That anyone sells personal computers that can be infected by viruses is unconscionable. I would not buy a car if any stranger who wished could drive it away; or a house if any stranger could come in and live with me. Why should I be forced to buy a computer that any stranger can hijack?
To make a computer virus-proof, one need only enforce a simple principle: The computer must execute only programs that that the owner knows about and approves.
Enforcing this principle is not difficult. Computers need to have three characteristics.
First, the operating system must be installed on a write-restricted disk. Dangerous viruses hide by modifying the operating system. If a physical switch must be closed before anything can be written to the disk where the operating system resides, then no virus can surreptitiously modify it. Some people already run Linux from a CD or DVD. This works, but is slow. It is more efficient to use a high-speed magnetic disk that has been write-disabled. When the operating system needs to be upgraded, then the owner can be instructed to throw the switch to temporarily enable writing to the disk. As long as they are careful to enable writing only when making authorized changes, the operating system will be inviolate.
Second, the inviolate operating system must monitor applications to ensure that they have not been modified. To do this, it must have access to an authoritative information about each application, possibly from a remote server or from a second write-restricted disk. Before executing an application, the operating system will validate the program’s memory image by ensuring it is the right length, has the right checksum, and satisfies other requirements. If it is found to have been modified, then the operating system can re-install a clean version of the application before executing it.
Third, no application should allow data to be executed. Macros or interpreted code can be made safe because they only trigger the execution of known functions. But to allow the execution of arbitrary binary code as machine language is to give whoever created the data unrestricted access to the computer.
If it is easy to protect computers from viruses, then why is it not already standard practice?
Offhand, I can think of two reasons.
First, the companies that develop operating systems want access to your computer. Knowing that their code will never be free of bugs, they want to be able to reach into your computer and patch their programs at will.
Second, they believe, often correctly, that many, if not most, computer owners do not know or want to know everything that is running on their machines. In the pursuit of “ease-of-use”, they want to be able to “do things for the user” without bothering to inform the user what they are doing.
In fact, people mostly want to do simple things with their computers: surf the web, send and receive email, create documents, play games. It is atrocious that people cannot do these things without putting their computers at risk and, by extension, all the information that they store on them.
We do not have to harden all computers against viruses, only the majority of them. This will greatly reduce the incentive to write viruses. As well, it will reduce spam because spammers will not be able to use networks of zombie computers to send unwanted emails. For the same reason, it will make it far more difficult to mount denial-of-service attacks.
These benefits not only protect us as individuals, they increase our national security. If Microsoft and Apple are unwilling to design virus-resistance computers, then the NSA and Department of Defense should do it for them.