| I feel a little conflicted about this. On the one hand, a lot of security software is poorly written, eats resources like it's Chrome, and introduces all kinds of microstutters through (exclusive) locks all over the place. On the other hand, many operating systems don't provide a (reliable) API to design decent security software against. Log collection is all over the place, even on Windows, which traditionally had Event Log as a well concentrated logging destination. There's no way to write good security software for an operating system that's written without security software in mind. If I were handling important secrets, I wouldn't want a fleet of machines out there with just the basic antivirus that came preinstalled with the OS (if it came with one at all). On the other hand, so many pieces of "enterprise" security management are absolutely terrible, and require one (or more) full-time employee(s) to constantly configure them, communicate with users, and solve problems, just to keep software in check. I think both operating systems and security management software need to listen to each other, and change. Operating systems need to be written with security stuff in mind, and security software needs to focus on a good user experience rather collecting than shiny buzzwords to sell to management. |
They won't because by the time the users get fed the "food" the contract is long since signed and valid for a few years, and the competition isn't better so even if management could be arsed to vote with their wallet, they couldn't.
Is there an actual term for "the entire industry is bullshit, but can get away with it because the cost to entry is so high that new, less bullshit competitors can't even enter the industry"?