I don't care if i sound like a libertarian, we don't need the government involved in cyber security. The government laughs at us every time we call on their help for anything but the basic small governmental public needs. This is a problem that we the people need to combat, and it can be done with time, education, and resources. We are talking about code that we allow to be put on our computers, only because it's hidden. There has to be a way to lock down an operating system and limit the attackers' ammo piles. Then work from there locking it down further. Summary: I think security should be handled client side, but im no expert, just a security enthusiast(the subject is just getting more and more interesting, i love it).
Say for instance, i download an image and it has a virus that begins to do something other than what an image file should do. The image file should be quarantined by the OS, because images should only act a certain way.
Another thing, antivirus software makers are looking to stay in business. If they stop being needed, they will create a need for themselves(much like politicians do). What did you say? We dont really need politicians and banks? Well they will show you who needs who with war and crisis.
its called linux, that is what you are looking for. on most versions of linux a file can never execute unless the user explicitly tells it to. it also has safe guards like, most programs will never be able to read/write to certain directory unless the user specifically allows them to. so you could have files in a directory and be somewhat safe from viruses reading that directory.
windows is slowly moving to this type of security, starting with the run/cancel dialogue box that comes up every time you click a .msi/.exe file. and later with the UAC. Microsoft will need to hit this a lot harder for it to be completely effective.
But the only way to have any good defense would be to make custom computers with a help button directly on the computer that trains users on how to use a new program that should be on every new windows os. it would have a huge list of the most common programs run on the windows os. from there you simply click on the file and it downloads and installs. it would then tell the user that any programs not on the list may not be safe.
this could be coupled with a whitelist browser, only websites confirmed to be safe would automatically load, any others will prompt the user that the website may or may not be safe. the user could also click a button that would add the site to a list of sites to be studied to confirm to or not to add to the whitelist.
Another good suggestion would be fore Microsoft to buy out or rent sandboxie technology. every program run would be inside a separate sandbox with its own virtual hard drive space and keyboard. if a program wanted to see other parts of the disk then the user must specifically allow it. as it is now the 64bit version of sandboxie is not very secure, and it is mostly because of microsoft deciding that they are more than capable of securing the windows kernel(lol what?). this only makes problems worse for antivirus vendors that used 32 bit exploits to patch the kernel and lock it down better than Microsoft did.
so yeah, if you read my ramblings have a cookie
