Thanks for this feedback, you make some great points which I really appreciate you taking the time to make. And your experience of being malware free is mostly my experience as well.
It sounds like with reasonably good content blocking a person can avoid all attacks, and it looks like using local VMs/containers mean then the attack needs an exceptional exploit chain to escape all the way, and it's hard to imagine any target being caught in a drive-by.
I agree. Also, internet-based attacks are a real problem for many businesses and organizations. For example, in 2016 Singapore government mandated that RBI had to be used because of ongoing attacks.[0]
How can it both be true that most people avoid any attacks whatsoever (and therefore that most simple measures are sufficient) while at the same time, malware is a real industry inflicting real damage on organizations?
I think of malware as an "industry" and as a collection "criminal enterprises" and from that viewpoint the malware industry has certain goals and markets it seeks to penetrate. If you don't find yourself in one of those target groups, that's a good thing. If you do, then you probably are already exploring RBI or CBII to some extent.
So your logic is correct and it looks like you are simply not in the target group.
At the same time, I think categorizing the only victim of web-based malware that can benefit from RBI/CBII as "extremely high value targets" is misleading. Perhaps the finance department in a Fortune 500 company is an "EHVT", but there's a lot of web-based attacks that succeed at targeting businesses and organization units of many different sorts, and the costs inflicted are significant and important, not just to "EHVTs".
Your concern about trust and the cloud is valid, and perceptive, as is the solution you propose (self-hosting). Self-hosting is indeed the right choice for many. That's one reason I think OSS has a role to play in RBI/CBII.
It sounds like with reasonably good content blocking a person can avoid all attacks, and it looks like using local VMs/containers mean then the attack needs an exceptional exploit chain to escape all the way, and it's hard to imagine any target being caught in a drive-by.
I agree. Also, internet-based attacks are a real problem for many businesses and organizations. For example, in 2016 Singapore government mandated that RBI had to be used because of ongoing attacks.[0]
How can it both be true that most people avoid any attacks whatsoever (and therefore that most simple measures are sufficient) while at the same time, malware is a real industry inflicting real damage on organizations?
I think of malware as an "industry" and as a collection "criminal enterprises" and from that viewpoint the malware industry has certain goals and markets it seeks to penetrate. If you don't find yourself in one of those target groups, that's a good thing. If you do, then you probably are already exploring RBI or CBII to some extent.
So your logic is correct and it looks like you are simply not in the target group.
At the same time, I think categorizing the only victim of web-based malware that can benefit from RBI/CBII as "extremely high value targets" is misleading. Perhaps the finance department in a Fortune 500 company is an "EHVT", but there's a lot of web-based attacks that succeed at targeting businesses and organization units of many different sorts, and the costs inflicted are significant and important, not just to "EHVTs".
Your concern about trust and the cloud is valid, and perceptive, as is the solution you propose (self-hosting). Self-hosting is indeed the right choice for many. That's one reason I think OSS has a role to play in RBI/CBII.
[0]: https://secureview.cloudbrowser.xyz/uploads/file1uod.8tyb6vb...