Come at me, Bromium
Another startup working on the same problem is Bromium, which has raised $75 million since it was founded in 2010. Its approach is completely different - it uses hundreds of miniature virtual machines that capture every web page, email and instant message that arrive and isolate them from each other. If something that looks infectious arrives, it's kept quarantined until an administrator can review it and dispose of it.
It works on Intel-based hardware, Windows 7 64-bit and 32-bit, Android, and Apple's OS X, protecting against web, email, USB, and instant messaging attacks. It doesn't yet operate on iOS devices, due to Apple's fondness for total control over its software. It can be baked deep into a device's hardware, and operates invisibly to the user.
Security researcher Simon Wardley wrote in May 2013 that he was a big fan of Bromium's approach. "I used to work in the security industry and I can happily say that a chunk of it is based upon snake oil and fear. The general principle of creating a secure but functionally useful system is based upon solving an impossible problem and with good commercial reasons," he said.
"What Bromium has neatly done is not try to solve the impossible (preventing you from being attacked) but instead limited any damage to as small and as temporary a space as possible. The fear is gone. Just because one email has been compromised, doesn't impact all the other emails or the other applications and environments on my machine. It's all isolated and to get rid of the problem I just close that email."
Sandboxing the future
"What Bromium has neatly done is not try to solve the impossible but limited any damage to as small a space as possible."
So while it's likely that we'll never be able to rid the world of malware and computer viruses, it may not matter. By putting everything we do on our computers into a little box that can't interact with anything important, we can make viruses essentially pointless by preventing them from doing any damage.
On the other hand, this approach means every web page, email and instant message you receive can be viewed and analysed by your network administrator - a deep packet inspection nightmare for anyone who cares about their privacy.
On that, perhaps Benjamin Franklin said it best. "They who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety."