Security is hard. An important truth of security is that no matter how good you are, you can't protect against every threat. That's why a lot of security solutions are playing catch-up, and why some traditional solutions are always behind the curve.
Take traditional anti-virus, which looks for snippets of programs that are known to be malicious, as an example: This technique is always behind the curve. Even at its best, it can't help but be. It can only look for code that it already knows exists; a brand-new threat that was just released won’t be on its list of things to block.
That's why one of the newer strategies is called “compartmenting.” Think of it like protecting a ship against leaks. Divide the ship into compartments and a leak in one limits the leak to that compartment. Unless there are leaks in a critical number of compartments, the ship will still sail (and everything outside the leaking compartment will stay dry). Just one leak won’t sink the ship. This idea is also called “sandboxing.” Same idea, different metaphor.
This approach is working well – so well that the nature of malware is changing from what we call viruses to what we call trojan horses: apps that we shouldn't have installed in the first place. Most notorious of these are flashlight apps that sent off your personal information to who knows where.
Thus, the defenses have also shifted. On Blackphone, we allow for fine-grained control of app permissions. Thus, rather than accepting an app warts and all, you can give it a makeover: use your social media apps without giving them access to your microphone, or listen to music on your favorite media app without giving it access to your contacts or your camera.
Another approach has been to vet apps. Apple and Google review apps submitted to their App and Play Stores, respectively. Microsoft is also following this trend for Windows. On Blackphone, we go a step further: we have our own Silent Store, for apps that have been reviewed by Silent Circle specifically for security and privacy practices, even beyond what beyond what Google does in its Play Store.
Lastly, there is the strategy of fast updates. If flaws in an OS or an app are fixed quickly, the overall damage is minimized. Security researchers are helping this when they work with those of us who make apps and devices to fix the problems even before news of a vulnerability becomes public.
The combined effect of all of these is hugely positive. None of the measures is flawless, of course. The combination, however, gives defense in depth and a more secure ecosystem. When apps are reviewed, then subject to user control, put in compartments, and fixed quickly, it's better for all of us who rely on our phones and computers.
There is still much to do. It's still unusual for Android devices makers to support their hardware and OS with quick updates and for a long period of time; it's an advantage for Blackphone users, but something that should be available to everyone. More sources of software should be vetting the apps they provide, and that vetting can always be better.
Most of all, though, there will be more adaptation we will have to go through. Our opponents operate like businesses. Malware creators are organized like any other software development shop: They have research, innovation, development, QA, and marketing like an honest business; they're just not in an honest business. They're not going to stop thinking of new things and trying them out. Some of them will work, and when they come out with new attacks, our side will have to come up with new defenses.
The biggest thing we have learned in defense is a new way of thinking. The old way of thinking was to defend a computer or network as if it were a castle. Now, we've learned to be quick and nimble. Strong defenses are still important and getting measurably stronger as well as more effective. But we now augment and reinforce them with a lifecycle that includes reviews, better user control, and updates. Our evolution of the notion of how to create better security and privacy will continue as the attackers inevitably change. They're not going away, and we won't either.
- Jon Callas, Chief Technical Officer
See more of the ongoing discussion about the value of privacy on The Guardian.