It is becoming broadly recognized that conventional personal computers provide almost no security. Paul Gillin Calls for abandoning e-Mail attachments.

Bruce Schneier coins the term “malware” for programs that run on your computer and do something that you don’t want them to do, or wouldn’t want then to do if you understood what it was they were doing. Schneier observes that e-mail has accelerated the distribution of malware beyond the capacity of traditional defense mechanisms. Most of the attention paid to this phenomenon is directed to excluding these programs from your machine and finding those who write such software. Little attention has been directed towards the operating system on the computer that hosts the malware. We argue here that malware can be effectively thwarted by systems built upon capability principles.

There seems to be a pervasive idea that programs should do just what you want them to do and that the user who owns and operates the computer merely selects the programs that he wants to run and doesn’t select those that would do something bad. Mac OS and Windows are both designed around these ideas. Unix is just a little better. The Java applet model views a program fetched from some web site as suspect.

Standard Malware

Origin of the naïve view and how Unix proves that you can limit program actions.

Java’s insight

We will draw on the many isolated machines metaphor.

Charms of the virtual machine

Some postponed security features