1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Will Microsofts cyber summit be all talk, no transparency?

    From TechnologyDaily@1337:1/100 to All on Thu Oct 3 15:30:05 2024
    Will Microsofts cyber summit be all talk, no transparency?

    Date:
    Thu, 03 Oct 2024 14:25:02 +0000

    Description:
    Cybersecurity expert discusses Microsoft's controversial closed door meeting and offers some possible solutions.

    FULL STORY ======================================================================

    On September 10, Microsoft hosted a Cyber Summit that could have far-reaching implications for the future of cybersecurity . Unfortunately, while this summit could be a game changer, it was behind closed doorsleaving many of us on the outside looking in. Weve seen this pattern before: a breach happens, Microsoft apologizes, promises to do better, and then... not much changes. If the tech giant really wants to make meaningful strides, its going to have to change not just its security practices, but also how it engages with the broader community. The transparency dilemma: come on, Microsoftlet us in!

    First things first: Transparency. Microsofts refusal to invite both the press and the public to this Cyber Summit raises eyebrows, if not alarms. Sure, we can appreciate the need for candid discussions behind closed doors, but this summit wasnt just a boardroom briefingits a conversation that impacts
    millions of users. After all, breaches dont discriminate between
    corporations, governments, or everyday consumers.

    Microsoft has an enormous opportunity here, but it seems more interested in controlling the narrative than engaging in open dialogue. If the summit is
    all about polishing its image rather than tackling real issues, thats a problem. Security isnt something you sweep under the rug, especially not when your mistakes have affected millions of Windows devices, like the CrowdStrike update debacle earlier this year. Bring in the experts: why diverse collaboration matters

    In cybersecurity, diversity of thought is crucial. And no, Im not talking about diversity in a corporate HR sense (though thats important too). Im talking about bringing together diverse security perspectiveswhite-hat hackers, pentesters, and researcherswho can test the strength of Microsofts systems in ways that in-house teams simply cant. The more eyes on the
    problem, the better the chances of finding vulnerabilities before the bad
    guys do.

    Microsoft should be actively collaborating with these experts, not just keeping them at arms length. Lets be real here: The stakes are too high to
    let pride get in the way of progress. Closed-door summits limit the scope of collaboration , which is not what the cybersecurity community needs.
    Microsoft owes it to their user base, and to the entire tech world, to listen to those outside voices. The kernel conundrum: explaining the tech in simple terms

    Heres where things get a little technical. But stay with meI promise its
    worth it.

    The kernel is like the beating heart of your computers operating system. It controls everything, from how apps interact with your hardware to how secure your system is. In essence, if the kernel is compromised, your entire system is vulnerable. And heres the kicker: Microsoft currently allows third-party access to the kernel for certain applications (think of it like giving the keys to your house to the plumber). While this access can be necessary for security software, it also opens the door to a slew of potential security risks.

    Just look at the CrowdStrike fiasco. A small error in a CrowdStrike update caused major outages across 8.5 million devices. Why? Because that update had kernel-level access, allowing it to affect fundamental parts of the Windows operating system. The solution: restrict kernel access... but not completely

    One obvious solution is for Microsoft to restrict kernel access altogether. But thats not as simple as flipping a switch. Security software needs to access the kernel to monitor the system properly, and if Microsoft locks it down completely, third-party security vendors might lose the visibility they need to protect users effectively.

    So whats the middle ground? Other operating systems have found solutions that could serve as models. For instance, Apples System Integrity Protection (SIP) limits what can be done to the kernel by restricting root user access. This ensures that even if a hacker gains access to the system, they cant make changes at the deepest level. Similarly, Linux has something called eBPF (Extended Berkeley Packet Filter), which allows for safe, controlled
    execution of programs within the kernel. Microsoft should explore
    implementing these kinds of technologies, or at least something similar.

    This doesnt mean shutting out third parties entirely. Instead, Microsoft
    could collaborate more closely with security vendors to give them safe, controlled access to the kernel, allowing them to continue protecting users without compromising the systems integrity. Potential solutions: Microsoft, heres what you can do

    1. Implement More Granular Kernel Controls: Microsoft could offer more restricted kernel access for trusted applications, much like Apples SIP. This would allow security vendors to do their jobs while keeping the system safe from rogue apps.

    2. Adopt a More Open Collaborative Framework: Its time for Microsoft to
    invite more diverse voices into the conversation. From pentesters to
    white-hat hackers, more eyes on the problem means a better chance of finding and fixing vulnerabilities before theyre exploited.

    3. Transparency at Every Level: No more closed-door summits. Microsoft must foster open, ongoing dialogues with security experts and customers alike, keeping them informed not just about past failures, but about future solutions.

    4. Adopt and Implement Best Practices from Competitors: Look to what Linux
    and Apple have done to enhance kernel security. These platforms offer
    valuable lessons that could easily be adapted to improve the security of Windows systems. Microsoft must lead with openness

    As the company with the largest market share in the computer security space, Microsoft has a responsibility to be more transparent and open about its plans. Cybersecurity is a community effort. Its like a neighborhood watcheveryone needs to be in on the plan, and everyone needs to share information to keep the neighborhood safe. But if Microsoft keeps holding closed-door meetings, theyre cutting off valuable input from the people who know how to improve the security of their products.

    The bottom line? Microsoft, its time to stop issuing apologies and playing
    the blame game and instead start collaborating with the broader security community. The more you open up, the stronger well all be. And who knows? Maybe we can finally stop having to patch up Windows like its an old boat springing new leaks every few weeks.

    We've featured the best customer experience (CX) tool.

    This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



    ======================================================================
    Link to news story: https://www.techradar.com/pro/will-microsofts-cyber-summit-be-all-talk-no-tran sparency


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)