It's time for enterprise IT to rethink the operating system concept from the ground up. By making a few changes to corporate browsers, security could be greatly enhanced.
Case in point: The Flame virus was going around enterprises for two years, copying documents, recording keystrokes, sniffing out passwords, before it was detected. Flame was an extreme case, but it demonstrated how there's a built-in delay for every virus, a certain amount of time after it's released and before the anti-virus companies discover it and create an antidote. The security companies are always playing catch up.
Some folks are thinking about creating new ways of fighting viruses by targeting user behaviors or building on the model of biological immune systems. But speaking as someone who hasn't been able to shake her cough for weeks, natural immune systems aren't all they're cracked up to be. And behavior-based heuristic security systems are only good until the viruses change their behaviors.
The place to look for better organizational security in new ways. Here are some suggestions:
Get rid of the file system. Today, most operating systems in use are based on the traditional hierarchical file system -- the directories and sub-directories, folders and sub-folders we all know and love. Windows is an interface layer placed on top of DOS, with Metro being another layer added on top of it in Windows 8. The latest Mac OS is built on top of Unix. The Android and Chrome operating systems are built on top of Linux.
As applications transition to the Web, the file system is not a meaningful concept. That doesn't mean that there's no work left for the operating system to do. It still has to interface with printers and other peripherals, handle user input, and connect to the Internet. But by eliminating or severely restricting local file storage, opportunities for viruses will be minimized or even eliminated altogether.
Put apps in their own containers. This is something the iPhone's iOS already does. Each app is logically isolated from other applications on the device. The files the app needs are stored right there next to the app itself, not scattered around the device. If a rogue app gets onto the phone, the damage it can do is severely limited.
This does require some sacrifices, however. If an application is changed or updated, the content associated with it must be added or downloaded all over again. The problem starts to go away when you move document storage to the cloud, however, and download applications to your local device only when you need them.
For example, many companies are already using centralized servers for both corporate applications and employees' files. Others use cloud-based services like Dropbox and Box.net. The files are only loaded and worked on locally when an employee checks them out for viewing or editing.
White-list apps. How many employees really need to be able to download applications from unfamiliar Websites? For the vast majority of enterprise and consumer users, the ability to download software from the Internet is just not that necessary.
Apple, Microsoft, and Google already have curated app stores where the software is checked to make sure there's nothing malicious there. Most users are perfectly happy with the selection of apps, especially in the larger stores and especially for work.
Obviously, developers, as well as hobbyists and computer enthusiasts who prefer a more hands-on experience, will still need fully-featured computers. But moving the vast majority of users to a secure, stripped-down operating system would mean fewer infected computers. That means fewer botnets, which, in turn, leads to less spam and malware and distributed denial of service attacks. And that's good for everybody.
— Maria Korolov is president of Trombly International, an editorial services company that provides coverage of emerging technologies and markets. She has been a journalist for more than 20 years.