Mods: If this topic is better suited elsewhere, please move it to where it is most appropriate. Over the last few days, I have been reading over various topics including malware breaking out of very secure configs, privacy issues, software conflicts, among other things. After doing so, I began spinning the dusty wheels in my mind and thinking about the state of computer security, where we've been and where we are going. I came up with my own opinions and decided to post a short list of questions that I tried to answer myself and wanted to see what the resident experts here thought also, so, here goes: 1. Where are we today? Have the bad guys outran the good guys, is it neck and neck, or are the good guys winning? My thoughts: As a normal user reading posts here daily, I am not overwhelmed with fear, nor am I comfortable. Many more instances of malware being able to bypass completely or in some other way trick some of the strongest protection used by members are being seen every day. I realize nothing is 100% foolproof, but it seems as if the security industry can't or won't keep up. With that in mind: 2. Is the security industry doing enough to keep up/outpace the threats facing us today? Can they do enough? My thoughts: This is a hard one for me to answer. I believe more can be done, like, as mentioned quite a bit lately, putting more effort into protecting areas such as the MBR. However, at the same time, threats are evolving so fast that I honestly don't know if they CAN keep up with them. 3. Are the "tried and true" methods of protection, ie, AV, AS becoming irrelevant? Are HIPS and Virtual solutions the only reliable defense we have? My thoughts: I'm beginning to answer myself yes. As far as anti-spyware, I believe it may be a dying if not dead market. Now the only reason I say that is because more and more threats are focused on the deepest parts of the operating systems. if the system can be controlled, it no longer needs to be spied on IMHO. As far as antivirus, I don't believe anymore that security vendors can keep up enough to supply reliable blacklists, signatures, and heuristic approaches (I need a more expert opinion on this part), seem to be getting weaker. I do think that HIPS and virtual solutions can best protect now, but even they are being broken into on a more and more frequent basis. 4. How much longer before we need to completely re-think security and need to find different solutions? My thoughts: Not very long, IMHO. It's obvious the "old ways" are no longer enough. Even if a user is very cautious about what he or she does, the chances of infection are rising it seems and those infections are becoming more and more complicated. 5. Where will we be in terms of security in the next 5 years? My thoughts: The situation is getting worse, obviously. I believe a regulated internet is the only way to slow down the onslaught, and regulation brings with it its own issues such as privacy. I also believe that, as good as the internet and the advancement of it has made lives and helped such a great deal, it has also made us more vulnerable, not only to the malware writers, but also to more serious threats to the security of nations themselves. 6. Is the layered approach becoming obsolete, or are suites that incorporate AV,AS,HIPS and more a better answer? My thoughts: While the layered approach looks great on paper and does work, for the time being at least they do, I believe suites should make a comeback. The reason I believe this, is because many times a day, we see posts on different security software conflicting with each other. Something is always trying to share a hook or some other part of the OS deep within. Also, with different apps, comes the chance of more bugs and vulnerabilities for each application. Security vendors can't/won't test their product with every other security product out there, so problems will always be there in some form or another. With a suite, this isn't much of an issue, if at all. Each part of the suite (generally) knows what the other parts are doing and what they need, so conflicts aren't as much of an issue. Also, even though a bug or vulnerability can affect the suite as a whole, it is one suite with one patch that "shouldn't" cause problems, where with a layered approach, different bug/vulnerability fixes can make current conflicts worse or create new ones. Another benefit of layers, vendors doing things in a different way, can be accomplished by a well-respected suite vendor just as well if not better, considering that suite vendor no longer has to worry about how other software will work. There can be competition still too, vendors can still strive to do better amongst themselves. 7. What do you think is missing from security? What would you do differently? What do you think is the answer to current and future threats? My thoughts: I'm not sure what all is missing with exception to certain parts of the OS needing different applications to protect them. I just am starting to believe our current options are running dry.