A system is only as secure as the end user, as any grey-haired sysadmin will happily tell you. As a result, all the alphanumeric passwords in the world can’t protect a system if a user is tricked into running malware, something against which there’s very little defense—or so people think.
Tom Scott has an interesting look at the history of basic phishing attacks, and how the common desktop hierarchical folder system enables their success. His logic is pretty good: users are always going to accidentally open viruses, which under the centralized file system used by desktop OSes, can run rampant. Not exactly news, and the fix normally involves scary and ineffective posters by the water cooler.
Scott’s counterproposal is a little different: draw inspiration from mobile OSes, where sandboxed apps have their own storage space, and precious little ability to infect the rest of a device. Keep using hierarchical systems for trained users, but appify everyone else, and security could be much better, he posits.
It’s not a perfect fix—Android malware is alive and well, often in the form of entirely fake apps—but it’s a neat thought about an often-forgotten part of our computing history.
[YouTube]
