Getting Rid of the Past
Getting Rid of the PastA related change might, or at least should, be made with respect to updating applications. It's generally understood that outdated, vulnerable applications are the major avenue of attack against systems. If applications could plug their updates into a centralized service for updates, like Windows Update, it would be easier for users to keep their applications updated-and easier for the OS and applications to keep users informed. I suggested this a while back, and got the impression that Microsoft didn't want the liability and support burden from updating other companies' software. But there's surely a way to make this work because the advantages to everyone are too big to ignore. For years, enterprises have had the option of implementing a full-scale patch management system to do the same thing. The unified update system I proposed is mainly to the benefit of consumers and small businesses. There is no doubt that the major operating system vendors have learned the lessons of the recent past. Everything about an operating system needs to be viewed from a security standpoint, and this is the direction in which products are headed-if they aren't there already. We may be at a point at which, if you have the money and the will to do it, you can protect yourself against all but the most determined and resourceful attackers. Some day, we may even get to the point where typical users can protect themselves.
Finally, and perhaps most importantly, the OS of the future will disallow the applications and system software (such as device drivers) of the past. It has to. Those apps, especially ones that require high privilege, won't take advantage of the newer facilities to improve overall security in the system. It's well-understood now that key applications such as Acrobat are the main gateway into the system for malicious code. By forcing the Acrobat of the future to be more secure, the OS of the future will protect the entire system.