Let me tell you a Christmas story. Or, rather a Christma story, because this
is from the days when computer file names were limited to eight characters. It's December 1987. Ronald Reagan was US President; Margaret Thatcher
was British Prime Minister. And home computers were sort of a thing, just, although for the few people that had them
they weren't really connected up to any other machines. We were still two years away from the World
Wide Web even being invented. And in a small university in Germany, a student was writing one of the first major
computer worms. It was called "CHRISTMA". Simple program, it only ran on one type of
old, text- well, now-old, text-based computer. Back then, it was state of the art. It just displayed a little text art of a Christmas
tree. But while the user was looking at that, it ran through the 1987 equivalent of their
computer's address book and emailed itself to everyone in it. "Let this exec run," it said -- exec being
executable file, a program you start -- "and enjoy yourself". Well, by modern standards of ransomware and
identity theft, that is a pretty innocent virus, although it replicated so well and convinced
so many people to open it that it took down one of IBM's networks for
a couple of days -- and that was back when IBM was still a
force to be reckoned with. Actually, it took it down twice, it resurfaced three years later when, presumably, someone forgot what it was while they were
rooting through their files and opened -- "ah, there's that lovely little Christmas
card again". Which brings us to a question. That kind of attack is still sort of possible
now, on modern hardware. Not the same program, but that's how a lot
of malware still spreads: you convince the user to download something
and run it, and it gets access to everything on the user's
PC -- internet access, webcam, personal documents,
everything. Email isn't not a good vector for spreading
stuff like that any more, but web sites offering pirated stuff do the
job just as well. And yes, there are other routes, there are zero-day attacks on Flash -- actually, a lot of zero-day attacks on Flash, actually, it's pretty much all zero-day attacks on Flash
right now. Zero-day meaning there is no warning given, zero days from the exploit going out and infecting
people, and Adobe trying to patch Flash, again -- anyway, there are other routes. But ultimately, if you tell a user, hey, free music, free pirated software, free Christmas wallpaper for your PC, whatever
you want, you get them to download something and run
it -- and it is game over. And there are some mitigations these days. Windows has User Account Control and built-in
antivirus, and Mac and Linux have administrator accounts
and permission management, but if the malware is trying to do something
to the important parts of the system, it'll get stopped, as long as the user doesn't
just click the OK box or type in their password, and let's be honest, that happens more often than it should. But even without getting that permission, even if the virus that you've downloaded is
just able to use your user account and your files: it can still do a lot of damage, it can still encrypt all the files in your
personal directory, all your photos and your business invoices, and lock them away until you send Bitcoin
to some anonymous person far away. To the computer that's naively running a program, there is no difference between a virus doing
damage, and the user deliberately running something
to take those same actions. You can't create a filter for malicious behaviour
like that without having a near-perfect model of what
the user's thinking and what they might actually want to do. There are times when, genuinely, you want to delete everything on your computer. There is another option, though. And we use it all the time. On an iPhone, for example, each app has its
own separate area for storing documents. There's not one central space that all apps
can access at the same time. Imagine if desktop computers were built that
way: all the reports or homework that you've written
in Microsoft Word are only accessible under Microsoft Word,
locked down. And if you want to email a report to someone, or convert it to a different program, you don't go -- if you want to attach the
file to an email program, you don't go to the email program, click "Attach" and run through your central
Documents store -- you open Word, and you tell it to push that one file to the
email program. All your music would be accessible only in
the player you downloaded it in, until you pushed it to somewhere else. And right now, all the techie people watching
this, all of you, you're out there and you're going, "oh that'd be terrible, that's an awful thing, it'd mean we wouldn't be free to use our computers
the way we want, how am I supposed to chain these three different
programs together to do this obscure thing that I need to do?" And I get that. I really do. I enthusiastically endorse that kind of bodging. And for anyone who's delving deep into their
system, who knows their way around, that kind of advanced mode is necessary. But why didn't we build those systems, the ones for non-techies, differently? Because we never had the chance. The desktop computers that we have today are
descendants of those old systems from 1987. There wasn't the storage space or processing
time back then to try and give every application its own little silo and manage it separately
-- besides, in a lot of cases the programs were just writing
ones and zeros. Computers were for academic use, for professionals, so it was Proper Expensive Equipment that
had to be treated with care. But for today's regular user, for the people
who get hit by ransomware and who do lose all their family photos: I'm
not sure that system works. Do regular computer users really need to see
the "C drive" or "Macintosh HD"? Should they need to worry about folders and
files and backups? We've got that design because of backwards
compatibility, because for desktop computers we've never
been able to have a clean break. Even Apple, who said that their users move
with the times, they give a couple of years of grace to stay
updated -- and, hell, Windows will still happily most programs from
literally twenty years ago. There's never been the option to start fresh. If they ever stopped using that metaphor of
folders and files all in one central location -- and it's been promised, from time to time
-- all those old programs will stop working. But for all-new devices that we've only had
for the last few years? For tablets, and phones, and Chromebooks, with their locked-down operating systems?
Behind the scenes, sure, they still use that folders and files system, but it's not visible to the end user. As those devices become more and more popular, and the PC's market share starts to decline,
at least for home use: perhaps we will finally be able to leave that
old system behind, and computer security will get a little bit
better. Except. One of the reasons that Britain has such a
strong tech industry now is the home computer boom of the 1980s, when the BBC Micro and the ZX Spectrum made
a generation who could code. We're seeing governments push and push to
make sure that kids are computer literate, that they know that they can write the future
as well as read it. And as much as locking down computers and
systems might makes the world more secure: you can't write iPhone apps on an iPhone. And someone has to write the iPhone apps. So whether you're hoping for a new laptop
with its files and folders, or a new phone with its separate data silos, or maybe something a little less technological
under your tree: merry Christmas to you. And whether it's digital or physical, whether you're writing code, or painting art, or just building a snowman: here's to whatever you're making next, and I'll see you in 2016. [Translating these subtitles? Add your name here!]
There already exist linux sandbox solutions which exposes installed software only to its dedicated data.
An interesting take, and something that could work, but there would need to be pressure in place to prevent companies from locking stuff down and not providing 'Advanced Mode'.
There also needs to be something big to change for something like this to work, I doubt very many people will buy a device nowadays with a noname OS, meaning it would need a big marketing push from one of the major players.
While message is well intended, the premise is false. He is asserting that we should trust people that design software would never do anything malicious.