Old habits and thought patterns die hard. That's both because we are comfortable with the familiar -- even if it isn't great -- and because the conditions that created the status quo change only gradually.
All those thoughts came to mind as we read this interesting blog at ZDNet, which is based on a story at PC Pro. Both present the views of Eugene Kaspersky, the head of the security firm that bears his name. The blogger takes issue with Kaspersky's premise, but the bottom line is that the comfortable old world of security -- Microsoft bad, everything else good -- is fading.
The big picture is fascinating, because several things are occurring simultaneously: Microsoft is introducing an operating system, Vista, which even critics acknowledge is far more tightly nailed together than Windows; open source continues to grow; Apple is trying to expand in the enterprise; and mobile devices are carrying far more valuable data. The business model among security vendors also is changing, in part because of how Microsoft is controlling the Vista kernel.
On one level, it's not hard to see what's likely to happen. Kaspersky predicts an increase in attacks on open source and Macs. Circumstantial evidence that Macs are garnering more illicit attention is not hard to find. Kaspersky suggests that the viruses are not intrinsically more problematic than Window's viruses, but that it may be more difficult to find experts to combat them.
Open source is an entirely different animal. Kaspersky suggests that problems could grow simply because there are so many more people -- many of them not the type you'd bring home to meet the parents -- that can impact the state of security.
The next few years will be characterized by a few factors. The first will be the real-world impact of how these developments play off each other. How will hackers and crackers react? Which new targets will garner the most attention? Vista is more secure than Windows, but, Kaspersky wonders, what is the impact of the fact that security vendors haven't necessarily customized their products for the new OS? And will a focus on the new OSes mean that Windows -- which of course will be the dominant for years to come -- will become more vulnerable?
The basic point is that the industry is evolving from an environment in which there is a dominant and relatively insecure OS to one in which a number of options are added -- at least some of which are more secure -- to create a chaotic landscape. That is quite a change. The overall state of security depends on how well the industry deals with this trend at both the practical and conceptual levels.