I’m including this in general because it fits in several different categories all to do with computers. I’d actually go so far as to say that this happens outside of technology. But regardless of where it is, it is almost always utterly ridiculous and completely stupid. The idea goes that something will die out. Yet these statements are claimed over and over again, ad infinitum, despite the fact they are all illogical. Maybe it is because these would-be fortune tellers want there prophecy to come true but that doesn’t make it any more realistic.
This will not be in any specific order but for each I will give my thoughts on said prediction and why it is ridiculous, stupid and illogical. Some predictions I am especially bemused by and it is is quite obvious from what I wrote below.
Eradication of Spam
The first one is from 2004 when Bill Gates predicted that spam will be wiped out in two years time. I remember reading this at the time but I saw it recently by chance. It would be nice but as I’ve written about before, as long as there exists one person that responds to the spam in some way, it is worth it to the spammers. But let’s be honest: more than one person does exactly this just like more pay up for ransomware attacks. The reality is spam isn’t going anywhere. Tactics will change to account for ways to try to help mitigate spam but spam itself is still strong. The mitigation methods aren’t exactly that successful, either. Spam filtering is the best of the lot in the matter and it is impossible to get right 100% of the time (and this is with text mails; then consider the tricks of the entire message being in an image or images). HTML in email makes this even worse (and it is unfortunately something that is rather commonplace) in what it allows (hyperlinks themselves is one thing but embedded HTML is another entirely). No Bill, spam isn’t going anywhere, I’m sorry to say. The prediction that it would go away is like predicting littering will cease to occur (and sadly this will never happen because as I’ve recently pointed out, humans have a serious disregard for the planet). It just won’t happen.
Computer Mice Will Die
I seem to recall this, anyway, and all I can think of is that these predictors believed that with pens (whatever those input devices are called) there would be no need for the mouse. But that’s not how it works. Not everyone will want the alternative input methods and not every input method is appropriate for all types of input, funnily enough. The mouse will never be abandoned and that’s all there is to it. The sole exception is if manufacturers work together to ensure that mice can’t function and no mice will be replaced. But yet nowadays mice are often USB enabled and so good luck with getting rid of that capability.
Keyboards Will Become Obsolete
I really, really, really, and I do mean really, get laughs out of this one. It is so utterly stupid and ridiculous it is hard to believe anyone would make this claim. But it has been claimed many times over the years, and each time it is equally as stupid. Let’s see why that might be, shall we?
Typists can somehow type faster than they can speak. This is rather obvious to anyone who has spent much time around computers, but it apparently isn’t enough. If I were to speak at the rate I type, I would be considered manic and frankly it would be extremely difficult to follow my thoughts (the reality is my thoughts are already hard to follow, especially if spoken but through typing I can look back at it and fix any mistakes at another time – you can’t not say something you already said, can you? Granted you can’t change archives but you can at least fix any unfair thoughts and you can improve upon what you wrote before – this is sometimes called ‘editing’). This is despite the fact that my typing has gone bad in recent years. The reality is my fingers are a lot faster, accurate and more efficient than speaking. But then you have people that enter data in to databases. The syntax might not be easily spoken. Then there is the example where thoughts flow naturally in a persons’ head but not if spoken. This might occur when writing a book, for example, or perhaps the thoughts aren’t completely there (enough to speak) but are still there in some form (enough to put down in order to develop later). Oh, and yes, I’ve left two things out. First, to get rid of keyboards one would have to speak and yet software isn’t perfect (and never will be) and so it won’t get things right all the time (and without keyboards what do you do to fix these mistakes? In fact, how will you write the software to interpret the spoken words to translate into text?! That itself should say enough). While this might not be for many people, my mother works at her computer and watches TV at the same time. She’s also watched TV, crocheted and read a book all at once. No, that isn’t a fabrication, and yes she was able to follow everything and what she was crocheting had no problems, either. The TV is important: people on TV tend to be so rude as to talk (sometimes more than one person at the same time). Obviously that is sarcasm. Forget the fact that it would be hard to speak the letter you’re typing in while watching TV, how would the software discern what is being said by what person (or thing)? No, voice recognition won’t solve the problem with 100% satisfaction. My doctor recently showed me his dictaphone (that could input to a computer) and unsurprisingly it was very easy to make the input turn to gibberish. After I demonstrated this he even said that he has to tell patients this fact (he showed me after I laughed at his inability to find the keys on the keyboard, even though I was far enough away for my poor vision to discern things well, I knew what he was trying to type and I knew his fingers were in the wrong place – by a lot). Then there is the best part. Computer programming. Oh yes, no keyboards would be a killer to this important task. Many will say that some of it can be automated but I challenge them to look at more advanced C code until it sinks in a bit. No, no and no, keyboards aren’t ever going to be obsoleted. Anything to the contrary is ridiculous and stupid.
Passwords Will Be Obsoleted
This is another fun one. The theory goes that passwords are the weakest chain in the link (hint: they aren’t; what is the weakest link is those who create passwords, reuse, share with others, write them down and list goes on and on – i.e. humans are the weakest link, not passwords) and there have been so many problems with them over the years. Or another one I’ve read is that they are no longer sufficient. Well sorry to break it to these bogus fortune tellers but they were never sufficient by themselves! They were always a weak part of the security chain. But that doesn’t mean they don’t have uses. They do. And people suggesting emojis as the replacement are completely blind – literally and figuratively. Tell me, how is a blind person going to know the difference? Tell me also, what about those who can’t really distinguish one image from another (faces being the common example even if the name of the problem is at my fingertips but not quite available, it is a known phenomenon), or has an easier time remembering text over images? And what about password managers which allow for (when used properly in the right environment) far more secure, longer, complex passwords than some stupid combination of images (I might remind you of shoulder surfing). Any organisation that removes passwords outright is woefully naive and is risking security. This is just like how passwords are limited in what characters are allowed, or only allowing a length of 16, say, characters. It’s stupid. Funny story: once upon a time I was making an account on a nameless website like http://movietickets.com and, when forced to enter a password hint/question I input something like: ‘password questions/hints are insecure’. Then, when creating a password, I got an error. I tried it twice (removed one class then the next) before it occurred to me what the problem was: they were only allowing alphanumerical characters. I’m thrilled I had made the remark about password hints at this time but I was not at all impressed in such weak password policies (passwords are weak as it is and by removing non-alphanumerical characters you make it much weaker).
Biometrics Will Take Over
Yes, well all I can say is this: your DNA is your DNA and it has already been demonstrated that fingerprints (and maybe even images of) left on something can actually be used to compromise the supposedly safer system (‘protected’ by biometrics). Oh, and just to throw out another problem: some people (rarity is irrelevant) have more than one DNA. No, this is not a lie. It’s called genetic chimeras, named after the mythological creature. Only a fool would assume it will never be a problem.
Anti-Virus Software and Firewalls Will Be Obsoleted
I saw this just today. The scary thing is that the person writing this at Tripwire is actually suggesting the possibilities based on incorrect perceptions of what security is (it is always a multi-layered thing):
If the decline in antivirus use happens, it will largely be from greater use of whitelisting, or application control, on computers and mobile devices. While whitelisting is a capability many computers have had for years, only recently has it become a default setting. Whitelisting basically works by preventing programs with certain identified harmful signatures from running on a piece of equipment.
No, the reason anti-virus isn’t used is because people seem to believe that it isn’t needed – a theory you are conveniently improving the chances of survival. Whitelisting isn’t used by default you say? That might be for Windows and MacOS but the reality is those aren’t the only operating systems around, and just because something is the default doesn’t mean it stays that way. Not addressing the issue is being irresponsible (even if through ignorance) and to use irresponsibility as evidence is idiotic. But here’s the most ironic thing: what you’re describing with whitelisting with respect to computer programs is exactly what anti-virus software does! What do you think the virus signature databases are? I’ll go further, though: you’re not talking about whitelists; you’re talking about blacklists and those defy the wisdom of: that that which is not explicitly permitted is forbidden. No, a whitelist would be deny everything by default and only allow what is explicitly allowed (hence whitelist, not blacklist). (As an afterthought, maybe you’re trying to say that whitelisting only allows software which isn’t known to be malicious, but that then is a poor choice of wording – something I have admittedly been guilty of). But this concept is irrelevant to anti-virus software as a whole because anti-virus software also has heuristics (for example) which protects against unknown malware by examining what the potential malware does (and how it does it). This is why software that generates keys to some product is sometimes flagged as malicious when it only is using techniques that viruses also use (of which there are many). Yes, that means it is a false positive but it could have been malicious software that wasn’t a known virus. You see, this is why it is a multiple-layered concept.
Companies like Apple and Microsoft haven’t used whitelisting as a default setting to give users the freedom to run any program on their machines, but that attitude is quickly changing.
Yet here you’re describing whitelist correctly. I’ve not seen evidence to support whitelisting or blacklisting being the default under these operating systems, one way or another but I will say this: saying you can only use software that is flagged as valid will cause upset and potentially backfire in that people will find workarounds. You see, complete convenience and security are mutually exclusive (and the more convenience there is, the less security there is) and it is why you have to find the right balance (which can be really hard because humans will go to any lengths to make things even a little bit easier). When you don’t find the right balance the security becomes worse because of people being annoyed by the inconvenience of it all. Yes, people really like (if not require) convenience. This shouldn’t be surprising. Incidentally, I’m going to point out also that Apple’s Gatekeeper has been circumvented by malware and has been described completely broken by a researcher. Perhaps you see now why your supposed method isn’t a replacement for anti-virus? One hopes so.
Similar to antivirus programs, firewalls may soon become obsolete thanks to advances in other technologies.
Augment, not replace. No, firewalls are not becoming obsolete and any claim to the contrary is stupid and harmful. Yet you don’t really talk about the supposed replacements which makes your statements much worse. I return to your thoughts:
While firewalls still persist to this day, many aren’t even configured and feature far too permissive rules to be of much use. Firewalls are proving to be outpaced by the use of HTTPS network connections. In addition to that, many of the attacks firewalls are best designed to stop have ceased to be much of a problem. Plus, firewalls do a poor job preventing attacks from social engineering and unpatched software.
Yes, many are too permissive. That goes for things other than firewalls, too. I would like to think then that you understand whitelisting versus blacklisting but you demonstrated otherwise (or you have a very different idea of what black and white is). And indeed, a poorly configured firewall is in many respects worse for security. But for some really odd reason, a properly configured firewall is better for security! Now the obvious question: what the hell does HTTPS have to do with replacing firewalls?! That is such a scary statement it is something I don’t want to believe was stated (but was). You note that not all servers have web servers. You note also that they still have firewalls. You note that clients also use firewalls!! There are other protections in place, too, because once again it is a many layered thing! And no, the attacks have not ceased to be problems (but it seems you don’t understand what firewalls are designed for in the first place, as below) but even if they have, only a foolish, reckless administrator would say: “Well this attack is hardly ever seen in the wild nowadays so we’ll not even worry about it!” – that is completely stupid and counter-productive! Oh, and for the record: firewalls were never designed to prevent social engineering and vulnerable software! Those are different problems entirely. To think that you would use this as reasons they aren’t good is just crazy scary.
With fewer reasons to use firewalls, they will likely become obsolete sometime in the future.
There aren’t fewer reasons to use firewalls; any statement to the contrary would only make attacks easier (and this isn’t restricted to pentests!) – something I’m sure attackers would like a lot!
These security technologies have served some good uses in the past but holding onto outdated technology only increases the risks you’ll face in the future.
No, they are not outdated and not using them will increase the risks “you’ll face in the future”!
Hackers change up their tactics with incredible frequency, and companies need to be on top of that by adopting better security technology. There’s no reason to hold onto a ten year old server when converged infrastructure is a reality, and there’s no reason to think passwords are the best way to keep cyber attackers out when better measures are available.
I’m ignoring the first word of that paragraph. Yes, attackers change tactics. Obviously. Who would think otherwise? Is this any different from crime other than cyber crime? Of course not. But getting rid of these so-called obsoleted technologies is a disaster waiting to happen. Mark my words. Once again you fail to understand that security is a many-layered thing. Better security would be accomplished by remembering these things work together, are not obsolete, are still very relevant, and they are all part of a much bigger picture. The fact you also (presumably an honest mistake? I’m sure I’ve done similar) refer to passwords in this topic makes your points even more questionable (as if there isn’t enough legit reason to question them).
No, better technology is not available, and there isn’t a single (the keyword!) way to keep attackers out. There never has been and never will be. It’s as simple as that.
All businesses should consider carefully where they go with security in the years to come
No. Everyone should carefully consider security (and other disasters and disaster-recovery!) in general, not only in (or rather for) the future but right now. Living in the future (preparing for the future is different) is just as stupid as living in the past (and it also means you miss out on things happening now e.g. a live probe or attack).