security software patched and updated
- Most importantly, keep all employees from doing anything remotely silly or risky
Many of the items above, are nearly impossible to do well - for example...if a typical patch for a piece of software arrives ~5 days after the vulnerability is announced, what is the financial institution supposed to do for those 5 days? NOTE: the 5 days is a fictitious number - no one achieves that high a speed in issuing and applying patches...but it illustrates the point...
There is no way for an underpaid, overworked security staff to plug EVERY hole - especially in the world of zero day exploits. The hackers, on the other hand, have automated tools that can plug at the problem 24/7 until they find even one, overlooked hole...
