Much computer security thinking has been based upon the implicit assumption that all of the software within the computer was written by people whose interests were aligned with the owners and operators of the machine. After all this is merely an extension of the obvious idea that you buy a machine and equip it with software designed to solve the problems for which you bought the machine. It hardly needs saying. A few rare institutions had compartmentalization requiring special means but this was handled by careful code review.

Early computer security ideas arose when it became possible for remote users with uncertain interests to access the computer. There was no shell and the application talked directly with the untrusted user. The art of security was then seen as verifying the identity of the remote users and modifying the software to keep track of who could see what and make what changes. Otherwise it was still one big happy family in the computer.

Shortly there-after timesharing began. The first goal was to multiplex an expensive machine to give programmers the effect of a slow machine of their own. Complete separation suited this end well. It was easy to provide for compilers and other tools to be shared among the programmers. Simple but effective hardware design made it possible for operating systems to isolate even the machine language programs of mortal or hostile programmers.

Not too many years passed before the personal computer arrived and the ordinary users of timesharing found a less expensive model. Operating systems on such computers were merely a few I/O subroutines; they provided no protection. Memory prices dropped and CPUs got faster until soon the personal computers were bigger and faster than those that had been timeshared. Operating systems for PC's reverted to the earlier designs that provided no protection.

It has now become apparent to a significant portion of the world that programs have bugs that cause other programs to crash. There is no accountability.

All thru this evolution something else was happening: machine owners were beginning to buy software from others instead of writing it themselves. This raises the possibility of conflict of interest.

There are two problems with this stance:

Perhaps the first and best known failure of this model was viruses and Trojan horses. These were programs that
Came to your machine unbidden to reproduce there and wreak havoc.
Trojan Horse
Came to your machine as invited but violated your confidence.