This is clearly a terrible design flaw by Trend Micro. I hope some responsible are looking for new jobs.
Still, there isn't much faith I put in any endpoint security solutions. They are all terrible.
Bromium seems to be bucking the trend of traditional endpoint security but they have one of the worst sales / business dev programs I have ever seen. They should be much more ubiquitous than they are.
"I hope some responsible are looking for new jobs."
If they look for (and find) new jobs wouldn't that just mean the problem is diffused? Personally I would hope they learn from the experience of failing than to get punished for it.
Personally, I hope everyone else (not at Trend Micro) learns from this experience. Computer security auditing is a serious expertise, it's hard but made much harder to impossible when you don't have experts on the team and instead consider security expertise as a hobby for the qualifier.
trendmicro.com > About > "Smart, simple, security that fits"
And then second is, "a global leader in IT security" and "25 years of security expertise".
What a crock. I'm supposed to take the company's position statements and products seriously after reading this issue report? This is like finding a sponge in the body cavity of a patient. It's functionally malpractice. The CIO and CTO should be fired. The CEO probably should resign, what else is the purpose of a CEO other than to make sure the main things the company stands for are true, and actually ships products that demonstrate it stands for those things? If they don't resign the board needs to fire them.
I'd like to point out that it'd be an even bigger and redder red flag (if that's possible), should Trend Micro fire some team "security" developer, or even the product manager.
How is it possible, that a company which describes itself in the terms it has [1], have not done a thorough code review of all products before making them public? That is implicit in their own description of what their business does.
I'm not even sure the worst parts of this particular product's flaws would have escaped cursory code review by someone who is actually a security expert. And if that's true, then selling this product as it was before patching, might be fraud.
Those people who are responsible just received a significant education.
I don't think throwing coders or designers into a pit when they make big errors does anything helpful. Most likely, Trend has a cultural problem. Big errors like this can be an aide that spurs corrections.
The problem is that endpoint OSes are horribly insecure. It's hard to well nigh impossible to build a third party "endpoint security solution" for that, since this amounts to creating an aftermarket patch to plug a leaky dike.
When you cut 99% of the crap out of an OS, it becomes a lot easier to package/distribute.
Most of the work on NodeOS has to do with replacing POSIX with Javascript equivalents.
Immutable operating systems aren't a new idea either. How you think a Linux LiveCD works? ChromeOS is basically an immutable OS with an added persistence layer.
There's a lot more work to be done before any of the Unikernel implementations (ie NodeOS isn't the only one) are ready for production.
With that said, for webservers that aren't required to persist any state locally, it makes sense to remove mutability -- and there fore OS-level security vulnerabilities -- as a concern. That way, devs have more time/resources to focus on app-level security.
Fine for single-purpose app deployments, but on a grander scale you've just pushed all the security problems back to the APIs and interfaces of your cloud provider and/or virtualization engine. Now an AWS access token constitutes a root password for everything (for example).
Access tokens are a 'manageable' risk and AWS provides tools to enforce best practices where necessary.
Locating and regularly patching security vulnerabilities across thousands of components in a fully-featured monolithic operating system isn't. It's a potential disaster waiting to happen.
You don't need...
...a huge bundle of drivers when the OS will always run on a VM.
...extensive filesystem support when everything will be either transient or run directly from memory.
...multiple users when only one is required.
...OS-level sandboxing (ie kernel/user-space) when the VM already provides sandboxing.
...native POSIX tools when 'safe' alternatives can be run from the VM.
Despite the best intentions of developers and admins alike, the current approach to security is not working. Despite my own vigilance, I have personally had my sensitive information leaked by two separate multi-billion dollar organizations in the past year.
It's a simple fact that every feature added, increases the attack surface of the entire system. All I'm suggesting, is that it's not a bad idea to start looking to the alternatives that are becoming available.
Bingo. the PCs of old were more secure in that they did only one thing at once. These days even the most barebones install have all manner of things running in the background, and any normal user setup is likely to add a dozen more.
Still, there isn't much faith I put in any endpoint security solutions. They are all terrible.
Bromium seems to be bucking the trend of traditional endpoint security but they have one of the worst sales / business dev programs I have ever seen. They should be much more ubiquitous than they are.