|
|
|
|
|
|
by user234683
2190 days ago
|
|
|
More broadly, even in systems such as Windows, arbitrary programs have way too much access to the system, especially the filesystem. A lot of effort is put into patching exploits that allow for a program to gain root, yet this is largely irrelevant for desktop users [1]. If malware takes over system files, the operating system can just be reinstalled. The relevant threat is malware encrypting or stealing personal files (which every program can access), such as pictures, documents, browsing history, etc. Currently, all it takes is a single sketchy freeware utility without admin access to destroy/steal all of your personal data. I would envision a whitelist system where programs by default can only access files in their own directories, but the file explorer would mediate access to files opened in the program. So if a file is double clicked in explorer, the corresponding program gains access to that file. Likewise, the "Open" feature in the program would have to call the explorer API for the file selection dialog, which would also give it permission. There are certainly lots of edge-cases that would have to be ironed-out. Another nobrainer is to put permission for network access on a whitelist, in addition to other permissions. It could work similarly to the permissions found on mobile, but it should be possible to install the program anyway without granting it permissions, so that developers don't simply ask for everything as is standard on mobile. Of course, this system would introduce UX headaches for non-technical people which would need to be worked on, but it should at least be an option for security-conscious people. [1] https://xkcd.com/1200/ |
|
|