CIO of a STOXX company said: "von Neumann is to blame for everything". This surely means that the architecture used on almost all computers worldwide originates from Mr von Neumann and makes no distinction between files with user data and files with executable programmes. They are all in the same file system and the operating system will know what to do with them. In addition, there is an impassioned speech by Mr Bruce Schneier, a veteran of global cyber security, at the Munich Cyber Security Conference, mcsc, in which he formulates that the added value of internet downloads, mail attachments, USB and other mobile data carriers must be preserved and that IT must offer solutions on how to use them "securely".
A solution for the secure use of applications must therefore look into precisely these data streams in order to recognise all executable objects, then subject them to "qualification and authentication" in order to put them to appropriate use or even prohibit them for standard use. Already in this process, hurdles arise, such as encrypted files, which cannot immediately be seen to contain executable code. Most of the time, you need the user with his knowledge of the keys to do this.
But analysing these data streams is not enough. Standard applications come into the company in a different way. In the best case, there is a test procedure in a physically separated environment in which the new applications are tested for their functionality and, of course, their security. Not every application has to have its own security functions, but the existing infrastructure of security applications, such as anti-virus solutions, must be used reliably and not bypassed - not all applications do this. The lecture presents the fields of action that are necessary to use all applications securely.
