This article is more than 1 year old
Hackers' Paradise: The rise of soft options and the demise of hard choices
How it all went wrong for computer security
I may have got it wrong, but I think I can see what happened and how this all came to pass. No one expected IBM to respond to the emerging microcomputer market. In fact no one, IBM included, thought it could. IBM was a massive monolith with the time constants of a drowsy brontosaurus. To its immense credit, IBM realised this and was able to re-invent itself and "disrupt" itself, before someone else did it for them. Had this not happened, IBM would not have survived.
An entirely different breed of health professional emerged to keep the Personal Computer protected from viruses
Essentially, IBM created a kind of skunkworks in which what would become the PC was put together at breakneck speed. A result of that was that the architecture of the microcomputer did not descend from mainframes, as it had in minicomputers, but grew out of microprocessors.
The microprocessors came from chip manufacturers, not computer companies, and many of the hardware and software techniques that had evolved in mainframes and minicomputers for reliability and security were either simply not understood, omitted for economy or not subject to scrutiny. We all know where the operating system came from.
Possibly, also on account of that breakneck speed, some things were not anticipated. The PC was assumed to be a stand-alone device, which, being microprocessor based, would only be able to run one application in a moderate amount of memory that could be directly addressed.
The pace of change should have given us a computing experience along the lines of Concorde...
Source: Creative Commons British Airways Concorde G-BOAC 03 by Eduard Marmet
A computer on a network is no longer standing alone and is prone to attack from an external source: the internet was not anticipated. Before the PC, everyone involved in computing had and needed specialist knowledge and was enthusiastic about the progress of the discipline.
Practically no one would have contemplated doing deliberate harm. Once the computer became a networked consumer product, it would be exposed to the whole gamut of human behaviour from altruistic to malicious. The change in the nature of the user was not anticipated.
So instead of a de-rated Concorde, what we got was an upgraded Wright Flyer.
There are so many processor types available that I couldn’t claim to be familiar with the insides of all of them. Readers may be able to shed some light. But it is axiomatic from the amount of memory that today’s machines have that there must be memory management of some kind.
I cannot see how an OS could handle multiple processes without having a kernel mode. It follows that there must be at least some hardware support for security measures outlined above. Perhaps it’s all there?
...but instead we're taken for a ride on the Wright Flyer
I think a large clue has to be that some operating systems, naming no names, seem to be more vulnerable to malware than others. If the restriction was in the hardware that wouldn’t be possible, so the sad conclusion has to be that the operating systems simply aren’t competent.
I suppose the only saving grace is if it turns out that because of the complexity, it is not possible to perform a meaningful test of whether a system is or is not hack proof. If that is true then perhaps we have to abandon the Von Neumann architecture for secure applications and instead have computers in which the OS runs in a completely separate processor.
In one sense I don’t care what the reason is. Whatever the reason, what we currently have is lamentable – scandalous even. If there is ever going to be an Internet of Everything, this isn’t how to go about it. No one in life-supporting disciplines such as aviation will touch PCs with several barge poles and for good reason. If we are to put our house in order and move away from the present squalor, that’s one place we could look.
Will computers of the future require a V62 from Swansea?
I think we also need to take on board that creating and sending viruses is every bit as antisocial and criminal as going around assaulting people and smashing up their property. It's a sorry state of affairs made possible by the present anonymity of computing.
We have licence plates on cars so that bad drivers can be identified. Perhaps one day it will become the law that no computer message can be sent whose sender cannot be identified. Perhaps not, but spare me the howls of protest and come up with a better idea. ®
John Watkinson is a member of the British Computer Society and a Chartered Information Systems Practitioner.