|
|
|
|
|
|
by josephg
2018 days ago
|
|
|
I blame the way we design our computer systems. For some reason, every program a user runs on a desktop computer has full access to every file saved by every other program. And full network access, and a slew of other permissions. In seconds a single malicious program can make a right mess of things, or exfiltrate sensitive data. A ransomware attack hit a large aged care provider in Australia recently and encrypted the files listing which medication to administer. How? I’d guess that every program on every computer in their network has full write access to their network shares. We made these attacks easy to pull off with our insecure by default designs. It’s like we’ve given every Tom, Dick and Harry a F1 supercar then we blame them when they crash the thing. The mistake is ours for not making better security models. Desktop apps should be sandboxed by default, and isolated like we isolate phone apps. For all the justifiable fear people have about apple’s control over what software can run on their machines, I think the app sandboxing and signing security model they’re working towards is the right one for 95% of computer users. |
|
|
They don't understand the concept of files as separate from applications. They just don't. They understand the concept of sharing -- that seems to be intuitive enough -- but not of files as objects in themselves.
A system which works this way would, of course, be completely rage-inducing to myself.